VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; comet, supercop-20240425

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
230412376224531
T:
jacfp127i
241892478125445
T:
kumjacfp127g
271382856329766
T:
prjfp127i
281252936730726
T:
hecfp127i
319133328634500
T:
jacfp128bk
358173647937848
T:
hecfp128fkt
358013680538277
T:
hecfp128bk
366773686737149
T:
gls254
372983832139418
T:
prjfp128bk
383993859339582
T:
curve2251
386563870638752
T:
gls254prot
393374041141569
T:
hecfp128i
449274570547414
T:
ecfp256e
457324576045797
T:
k277taa
475134818849927
T:
ecfp256h
487844977351584
T:
ecfp256s
501345026050412
T:
k298
508145174654180
T:
ecfp256q
530165312554186
T:
kummer
708787096071019
T:
k277mon
715377249273316
T:
gls1271
802298035180431
T:
kumfp127g
111074111144111667
T:
kumfp128g
125326125715126609
T:
curve25519
152889153053153274
T:
ed448goldilocks
177309178969180549
T:
sclaus1024
183220184069184811
T:
surf127eps
193861195639199864
T:
ecfp256i
239060239333239603
T:
nistp256
514412516600518390
T:
surf2113
808692808931809493
T:
ed521gs
896824909023928006
T:
sclaus2048
942073942327942798
T:
nist521gs
980863981250982344
T:
claus
Cycles to compute a shared secret
25%50%75%system
357573578935823
T:
gls254
385683860138629
T:
gls254prot
455204556845648
T:
k277taa
497024977349839
T:
k298
529885415954416
T:
kummer
707677087570938
T:
k277mon
814778159181689
T:
kumfp127g
825618264482721
T:
kumjacfp127g
880008808888168
T:
jacfp128bk
107431107551107745
T:
prjfp128bk
112242112395112646
T:
hecfp128bk
115346115400116045
T:
kumfp128g
116115116262116520
T:
hecfp128fkt
124241124330124453
T:
jacfp127i
135347135551136632
T:
curve25519
143291144011145114
T:
curve2251
165269165400165545
T:
prjfp127i
168242168369168516
T:
hecfp127i
176067176232176437
T:
ecfp256e
176191176669177851
T:
gls1271
175508176928177646
T:
surf127eps
179966180417181390
T:
sclaus1024
186419186524186664
T:
ecfp256q
188189188313188500
T:
ecfp256i
218158218307218501
T:
ecfp256h
243406243585243838
T:
ecfp256s
247111247263247525
T:
hecfp128i
466284466681467090
T:
ed448goldilocks
510295514811516470
T:
surf2113
613425613870614255
T:
nistp256
808758808946809181
T:
ed521gs
890712912094917939
T:
sclaus2048
941858942144942448
T:
nist521gs
977737978090978556
T:
claus