VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 3 (a50f00); 2021 AMD Ryzen 5 PRO 5650G; 6 x 3900MHz; cezanne, supercop-20240716

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
232332531827466
T:
jacfp127i
258462738929387
T:
kumjacfp127g
294373101833234
T:
prjfp127i
302533158933838
T:
hecfp127i
307033263034750
T:
jacfp128bk
340933541140420
T:
curve2251
361033787340320
T:
prjfp128bk
382723829638371
T:
gls254prot
368113877741450
T:
hecfp128bk
373383880741689
T:
hecfp128fkt
371383897341832
T:
hecfp128i
386223898539540
T:
gls254
473174737747740
T:
kummer
479774802948119
T:
k277taa
531565372454394
T:
gls1271
541355425754971
T:
k298
755987566075733
T:
k277mon
813188140581530
T:
kumfp127g
102499102616102756
T:
curve25519
105085105192105263
T:
kumfp128g
158144158471158880
T:
ed448goldilocks
198905200796202646
T:
sclaus1024
219676220130220219
T:
nistp256
356805358349359096
T:
surf2113
754819757965758607
T:
ed521gs
902908905422906941
T:
nist521gs
100771410151521022367
T:
sclaus2048
102284510236951035543
T:
claus
Cycles to compute a shared secret
25%50%75%system
356973573035774
T:
gls254
382603826638324
T:
gls254prot
473744764847720
T:
kummer
479544800948012
T:
k277taa
539565401654084
T:
k298
755357559075664
T:
k277mon
812298128881319
T:
jacfp128bk
839218399484069
T:
kumfp127g
858058587985947
T:
kumjacfp127g
104504104690104772
T:
prjfp128bk
107327107472107638
T:
hecfp128bk
109752109761109914
T:
kumfp128g
110893110959111059
T:
curve25519
111469111536111882
T:
hecfp128fkt
128965129759134200
T:
gls1271
131001131203131532
T:
curve2251
131597131606131666
T:
jacfp127i
174957175201176570
T:
prjfp127i
178754178848178998
T:
hecfp127i
201610203417208559
T:
sclaus1024
237492237782238644
T:
hecfp128i
352087352506352850
T:
surf2113
524903527311528762
T:
ed448goldilocks
580485581091582516
T:
nistp256
754202755507756944
T:
ed521gs
902529905585907864
T:
nist521gs
101469110166441017737
T:
sclaus2048
101980810257181026982
T:
claus