VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bobcat (500f10); 2011 AMD G-T56N; 2 x 1650MHz; h8bobcat, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
68082?104215?105213?
T:
jacfp127i
73121?113302?114551?
T:
kumjacfp127g
77667?119400?120412?
T:
prjfp127i
77900?119691?120655?
T:
hecfp127i
97617?150989?154370?
T:
jacfp128bk
175759177123179094
T:
prjfp128bk
115435?177407?179636?
T:
hecfp128i
116256?180367?183511?
T:
hecfp128fkt
118071?181968?184239?
T:
hecfp128bk
209357?328496?333820?
T:
gls1271
248862?398117?399499?
T:
kumfp127g
455221?457430?731823?
T:
curve25519
395015?631859?631945?
T:
kumfp128g
760346760712761549
T:
nistp256
966440969883974837
T:
surf127eps
1001447?1001960?1602274?
T:
kummer
642257?1004368?1017773?
T:
curve2251
648845?1012686?1032792?
T:
sclaus1024
688926?1096922?1100390?
T:
ed448goldilocks
979735?1490484?1527714?
T:
hector
2151517?3406044?3428483?
T:
surf2113
3010313?4786186?4808981?
T:
ed521gs
3090844?4884748?4939378?
T:
sclaus2048
3826534?6108586?6130227?
T:
claus
Cycles to compute a shared secret
25%50%75%system
251954?403080?403090?
T:
kumfp127g
258875?414052?414067?
T:
kumjacfp127g
455121?455126?728146?
T:
curve25519
296780?474307?474449?
T:
jacfp128bk
585143585348586193
T:
prjfp128bk
372894?594862?596543?
T:
hecfp128bk
388802?620004?620374?
T:
hecfp128fkt
406880?650917?650950?
T:
kumfp128g
431562?689344?690009?
T:
jacfp127i
466231?758205?779608?
T:
gls1271
534893?854943?855508?
T:
prjfp127i
544583?870808?870979?
T:
hecfp127i
964012964944968306
T:
surf127eps
100131010013191001466
T:
kummer
649999?1031234?1048838?
T:
sclaus1024
825849?1319084?1320106?
T:
hecfp128i
255520525687722584204
T:
nistp256
2037798?3241856?3260647?
T:
ed448goldilocks
2127753?3404021?3413692?
T:
surf2113
2579583?4108099?4113628?
T:
curve2251
2989598?4763328?4783683?
T:
ed521gs
3068111?4896842?4953347?
T:
sclaus2048
3185612?5124599?5178279?
T:
hector
3825536?6104657?6119340?
T:
claus