VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 4 (a60f12); 2023 AMD Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20240716

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
240562576328284
T:
kumjacfp127g
252812661328115
T:
jacfp127i
280112903430408
T:
hecfp127i
280362974531441
T:
prjfp127i
311233131732058
T:
gls254
315393160631697
T:
gls254prot
320753338634906
T:
jacfp128bk
343063526839184
T:
curve2251
350433676338325
T:
hecfp128i
362003775139772
T:
prjfp128bk
365853832439817
T:
hecfp128fkt
372233861839851
T:
hecfp128bk
420794211942175
T:
kummer
422984233842371
T:
k277taa
482314832549223
T:
k298
562015696657785
T:
gls1271
634966353663581
T:
k277mon
789097899479080
T:
kumfp127g
101232101335101431
T:
curve25519
104333104411104512
T:
kumfp128g
158767159096159416
T:
ed448goldilocks
196234198345199932
T:
sclaus1024
243256244192244552
T:
nistp256
338902340504342175
T:
surf2113
742599745189760789
T:
ed521gs
99845310059601012725
T:
sclaus2048
101553310173081019514
T:
claus
Cycles to compute a shared secret
25%50%75%system
298102989529941
T:
gls254
316233166931769
T:
gls254prot
420574210442138
T:
kummer
422404224142358
T:
k277taa
479204797548119
T:
k298
634066340763455
T:
k277mon
788537891179027
T:
jacfp128bk
812248131381392
T:
kumfp127g
825888271682738
T:
kumjacfp127g
933939349793704
T:
prjfp128bk
961589644096597
T:
hecfp128bk
99515100114100499
T:
hecfp128fkt
109184109228109261
T:
kumfp128g
109354109438109569
T:
curve25519
120247120310120361
T:
jacfp127i
125407128290130668
T:
gls1271
136498136601136693
T:
curve2251
149651149737149800
T:
prjfp127i
152106152202152347
T:
hecfp127i
195926199582200152
T:
sclaus1024
210661210743210981
T:
hecfp128i
338173339692343379
T:
surf2113
526705528334529397
T:
ed448goldilocks
696479699460726883
T:
nistp256
743262744434751747
T:
ed521gs
100783710111511019447
T:
sclaus2048
101076810114521012662
T:
claus