VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Golden Cove (906a4-40); 2022 Intel Core i3-1215U, P cores; 2 x 1600MHz; alder2,1f626960,5600000, supercop-20241022

[Page version: 20241120 00:41:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
167081738118703
T:
kumjacfp127g
173161806419051
T:
jacfp127i
179041847420267
T:
prjfp127i
198802051921869
T:
hecfp127i
228442354324383
T:
jacfp128bk
265022740428436
T:
prjfp128bk
271512753628031
T:
ecfp256e
269702770328880
T:
hecfp128fkt
271422809029030
T:
hecfp128i
272332809228976
T:
hecfp128bk
278992818128858
T:
ecfp256h
296022981030080
T:
gls254
310563111531172
T:
gls254prot
311773155032311
T:
ecfp256s
325713291033446
T:
ecfp256q
335163367533843
T:
curve2251
383043834638398
T:
k277taa
422404231342420
T:
k298
500445062051164
T:
gls1271
523195237152440
T:
kummer
606066067960764
T:
k277mon
636356388464194
T:
kumfp127g
802368068081088
T:
kumfp128g
106624107214110330
T:
curve25519
131344132240133330
T:
ecfp256i
139651140060141012
T:
ed448goldilocks
177084177982179536
T:
nistp256
182115183789185622
T:
sclaus1024
597723603129611078
T:
ed521gs
772969777528780654
T:
nist521gs
922875923553924278
T:
claus
935145941837948556
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
290262907429132
T:
gls254
309073094531004
T:
gls254prot
381813822238269
T:
k277taa
420704211542181
T:
k298
522295228252339
T:
kummer
605316059860649
T:
k277mon
655636591666160
T:
kumfp127g
664226650466696
T:
kumjacfp127g
664586670866904
T:
jacfp128bk
757957593976114
T:
prjfp128bk
773417786078341
T:
hecfp128bk
802688041580586
T:
hecfp128fkt
851098559686052
T:
kumfp128g
101460101703101842
T:
jacfp127i
106200106843109631
T:
curve25519
117813118335119309
T:
ecfp256e
119390119838122078
T:
prjfp127i
120753120972121277
T:
hecfp127i
122064122891126211
T:
gls1271
124329124468124757
T:
ecfp256i
128717128978129389
T:
ecfp256q
133517133745134075
T:
curve2251
141112141685143000
T:
ecfp256h
168046168352169202
T:
hecfp128i
174720175199175841
T:
ecfp256s
190674191398193358
T:
sclaus1024
408584409179409875
T:
ed448goldilocks
436277437514439074
T:
nistp256
595066599094604905
T:
ed521gs
769600773943779545
T:
nist521gs
920903921782922845
T:
claus
951718960575964276
T:
sclaus2048