VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Ivy Bridge+AES (306a9); 2012 Intel Core i5-3427U; 2 x 1800MHz; hunsnivy, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
293572978730266
T:
jacfp127i
299053054831301
T:
kumjacfp127g
330263356234131
T:
prjfp127i
339863442034865
T:
hecfp127i
404044088241461
T:
jacfp128bk
481504863949458
T:
prjfp128bk
487094905549773
T:
hecfp128bk
486224918349824
T:
hecfp128fkt
487534938349832
T:
hecfp128i
572155788459648
T:
curve2251
738587508376384
T:
gls254
887038890989080
T:
kummer
954139671197527
T:
gls1271
106233106474106718
T:
gls254prot
116424116641116894
T:
kumfp127g
144909144949145014
T:
curve25519
164180164467165130
T:
kumfp128g
176453176577176834
T:
k277taa
181050181344182022
T:
k298
209909210306210974
T:
ed448goldilocks
257273257502258560
T:
k277mon
266747269653272409
T:
sclaus1024
307367309132309487
T:
nistp256
578963581360583233
T:
surf2113
109180110941821097029
T:
ed521gs
126186612650161268858
T:
nist521gs
139355514164801429444
T:
sclaus2048
159757916023231606721
T:
claus
Cycles to compute a shared secret
25%50%75%system
680287036371698
T:
gls254
884848867288785
T:
kummer
106305106621106909
T:
gls254prot
119032119379119690
T:
kumfp127g
124246124439124824
T:
jacfp128bk
126151126222126304
T:
kumjacfp127g
156954157385157498
T:
curve25519
157645157951158534
T:
prjfp128bk
163513163743164343
T:
hecfp128bk
167189167345167827
T:
hecfp128fkt
170934171221171891
T:
kumfp128g
176405176489177011
T:
k277taa
180743181054181525
T:
k298
190854191455193817
T:
jacfp127i
223900224653225092
T:
curve2251
232000233211234645
T:
gls1271
238473238772239145
T:
prjfp127i
245388246109247240
T:
hecfp127i
257340257679258463
T:
k277mon
267050273159274325
T:
sclaus1024
366093367539369212
T:
hecfp128i
574975576402577067
T:
surf2113
630008630710632340
T:
ed448goldilocks
780353782634785005
T:
nistp256
109247310942501096993
T:
ed521gs
126206612642631267217
T:
nist521gs
138564314180171430753
T:
sclaus2048
159378815989971605659
T:
claus