VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 4 (a60f12); 2023 AMD Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20250415

[Page version: 20250425 10:21:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
243322616828432
T:
kumjacfp127g
256912712528547
T:
jacfp127i
280642942631301
T:
prjfp127i
286803008131734
T:
hecfp127i
309753122931820
T:
gls254
316213163831702
T:
gls254prot
304273196735546
T:
ecfp256e
320073342834578
T:
jacfp128bk
342063551639231
T:
curve2251
351223748843740
T:
ecfp256s
361853764339160
T:
prjfp128bk
365033810939887
T:
hecfp128fkt
364163821939769
T:
hecfp128bk
367493845440394
T:
hecfp128i
36396?39450?45876?
T:
ecfp256q
425464255942586
T:
kummer
426034265142700
T:
k277taa
484984863749706
T:
k298
603736038860416
T:
k277mon
790937915679233
T:
kumfp127g
101273101369101503
T:
curve25519
104050104110104181
T:
kumfp128g
144063144884145782
T:
ecfp256i
157488158314158686
T:
ed448goldilocks
162987163814165037
T:
ecfp256h
197408198267198534
T:
nistp256
211935214316217601
T:
sclaus1024
678248679535681063
T:
ed521gs
881237882215883408
T:
nist521gs
101507310163581024716
T:
claus
109122910993711108542
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
299072995029991
T:
gls254
314893166431765
T:
gls254prot
425144253442550
T:
kummer
425224254542607
T:
k277taa
483154838448485
T:
k298
603506036560390
T:
k277mon
785857863778715
T:
jacfp128bk
812148121481232
T:
kumfp127g
822688229582723
T:
kumjacfp127g
931749347793536
T:
prjfp128bk
958179598496184
T:
hecfp128bk
994349963299832
T:
hecfp128fkt
108770108816108855
T:
kumfp128g
109415109431109524
T:
curve25519
120157120223120298
T:
jacfp127i
130120130210130306
T:
ecfp256e
135247136737136840
T:
curve2251
139456139580139629
T:
ecfp256i
143004143097143140
T:
ecfp256q
149561149621149724
T:
prjfp127i
151536151619151734
T:
hecfp127i
157595157665157717
T:
ecfp256h
199504199765199832
T:
ecfp256s
210590210750210876
T:
hecfp128i
220691222197224817
T:
sclaus1024
525823529987533106
T:
ed448goldilocks
539208539834540602
T:
nistp256
672802673934676524
T:
ed521gs
883216885238886601
T:
nist521gs
101321610151431022050
T:
claus
111268811165551120527
T:
sclaus2048