Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Broadwell+AES (406f1); 2016 Intel Xeon E5-2609 v4; 8 x 1700MHz; bolero, supercop-20241011
[Page version: 20241021 10:27:55]
eBATS
(ECRYPT Benchmarking
of Asymmetric Systems)
is a project
to measure the performance of public-key systems.
This page presents benchmark results collected in eBATS
for public-key Diffie–Hellman secret-sharing systems:
- Time (cycles) to generate a key pair:
a secret key and a corresponding public key.
- Time to compute a shared secret,
given one user's secret key and another user's public key.
- Space (bytes) for a secret key.
- Space for a public key.
- Space for a shared secret.
Each table row lists
the first quartile of many speed measurements,
the median of many speed measurements,
the third quartile of many speed measurements, and
the name of the primitive.
Measurements with large variance are indicated in red with question marks.
The symbol
T:
(starting with supercop-20200816)
means that the SUPERCOP database
at the time of benchmarking did not list constant time
as a goal for this implementation.
The symbol
T!!!
means that constant time was listed as a goal for this implementation,
but that the implementation failed TIMECOP.
(TIMECOP failures are not necessarily security issues;
they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)
There is a
separate page
with more information about each Diffie–Hellman system and each implementation.
Designers and implementors
interested in submitting new Diffie–Hellman systems
and new implementations of existing systems
should read the call for submissions.
Test results
Graphs:
old
(pkcycles,pkbytes)
(scycles,pkbytes)
| Cycles to generate a key pair |
|---|
| 25% | 50% | 75% | system |
|---|
| 25352 | 26264 | 28720 | T: jacfp127i |
| 27008 | 27840 | 33508 | T: kumjacfp127g |
| 28884 | 30716 | 34708 | T: hecfp127i |
| 29028 | 31244 | 35680 | T: prjfp127i |
| 37484 | 37876 | 38008 | T: gls254 |
| 39216 | 39252 | 39336 | T: gls254prot |
| 40856 | 41392 | 46192 | T: curve2251 |
| 43984 | 46380 | 50980 | T: hecfp128i |
| 49096 | 49168 | 49532 | T: k277taa |
| 56104 | 56204 | 56408 | T: k298 |
| 66896 | 70904 | 78584 | T: kummer |
| 77152 | 77220 | 78312 | T: k277mon |
| 77116 | 78228 | 79852 | T: gls1271 |
| 83616 | 89492 | 103924 | T: kumfp127g |
| 130272 | 139580 | 152408 | T: kumfp128g |
| 143168 | 151804 | 163320 | T: curve25519 |
| 156808 | 157572 | 162900 | T: ed448goldilocks |
| 188820 | 192188 | 205412 | T: sclaus1024 |
| 289692 | 302188 | 318928 | T: nistp256 |
| 536940 | 550972 | 560860 | T: surf2113 |
| 913660 | 926492 | 951964 | T: ed521gs |
| 957444 | 975600 | 1008888 | T: sclaus2048 |
| 1126572 | 1140336 | 1167376 | T: claus |
|
| Cycles to compute a shared secret |
|---|
| 25% | 50% | 75% | system |
|---|
| 36068 | 36164 | 36296 | T: gls254 |
| 39072 | 39108 | 39180 | T: gls254prot |
| 48988 | 49064 | 49172 | T: k277taa |
| 55928 | 56052 | 56256 | T: k298 |
| 67444 | 72116 | 78052 | T: kummer |
| 76988 | 77048 | 80144 | T: k277mon |
| 88104 | 96592 | 105912 | T: kumfp127g |
| 99184 | 105492 | 114596 | T: kumjacfp127g |
| 136672 | 146688 | 157244 | T: kumfp128g |
| 142936 | 148720 | 160268 | T: curve25519 |
| 153636 | 153884 | 154244 | T: curve2251 |
| 155972 | 165196 | 179208 | T: jacfp127i |
| 189036 | 189620 | 198564 | T: gls1271 |
| 189032 | 192496 | 204424 | T: sclaus1024 |
| 188488 | 200876 | 211976 | T: prjfp127i |
| 193228 | 204172 | 217596 | T: hecfp127i |
| 280172 | 292164 | 310472 | T: hecfp128i |
| 471308 | 476040 | 489284 | T: ed448goldilocks |
| 534756 | 546260 | 559180 | T: surf2113 |
| 906052 | 921700 | 934268 | T: ed521gs |
| 950296 | 967148 | 1001072 | T: sclaus2048 |
| 1003276 | 1025344 | 1056916 | T: nistp256 |
| 1123532 | 1140028 | 1153892 | T: claus |
|
|
| 
