VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems
ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bobcat (500f10); 2011 AMD G-T56N; 2 x 1650MHz; h8bobcat, supercop-20240425

[Page version: 20240726 23:45:37]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.

Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
70105?105251?107663?
T:
jacfp127i
112712113644114280
T:
kumjacfp127g
112423?115140?177142?
T:
hecfp128fkt
112148?115297?176049?
T:
hecfp128bk
113734?116218?179845?
T:
hecfp128i
81234?122554?125438?
T:
hecfp127i
124678127196129875
T:
prjfp127i
130715?133817?206539?
T:
ecfp256e
143778?147013?226989?
T:
ecfp256s
143336?147050?226894?
T:
ecfp256h
99926?153373?156166?
T:
jacfp128bk
152114?157861?240701?
T:
ecfp256q
114997?175218?177503?
T:
prjfp128bk
201552?204929?321789?
T:
gls1271
248877?398102?398145?
T:
kumfp127g
457397?457524?731647?
T:
curve25519
544127?549979?874309?
T:
ecfp256i
395096?631798?631888?
T:
kumfp128g
630976?645886?1009570?
T:
curve2251
687838?689847?1099516?
T:
ed448goldilocks
606993?966630?970857?
T:
surf127eps
648969?1019905?1035230?
T:
sclaus1024
150424415052611522912
T:
nistp256
160162916018611618543
T:
kummer
2983005?2996480?4804986?
T:
ed521gs
2144241?3411911?3428925?
T:
surf2113
3812398?3830732?6104462?
T:
claus
3097309?4882449?4934993?
T:
sclaus2048
555791355596475564773
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
372319?372514?595669?
T:
hecfp128bk
387609?388626?620288?
T:
hecfp128fkt
251955?402990?403090?
T:
kumfp127g
414153414219414390
T:
kumjacfp127g
457135?457302?731680?
T:
curve25519
460854?465314?753022?
T:
gls1271
296871?472254?472549?
T:
jacfp128bk
507371?508235?811727?
T:
ecfp256e
525858?526547?841002?
T:
ecfp256q
537776?539035?859565?
T:
ecfp256i
366092?585029?585162?
T:
prjfp128bk
638514?639791?1021949?
T:
ecfp256h
649159?650028?1038198?
T:
ecfp256s
406823?650840?650854?
T:
kumfp128g
431789?689353?690023?
T:
jacfp127i
824486?825593?1319009?
T:
hecfp128i
854848855014856315
T:
prjfp127i
544241?870675?870851?
T:
hecfp127i
602395?955097?965352?
T:
surf127eps
660502?1015697?1042221?
T:
sclaus1024
160143416015001602911
T:
kummer
2024569?2036748?3239405?
T:
ed448goldilocks
2598678?2614006?4069315?
T:
curve2251
2976046?2989450?4763319?
T:
ed521gs
323796132417093267677
T:
nistp256
2148791?3398611?3417844?
T:
surf2113
3801558?3833535?6114466?
T:
claus
3071649?4898998?4935906?
T:
sclaus2048
555473155558805557780
T:
nist521gs