VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; cubi10, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
211112141822496
T:
kumjacfp127g
216272247123209
T:
jacfp127i
253032606827109
T:
prjfp127i
257442658127806
T:
hecfp127i
301833122032058
T:
jacfp128bk
354273626137543
T:
hecfp128i
358743643537308
T:
prjfp128bk
362583723338380
T:
hecfp128bk
370403726037614
T:
gls254
375583824539133
T:
hecfp128fkt
384803893940237
T:
curve2251
391743924639299
T:
gls254prot
463204635946412
T:
k277taa
531255322653421
T:
k298
531185324454047
T:
kummer
694897029871078
T:
gls1271
711127220072286
T:
k277mon
798318004080909
T:
kumfp127g
112694112775112887
T:
kumfp128g
126451126603126789
T:
curve25519
152216152815153191
T:
ed448goldilocks
175538177375179160
T:
sclaus1024
232957233401234442
T:
nistp256
507874509549511259
T:
surf2113
822368822721823968
T:
ed521gs
892764900998908627
T:
sclaus2048
952752955624957556
T:
nist521gs
9750109800261028927
T:
claus
Cycles to compute a shared secret
25%50%75%system
360383617036237
T:
gls254
389293898039058
T:
gls254prot
460654611046158
T:
k277taa
530385310753193
T:
k298
532345418854518
T:
kummer
721527219172238
T:
k277mon
821888237183182
T:
kumfp127g
838518427684462
T:
kumjacfp127g
888488902989411
T:
jacfp128bk
108820110306110655
T:
prjfp128bk
114104114500115151
T:
hecfp128bk
117978118191118469
T:
kumfp128g
118259118403118626
T:
hecfp128fkt
125612125716125849
T:
jacfp127i
135274135707136134
T:
curve25519
143320144201144520
T:
curve2251
166946167116167376
T:
prjfp127i
168943169093169249
T:
hecfp127i
177294177852179672
T:
gls1271
177161177919184246
T:
sclaus1024
253310253589254130
T:
hecfp128i
457041457402458347
T:
ed448goldilocks
504163509340510661
T:
surf2113
588361589444590419
T:
nistp256
822952824717826605
T:
ed521gs
893749903291910402
T:
sclaus2048
952643955677957654
T:
nist521gs
9727399755531026859
T:
claus