VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Gracemont (906a4-20); 2022 Intel Core i3-1215U, E cores; 4 x 1600MHz; alder2,1f626960,3300000, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
269542757528431
T:
jacfp127i
275362821829210
T:
kumjacfp127g
306423114331984
T:
prjfp127i
312703181632789
T:
hecfp127i
344373456834821
T:
curve2251
368973703937247
T:
gls254
381143818338247
T:
gls254prot
376523831238922
T:
jacfp128bk
435364401144723
T:
hecfp128fkt
433124429145038
T:
prjfp128bk
434844432645012
T:
hecfp128bk
439344446345409
T:
hecfp128i
481554823248320
T:
k277taa
528505299553185
T:
k298
680266901469963
T:
gls1271
720467213672225
T:
k277mon
113836114313114623
T:
kumfp127g
117526117706117941
T:
kummer
149313149574149761
T:
kumfp128g
154782155064155371
T:
curve25519
242852244104246183
T:
nistp256
245688248457250564
T:
ed448goldilocks
341470345884349314
T:
sclaus1024
134964313640971366542
T:
ed521gs
149827715025881513494
T:
nist521gs
200021620092422016847
T:
claus
226529522867592304207
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
363023638136447
T:
gls254
380403808938153
T:
gls254prot
481174815148270
T:
k277taa
526445278053067
T:
k298
719437203572158
T:
k277mon
114686115444115850
T:
jacfp128bk
117510117674117867
T:
kummer
117321117849118121
T:
kumfp127g
119240119486119783
T:
kumjacfp127g
136233136661137613
T:
curve2251
140210140673141313
T:
prjfp128bk
144044144437144975
T:
hecfp128bk
149565149807150275
T:
hecfp128fkt
156037157289157477
T:
kumfp128g
166339166584166756
T:
curve25519
175231175639176142
T:
jacfp127i
170676176900178702
T:
gls1271
219347220016220695
T:
prjfp127i
224071225057225849
T:
hecfp127i
321871322359323073
T:
hecfp128i
354442355824358174
T:
sclaus1024
836220845884849061
T:
nistp256
855129864671868769
T:
ed448goldilocks
134045413439931351472
T:
ed521gs
149541414979841502828
T:
nist521gs
200079220192222021857
T:
claus
231782423441342353204
T:
sclaus2048