VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bonnell (106ca); 2010 Intel Atom N455; 1 x 1000MHz; h2atom, supercop-20250415

[Page version: 20250808 02:31:25]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
126651127042127656
T:
jacfp127i
132380132792133379
T:
kumjacfp127g
139298139759140302
T:
prjfp127i
142853143262143911
T:
hecfp127i
217925218388218928
T:
jacfp128bk
233729236665238980
T:
ecfp256e
244932245847246948
T:
prjfp128bk
245802246575247910
T:
hecfp128fkt
246268246965247933
T:
hecfp128i
248665249993253543
T:
curve2251
249879251370252792
T:
hecfp128bk
255341257859260934
T:
ecfp256s
259927262218264650
T:
ecfp256h
262930266079268940
T:
ecfp256q
311804315226317681
T:
gls1271
548841548856550112
T:
kumfp127g
103566910364211037281
T:
kumfp128g
110977911103891111184
T:
curve25519
115162611573381166346
T:
ecfp256i
131249813148151316295
T:
ed448goldilocks
134828413492771351136
T:
nistp256
172911417294741730987
T:
kummer
208062620996922116350
T:
sclaus1024
724629672487357258416
T:
ed521gs
858954785957608606611
T:
nist521gs
107649591084509810918060
T:
sclaus2048
121435821218153012216044
T:
claus
Cycles to compute a shared secret
25%50%75%system
556644556644557428
T:
kumfp127g
559417559466560090
T:
kumjacfp127g
726263726351727450
T:
jacfp128bk
751921763645767926
T:
gls1271
863433863499864913
T:
prjfp128bk
886567886755889536
T:
hecfp128bk
921406922757924443
T:
hecfp128fkt
932003932852934888
T:
jacfp127i
101990210207221025761
T:
curve2251
106131610619001062416
T:
kumfp128g
108623010863351089914
T:
ecfp256e
110799711085951110828
T:
prjfp127i
110958411097381110798
T:
curve25519
113036611305231136372
T:
ecfp256q
114142111417801144166
T:
hecfp127i
115739511574781161837
T:
ecfp256i
135810413599161373512
T:
ecfp256s
143163514320561435421
T:
ecfp256h
172847217286031730501
T:
kummer
195465619558521956350
T:
hecfp128i
211698021214742150345
T:
sclaus1024
447368544745334482752
T:
ed448goldilocks
454143645429184554787
T:
nistp256
724449272457737255302
T:
ed521gs
858805685918448608815
T:
nist521gs
109255331094538910958948
T:
sclaus2048
121519481219519912234283
T:
claus