VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Sandy Bridge (206a7); 2011 Intel Core i3-2310M; 2 x 2100MHz; h6sandy, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
327173371434599
T:
jacfp127i
335923448435352
T:
kumjacfp127g
369513754938256
T:
prjfp127i
376443820138747
T:
hecfp127i
463434718747858
T:
jacfp128bk
571505815059517
T:
hecfp128fkt
568815818359464
T:
hecfp128bk
572195821859298
T:
hecfp128i
575835913161342
T:
prjfp128bk
599546042462767
T:
curve2251
894128948089616
T:
kummer
100764102406103825
T:
gls1271
116641116930117365
T:
gls254
121113121221121443
T:
gls254prot
123562123773124081
T:
kumfp127g
147131147222147312
T:
curve25519
176951177059177459
T:
k277taa
182675183117183928
T:
k298
184725185422185687
T:
kumfp128g
217366217911218631
T:
ed448goldilocks
258066258276259302
T:
k277mon
271260272494273883
T:
surf127eps
287529289791292751
T:
sclaus1024
294001298259311653
T:
hector
353081353301353508
T:
nistp256
629722633064642245
T:
surf2113
121513112177141222622
T:
ed521gs
146182314711971483301
T:
sclaus2048
171710517217891725690
T:
claus
Cycles to compute a shared secret
25%50%75%system
891798921889301
T:
kummer
115541115600116048
T:
gls254
121027121121121215
T:
gls254prot
125797126066126536
T:
kumfp127g
130751131125132545
T:
kumjacfp127g
140995141309141942
T:
jacfp128bk
159095159203159486
T:
curve25519
176814176913177167
T:
k277taa
179090180038189571
T:
prjfp128bk
182501182738183342
T:
k298
182918183158183522
T:
hecfp128bk
190215190491191047
T:
hecfp128fkt
191031191801192044
T:
kumfp128g
200423200837215877
T:
jacfp127i
228308230346232606
T:
curve2251
246433248617253088
T:
gls1271
257980258036258619
T:
k277mon
260678261203262062
T:
prjfp127i
266078266668267756
T:
hecfp127i
268252269243270370
T:
surf127eps
289978292228297431
T:
sclaus1024
415253416384417997
T:
hecfp128i
631380634044642410
T:
surf2113
654563655750667789
T:
ed448goldilocks
9904699937081009815
T:
hector
122324312237321223977
T:
nistp256
122620512279591231808
T:
ed521gs
146580414691001472380
T:
sclaus2048
171278917168591718021
T:
claus