VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Gracemont (906a4-20); 2022 Intel Core i3-1215U, E cores; 4 x 1600MHz; alder2,1f626960,3300000, supercop-20241022

[Page version: 20241120 00:41:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
275502807028912
T:
jacfp127i
282512865029182
T:
kumjacfp127g
306003102231775
T:
prjfp127i
315403207232780
T:
hecfp127i
347833525135940
T:
curve2251
368403693337105
T:
gls254
380993815738250
T:
gls254prot
384583896339536
T:
jacfp128bk
391793980740796
T:
ecfp256e
425954363744614
T:
ecfp256h
443524478545297
T:
prjfp128bk
443544486745516
T:
hecfp128fkt
445484499345533
T:
hecfp128bk
444894514146181
T:
ecfp256s
444694517545904
T:
hecfp128i
481524821948305
T:
k277taa
474644826749220
T:
ecfp256q
528915303953216
T:
k298
679566880069799
T:
gls1271
720657213572268
T:
k277mon
114278114501114740
T:
kumfp127g
116858117782118615
T:
kummer
149541149747150093
T:
kumfp128g
155041155590171598
T:
curve25519
197834200205202263
T:
ecfp256i
245216246013247815
T:
ed448goldilocks
249290250217251559
T:
nistp256
342924346699350521
T:
sclaus1024
135308913663411372019
T:
ed521gs
149565015033141514464
T:
nist521gs
202581720324392044292
T:
claus
220330122180012232498
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
363183636136405
T:
gls254
380253808238136
T:
gls254prot
481464821448256
T:
k277taa
527845289752967
T:
k298
720097207772174
T:
k277mon
116085116602117037
T:
jacfp128bk
117598117972118439
T:
kummer
118085118276118506
T:
kumfp127g
119081119275119480
T:
kumjacfp127g
136750137510138150
T:
curve2251
141463141877142433
T:
prjfp128bk
145507145868146281
T:
hecfp128bk
149887150290150790
T:
hecfp128fkt
156893157102157492
T:
kumfp128g
166859168182183131
T:
curve25519
172885173414174473
T:
gls1271
176904177509178212
T:
jacfp127i
186539188332189753
T:
ecfp256e
194135195844196938
T:
ecfp256i
197872198637199838
T:
ecfp256q
221588222274222924
T:
prjfp127i
224741225901226507
T:
hecfp127i
235454236599238298
T:
ecfp256h
265740267218268677
T:
ecfp256s
322389322759323255
T:
hecfp128i
345274349800355622
T:
sclaus1024
848008851293853693
T:
nistp256
865730871250874709
T:
ed448goldilocks
136214013668461369879
T:
ed521gs
150023515022581512009
T:
nist521gs
203773420388922043769
T:
claus
223504322829702285604
T:
sclaus2048