VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Silvermont (406c4); 2016 Intel Atom x5-Z8350; 4 x 1440MHz; cherry, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
642666566567852
T:
jacfp127i
683917026374433
T:
kumjacfp127g
735207433076269
T:
hecfp127i
732517494979876
T:
prjfp127i
96345100401108482
T:
jacfp128bk
108342109138113401
T:
curve2251
113458114803118953
T:
hecfp128bk
114914119312127513
T:
hecfp128fkt
116221120850128999
T:
prjfp128bk
113177?125949?154048?
T:
hecfp128i
139274142128145171
T:
gls254
185466188380192304
T:
gls1271
205730205918206470
T:
gls254prot
280553280632280767
T:
kumfp127g
287869288052288551
T:
k277taa
310009311733313996
T:
k298
422256422362422685
T:
k277mon
447393447495447699
T:
kumfp128g
448655448709448797
T:
curve25519
570069570841573403
T:
kummer
614735619533620183
T:
nistp256
762922764991773428
T:
ed448goldilocks
775492782719789359
T:
sclaus1024
113974611486941157820
T:
surf2113
365931536603773663979
T:
ed521gs
380682138257763855190
T:
sclaus2048
432330343278994332209
T:
nist521gs
466815446790474692594
T:
claus
Cycles to compute a shared secret
25%50%75%system
140431142445143329
T:
gls254
205377205516205944
T:
gls254prot
283549283624283705
T:
kumfp127g
286598286649286719
T:
kumjacfp127g
287572287714287943
T:
k277taa
305599307135308940
T:
k298
318066318801319758
T:
jacfp128bk
371817373002375042
T:
hecfp128bk
375514377418380567
T:
prjfp128bk
386414387457389060
T:
hecfp128fkt
422064422124422212
T:
k277mon
426451427698428253
T:
curve2251
431660441372442216
T:
gls1271
442691444694447124
T:
jacfp127i
448539448573448621
T:
curve25519
457633457691457920
T:
kumfp128g
524150526327529650
T:
prjfp127i
533464533969535476
T:
hecfp127i
569404570315572778
T:
kummer
780482794126800366
T:
sclaus1024
808809809589814131
T:
hecfp128i
113906011471301155094
T:
surf2113
208560820872372090060
T:
nistp256
263816526418372647966
T:
ed448goldilocks
365882736597643660737
T:
ed521gs
382081238319603873946
T:
sclaus2048
431766443239064328956
T:
nist521gs
466519146820314725461
T:
claus