VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Broadwell+AES (406f1); 2016 Intel Xeon E5-2609 v4; 8 x 1700MHz; bolero, supercop-20240909

[Page version: 20241001 17:31:03]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
257122636027540
T:
jacfp127i
260002648028880
T:
kumjacfp127g
281802912031208
T:
hecfp127i
28228?30168?35296?
T:
prjfp127i
330043387234952
T:
jacfp128bk
374843787638008
T:
gls254
375563871240756
T:
prjfp128bk
380963893241152
T:
hecfp128i
392163925239336
T:
gls254prot
393243992840760
T:
hecfp128bk
393404042442920
T:
hecfp128fkt
408564139246192
T:
curve2251
490964916849532
T:
k277taa
561045620456408
T:
k298
666967062075820
T:
kummer
771527722078312
T:
k277mon
771167822879852
T:
gls1271
910769135691572
T:
kumfp127g
131096132544137320
T:
kumfp128g
148328152928165588
T:
curve25519
156808157572162900
T:
ed448goldilocks
188820192188205412
T:
sclaus1024
290352304640322180
T:
nistp256
536940550972560860
T:
surf2113
913660926492951964
T:
ed521gs
9574449756001008888
T:
sclaus2048
112657211403361167376
T:
claus
Cycles to compute a shared secret
25%50%75%system
360683616436296
T:
gls254
390723910839180
T:
gls254prot
489884906449172
T:
k277taa
559285605256256
T:
k298
666447232077552
T:
kummer
769887704880144
T:
k277mon
929009324096848
T:
kumfp127g
962329658098600
T:
jacfp128bk
9874499064101828
T:
kumjacfp127g
117664117904124540
T:
prjfp128bk
120584120756120940
T:
hecfp128bk
125232125456131736
T:
hecfp128fkt
135656136564141744
T:
kumfp128g
153636153884154244
T:
curve2251
155532155716165080
T:
jacfp127i
146964?158032?184216?
T:
curve25519
185244185832199024
T:
prjfp127i
187152187480195732
T:
hecfp127i
189036189620198564
T:
gls1271
189032192496204424
T:
sclaus1024
268088268496278140
T:
hecfp128i
471308476040489284
T:
ed448goldilocks
534756546260559180
T:
surf2113
906052921700934268
T:
ed521gs
9502969671481001072
T:
sclaus2048
101018410404761075812
T:
nistp256
112353211400281153892
T:
claus