VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Golden Cove (906a4-40); 2022 Intel Core i3-1215U, P cores; 2 x 1600MHz; alder2,1f626960,5600000, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
168931770418656
T:
jacfp127i
178431848820012
T:
prjfp127i
181591882819831
T:
kumjacfp127g
197672062421909
T:
hecfp127i
229252358024269
T:
jacfp128bk
260192721828448
T:
prjfp128bk
267292756428716
T:
hecfp128bk
269782775928593
T:
hecfp128fkt
270772778228923
T:
hecfp128i
295882983430082
T:
gls254
310493111731185
T:
gls254prot
335733369533969
T:
curve2251
383093835138406
T:
k277taa
422354229742374
T:
k298
500295063851269
T:
gls1271
522135225452308
T:
kummer
605956066660744
T:
k277mon
635116375364081
T:
kumfp127g
802188054081202
T:
kumfp128g
106723107095107575
T:
curve25519
139474139753140170
T:
ed448goldilocks
177178178117179251
T:
nistp256
182565184151185986
T:
sclaus1024
597788603095610587
T:
ed521gs
769275775417779747
T:
nist521gs
922985923701924783
T:
claus
934967941598948482
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
290062904929099
T:
gls254
309183095731018
T:
gls254prot
381693821438275
T:
k277taa
420724214242186
T:
k298
521255217752267
T:
kummer
605176059160661
T:
k277mon
654356577465967
T:
kumfp127g
662046635166497
T:
jacfp128bk
669056701967211
T:
kumjacfp127g
759067614377595
T:
prjfp128bk
773407755577867
T:
hecfp128bk
803628071480954
T:
hecfp128fkt
853528563185920
T:
kumfp128g
100790101099101268
T:
jacfp127i
105958106972107410
T:
curve25519
119617119982120758
T:
prjfp127i
120338120825121431
T:
hecfp127i
122975123798124306
T:
gls1271
132304133314133586
T:
curve2251
167510167801168058
T:
hecfp128i
190388192260193906
T:
sclaus1024
408544409273410119
T:
ed448goldilocks
436254437978439992
T:
nistp256
596778601049606295
T:
ed521gs
766308770186774725
T:
nist521gs
920720921590922434
T:
claus
938667958216961826
T:
sclaus2048