VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 45nm (100f63); 2010 AMD Athlon II Neo K125; 1 x 1700MHz; h3neo, supercop-20240425

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
328283310133455
T:
jacfp127i
349063516035462
T:
kumjacfp127g
384223878639039
T:
hecfp127i
389653933739760
T:
prjfp127i
515695224853345
T:
jacfp128bk
600756078861620
T:
hecfp128i
604826123162110
T:
hecfp128fkt
605076123862012
T:
hecfp128bk
615156214562857
T:
prjfp128bk
754697682278276
T:
ecfp256e
792588086582479
T:
ecfp256s
803568146983136
T:
ecfp256h
820708395485917
T:
ecfp256q
112133113769115795
T:
gls1271
131154131186131266
T:
kumfp127g
219975219976220066
T:
curve25519
224573224579224690
T:
kumfp128g
263848266291268442
T:
sclaus1024
292671294028296159
T:
ecfp256i
293395294492295171
T:
surf127eps
343136343711344332
T:
ed448goldilocks
425551425781425903
T:
nistp256
436162436205436324
T:
kummer
108408110894911090543
T:
surf2113
127724812865391295932
T:
sclaus2048
133456413391671340436
T:
curve2251
155571115565561557507
T:
ed521gs
157048215753181586570
T:
claus
181912918198071824757
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
132634132644132652
T:
kumfp127g
134338134343134343
T:
kumjacfp127g
163310163451163505
T:
jacfp128bk
199984200068200240
T:
prjfp128bk
206049206083206122
T:
hecfp128bk
212194212507212541
T:
jacfp127i
213906213934214803
T:
hecfp128fkt
219945219945219945
T:
curve25519
230022230034230036
T:
kumfp128g
261053264189270605
T:
sclaus1024
272997273049273066
T:
prjfp127i
273447273489273718
T:
ecfp256e
270717275266279807
T:
gls1271
281495281545281586
T:
hecfp127i
284131284156284190
T:
ecfp256q
291481291513291566
T:
ecfp256i
293028293348293520
T:
surf127eps
344962345160345203
T:
ecfp256s
353714353729353771
T:
ecfp256h
436087436146436184
T:
kummer
454620454662454702
T:
hecfp128i
944117944527944987
T:
ed448goldilocks
102473410247761025506
T:
nistp256
107845410886331090469
T:
surf2113
126986012728231290371
T:
sclaus2048
133145013320421333729
T:
curve2251
155527615556721556776
T:
ed521gs
156867415745941589658
T:
claus
181902318193151824116
T:
nist521gs