VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen (820f01); 2020 AMD Athlon Silver 3050e; 2 x 1400MHz; dali, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
261872671327440
T:
jacfp127i
266212730528158
T:
kumjacfp127g
300913075231441
T:
prjfp127i
307843134732090
T:
hecfp127i
352253588036645
T:
jacfp128bk
388973974341045
T:
hecfp128bk
391123989340743
T:
prjfp128bk
390303993641119
T:
hecfp128fkt
391784007241043
T:
hecfp128i
404454110542770
T:
curve2251
436374392444191
T:
gls254
444964467444692
T:
gls254prot
558845614856177
T:
k277taa
645026461365185
T:
k298
647426573266526
T:
gls1271
897538982389858
T:
k277mon
101689101760101847
T:
kumfp127g
106082106652106658
T:
kummer
132894133017133101
T:
kumfp128g
144603144616144638
T:
curve25519
198361199958201932
T:
sclaus1024
202088202477202692
T:
ed448goldilocks
273316273654275595
T:
nistp256
454374456113457187
T:
surf2113
924105925984927319
T:
ed521gs
9888169968641004703
T:
sclaus2048
110467711068721110525
T:
nist521gs
117763011807341183106
T:
claus
Cycles to compute a shared secret
25%50%75%system
423074232942348
T:
gls254
444364456144626
T:
gls254prot
558515609356163
T:
k277taa
644236449664618
T:
k298
896998970689781
T:
k277mon
103594103644103727
T:
jacfp128bk
104481104513104587
T:
kumfp127g
106260106382106497
T:
kumjacfp127g
106030106633106678
T:
kummer
126794126904127352
T:
prjfp128bk
129122129314129586
T:
hecfp128bk
133851133887133976
T:
hecfp128fkt
139098139154139182
T:
kumfp128g
157298157548159072
T:
curve25519
160596160876161499
T:
curve2251
162097162197162386
T:
jacfp127i
163644164569168368
T:
gls1271
198584199292204738
T:
sclaus1024
203741204136204237
T:
prjfp127i
206941207219207337
T:
hecfp127i
285553285726287582
T:
hecfp128i
453503453914455216
T:
surf2113
590968592138594279
T:
ed448goldilocks
672758673317674064
T:
nistp256
923537925881926188
T:
ed521gs
98876410097901012727
T:
sclaus2048
110464011060971107068
T:
nist521gs
117963011806181188691
T:
claus