VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bonnell (30661); 2011 Intel Atom D2500; 2 x 1866MHz; h8atom, supercop-20240425

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
128744129444130774
T:
jacfp127i
133427135121136199
T:
kumjacfp127g
144214145292146524
T:
hecfp127i
144158145572147525
T:
prjfp127i
220101220948222033
T:
jacfp128bk
233821236621239680
T:
ecfp256e
247212248626250754
T:
hecfp128fkt
246344248675250460
T:
prjfp128bk
247191248864250593
T:
hecfp128bk
247401250698254639
T:
curve2251
249368250810252847
T:
hecfp128i
255542259042261709
T:
ecfp256s
261296263144266679
T:
ecfp256h
263998267071271026
T:
ecfp256q
316302321748325304
T:
gls1271
540918545335547022
T:
kumfp127g
103686110402631042118
T:
kumfp128g
109598310959971096683
T:
curve25519
112009811243261127567
T:
surf127eps
115896211668091177645
T:
ecfp256i
130298713042331308797
T:
ed448goldilocks
134827013486971367443
T:
nistp256
169957217077831723799
T:
surf2113
174861417567201766254
T:
kummer
176062617795611800148
T:
sclaus1024
705855570887887160447
T:
ed521gs
849476685754558609860
T:
nist521gs
872549387892358865773
T:
sclaus2048
106615671073853910790962
T:
claus
Cycles to compute a shared secret
25%50%75%system
551285553273555163
T:
kumfp127g
552111556549558096
T:
kumjacfp127g
730877732473733544
T:
jacfp128bk
756546784672789530
T:
gls1271
862505867930870170
T:
prjfp128bk
888937891758894502
T:
hecfp128bk
919653921886927465
T:
hecfp128fkt
936173938322940338
T:
jacfp127i
101390810261021030771
T:
curve2251
106395110660161067570
T:
kumfp128g
108566510911041097061
T:
ecfp256e
109584310958431096018
T:
curve25519
111001811118661113798
T:
prjfp127i
111358811214981124662
T:
surf127eps
112811311324181139824
T:
ecfp256q
113699611458791148882
T:
hecfp127i
116027111658781170288
T:
ecfp256i
135400313600651365931
T:
ecfp256s
143909514468791457204
T:
ecfp256h
172118817326121744393
T:
surf2113
174774617562301762936
T:
kummer
176141717657991782179
T:
sclaus1024
195252419665661971620
T:
hecfp128i
449591145094004512984
T:
ed448goldilocks
453918545546134575277
T:
nistp256
705688971400987170758
T:
ed521gs
847213585495278591604
T:
nist521gs
878549788956848983597
T:
sclaus2048
106378021075155210782198
T:
claus