VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bonnell (106ca); 2010 Intel Atom N455; 1 x 1000MHz; h2atom, supercop-20240107

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
126540126932127586
T:
jacfp127i
131849132222132799
T:
kumjacfp127g
139368139764140311
T:
prjfp127i
142908143218143829
T:
hecfp127i
217696218044218611
T:
jacfp128bk
234779237792240341
T:
ecfp256e
245742246378247760
T:
hecfp128bk
246353247275248531
T:
prjfp128bk
246697247324248543
T:
hecfp128fkt
248260249020249982
T:
hecfp128i
248629249837253499
T:
curve2251
257088260331263145
T:
ecfp256s
264038265768269673
T:
ecfp256h
266358270070272569
T:
ecfp256q
311963315613318003
T:
gls1271
548841548859550114
T:
kumfp127g
103585510364811037069
T:
kumfp128g
110977611102831110934
T:
curve25519
117397611798921188094
T:
ecfp256i
131496613169531321103
T:
ed448goldilocks
135149313526911354988
T:
nistp256
172921417303691734255
T:
kummer
208158921004322123920
T:
sclaus1024
724726072539907269084
T:
ed521gs
859000585987778613248
T:
nist521gs
107865611086048910939078
T:
sclaus2048
121335461215738612187607
T:
claus
Cycles to compute a shared secret
25%50%75%system
556644556653557561
T:
kumfp127g
559418559454560048
T:
kumjacfp127g
727018727065728203
T:
jacfp128bk
756549768273773441
T:
gls1271
861770861898863639
T:
prjfp128bk
886543886662889466
T:
hecfp128bk
923112924692926246
T:
hecfp128fkt
931979932860934933
T:
jacfp127i
101647310196891022597
T:
curve2251
106163610620441062578
T:
kumfp128g
110557311071861111809
T:
ecfp256e
110805211087141111185
T:
prjfp127i
110958111096981110682
T:
curve25519
114137711417751144106
T:
hecfp127i
114692211487991152413
T:
ecfp256q
117748911791331183574
T:
ecfp256i
138194713831811387390
T:
ecfp256s
145918114596481464756
T:
ecfp256h
172850917286871730867
T:
kummer
195516419562251956769
T:
hecfp128i
215056821653282172459
T:
sclaus1024
447366044748874482682
T:
ed448goldilocks
453600145369164547765
T:
nistp256
724508572471197260412
T:
ed521gs
858856085931668611824
T:
nist521gs
109068781095261710979594
T:
sclaus2048
121759311219419712212527
T:
claus