VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 45nm (100f63); 2010 AMD Athlon II Neo K125; 1 x 1700MHz; h3neo, supercop-20260330

[Page version: 20260703 18:30:56]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements (or StQ1 starting with supercop-20260214), the median of many speed measurements (or StQ2 starting with supercop-20260214), the third quartile of many speed measurements (or StQ3 starting with supercop-20260214), and the name of the primitive. Measurements with large interquartile range (or stabilized interquartile range) are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
328333315033555
T:
jacfp127i
349493585036990
T:
kumjacfp127g
369283718437642
T:
prjfp127i
388433960840548
T:
hecfp127i
515725163951878curve25519
524585274153124
T:
jacfp128bk
593346005760950
T:
prjfp128bk
601326086461634
T:
hecfp128fkt
605176122962102
T:
hecfp128i
613946217363053
T:
hecfp128bk
717707310274889
T:
ecfp256e
758477738779006
T:
ecfp256s
802738028580503nistp256
786158039382333
T:
ecfp256q
797948119082801
T:
ecfp256h
111226112710114030
T:
gls1271
130601130636130825
T:
kumfp127g
206204207388208272
T:
sclaus1024
224232224286224598
T:
kumfp128g
276821278730280698
T:
ecfp256i
296378297460297979
T:
surf127eps
342373342906343681
T:
ed448goldilocks
452621452881453071
T:
kummer
478838486050501655
T:
hector
988934994351997126
T:
sclaus2048
109149710968491098477
T:
surf2113
133937713451081349406
T:
curve2251
135021313523911354949
T:
claus
154585115459351547540
T:
ed521gs
180749018084271809994
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
132214132227132358
T:
kumfp127g
134380134385134507
T:
kumjacfp127g
161893162336163786
T:
jacfp128bk
189023189035189362curve25519
202419202832203145
T:
prjfp128bk
209218209690210136
T:
hecfp128fkt
211797212043212334
T:
hecfp128bk
213167213464213719
T:
jacfp127i
229658229672229952
T:
kumfp128g
259805260190261039
T:
ecfp256e
266443266913267642
T:
ecfp256q
264621267234268611
T:
gls1271
269933270574272855
T:
sclaus1024
270371270693271791
T:
ecfp256i
273026273250273494
T:
prjfp127i
284269284370284861
T:
hecfp127i
295441295651295792
T:
surf127eps
312566312691312990nistp256
323159323580324231
T:
ecfp256s
347258347760348517
T:
ecfp256h
452544452857452987
T:
kummer
454388454759454879
T:
hecfp128i
944266945084946084
T:
ed448goldilocks
109620110964651097271
T:
surf2113
130607813118691331348
T:
sclaus2048
134437013451161347615
T:
curve2251
154539415454701545555
T:
ed521gs
157221915758161576446
T:
claus
166686616862841703574
T:
hector
180707118074901808829
T:
nist521gs