VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 4 (a60f12); 2023 AMD Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
256832768330685
T:
jacfp127i
260102801531271
T:
kumjacfp127g
290783104733323
T:
hecfp127i
316163168131820
T:
gls254prot
315283179932707
T:
gls254
303693206334418
T:
prjfp127i
343723575341416
T:
curve2251
352373678038990
T:
jacfp128bk
363553844541886
T:
hecfp128fkt
366193883241962
T:
hecfp128bk
377613936240857
T:
prjfp128bk
392294085942667
T:
hecfp128i
421674220942252
T:
kummer
425604260242639
T:
k277taa
485844867549845
T:
k298
603716039960443
T:
k277mon
790867913879187
T:
kumfp127g
101321101397101488
T:
curve25519
103998104059104130
T:
kumfp128g
139158139698140021
T:
surf127eps
156678156980157277
T:
ed448goldilocks
165693167275180636
T:
hector
196857198498200406
T:
sclaus1024
220433220745221103
T:
nistp256
338766340108341273
T:
surf2113
678060679483680997
T:
ed521gs
908430909373910453
T:
nist521gs
99840510043441010538
T:
sclaus2048
101519210164631024821
T:
claus
Cycles to compute a shared secret
25%50%75%system
299072994729983
T:
gls254
317433178031844
T:
gls254prot
421584219142247
T:
kummer
425204257442599
T:
k277taa
484194847848527
T:
k298
603456036760395
T:
k277mon
790017909979182
T:
jacfp128bk
812148121581261
T:
kumfp127g
821008226982522
T:
kumjacfp127g
930449323193415
T:
prjfp128bk
956869585395956
T:
hecfp128bk
994429958499681
T:
hecfp128fkt
108690108768108918
T:
kumfp128g
109404109463109610
T:
curve25519
120181120257120383
T:
jacfp127i
136449136554136873
T:
surf127eps
132337136704136918
T:
curve2251
149557149610149680
T:
prjfp127i
151527151635151725
T:
hecfp127i
199758200555201114
T:
sclaus1024
210431210563210669
T:
hecfp128i
335763336911338872
T:
surf2113
516389521585527367
T:
ed448goldilocks
567378569402581056
T:
hector
593193594469596397
T:
nistp256
670703671732672833
T:
ed521gs
906179907866909043
T:
nist521gs
98937510008541013056
T:
sclaus2048
101534610171421021692
T:
claus