VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Sandy Bridge (206a7); 2011 Intel Core i3-2310M; 2 x 2100MHz; h6sandy, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
320523266333367
T:
jacfp127i
335803448235355
T:
kumjacfp127g
376363828139100
T:
hecfp127i
380873919340052
T:
prjfp127i
460544688248028
T:
jacfp128bk
561435730058636
T:
prjfp128bk
576305848959379
T:
hecfp128i
574495871260104
T:
hecfp128bk
575175873359881
T:
hecfp128fkt
597746003462283
T:
curve2251
892548929089373
T:
kummer
102033103383104921
T:
gls1271
116819117067117393
T:
gls254
121298121474121896
T:
gls254prot
123523123661125188
T:
kumfp127g
147101147460147919
T:
curve25519
173417173814174416
T:
k277taa
182948183158183727
T:
k298
184663185166185519
T:
kumfp128g
217310217577217958
T:
ed448goldilocks
256868257033257365
T:
k277mon
286028290218292842
T:
sclaus1024
353323353926355786
T:
nistp256
631492634814637723
T:
surf2113
121344512147001216836
T:
ed521gs
146078314715151481802
T:
sclaus2048
171529717197191725774
T:
claus
Cycles to compute a shared secret
25%50%75%system
890338907089103
T:
kummer
115688115780116273
T:
gls254
121222121328121710
T:
gls254prot
125772126025129950
T:
kumfp127g
130682130894131305
T:
kumjacfp127g
140917141214145095
T:
jacfp128bk
158936159472159975
T:
curve25519
173372173599174154
T:
k277taa
179036179388180053
T:
prjfp128bk
182697182850183284
T:
k298
182919183269183568
T:
hecfp128bk
190232190452190861
T:
hecfp128fkt
191227191700192063
T:
kumfp128g
200577200770200983
T:
jacfp127i
227080228524230263
T:
curve2251
247288248916253891
T:
gls1271
256918256994257718
T:
k277mon
260752261372262112
T:
prjfp127i
265837266719267773
T:
hecfp127i
286188294005296729
T:
sclaus1024
415988417498418889
T:
hecfp128i
628793633301636228
T:
surf2113
654301654529654781
T:
ed448goldilocks
122432412252871226694
T:
nistp256
122386212267101229531
T:
ed521gs
145791114834601489011
T:
sclaus2048
172166817245851730269
T:
claus