VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 45nm (10676); 2007 Intel Xeon X5450; 8 x 2992MHz; unstable; gcc14, supercop-20220506

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
450734746350135
T:
jacfp127i
470414835249377
T:
kumjacfp127g
517235395157038
T:
prjfp127i
530025517759391
T:
hecfp127i
713697255876668
T:
ecfp256e
774197899684435
T:
ecfp256h
780957935180571
T:
jacfp128bk
796888159186347
T:
ecfp256s
884948908191698
T:
ecfp256q
899879267895313
T:
prjfp128bk
906959309296851
T:
hecfp128fkt
914649368897172
T:
hecfp128i
918849393196811
T:
hecfp128bk
122081124406126622
T:
gls1271
127352128298131045
T:
curve2251
178621178639178774
T:
kumfp127g
299212299279299300
T:
curve25519
314856315067315465
T:
kumfp128g
329748330281330858
T:
ed448goldilocks
384083386835388905
T:
ecfp256i
413326415894420963
T:
surf127eps
422448422696424925
T:
kummer
422389426879430417
T:
sclaus1024
592353599624599809
T:
nistp256
703975707187707993
T:
surf2113
165127616548471665749
T:
ed521gs
196582819681241970593
T:
nist521gs
214164921584622174320
T:
sclaus2048
253159425367742542306
T:
claus
Cycles to compute a shared secret
25%50%75%system
183308183339183401
T:
kumfp127g
187644188022188184
T:
kumjacfp127g
244882244967245135
T:
jacfp128bk
292653292810292871
T:
jacfp127i
298596298922299590
T:
curve25519
301634301818301972
T:
prjfp128bk
307377307524307663
T:
hecfp128bk
315724316398332895
T:
gls1271
318241318313318421
T:
hecfp128fkt
327094327144327284
T:
kumfp128g
362120362446362793
T:
ecfp256e
377991378292378707
T:
ecfp256q
381459381554381707
T:
prjfp127i
383653383881384037
T:
ecfp256i
388709388774388844
T:
hecfp127i
412903415509419428
T:
surf127eps
422428422854424362
T:
kummer
424342428316440575
T:
sclaus1024
455103455540455801
T:
ecfp256h
470134470272470478
T:
ecfp256s
519804523960528188
T:
curve2251
694179694320694727
T:
hecfp128i
701889703404704125
T:
surf2113
102255210230961026174
T:
ed448goldilocks
117578911759971177498
T:
nistp256
165075316546411665087
T:
ed521gs
196526419670891969059
T:
nist521gs
212717521455732206421
T:
sclaus2048
253738125388522573470
T:
claus