VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 32nm (300f10); 2011 AMD A6-3650; 4 x 2600MHz; hydra4, supercop-20241022

[Page version: 20241207 23:20:59]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
288432901529304
T:
jacfp127i
313333153031752
T:
kumjacfp127g
336273382734123
T:
prjfp127i
353623578936173
T:
hecfp127i
459224642146835
T:
jacfp128bk
545935490655334
T:
prjfp128bk
547995512655589
T:
hecfp128fkt
548885519955602
T:
hecfp128bk
548785522055629
T:
hecfp128i
693467048272078
T:
ecfp256e
729377429875469
T:
ecfp256s
736107463975969
T:
ecfp256h
759127767279176
T:
ecfp256q
105346106669107790
T:
gls1271
118932118961119014
T:
kumfp127g
205319205354205399
T:
kumfp128g
214577214582214605
T:
curve25519
261729262963264470
T:
ecfp256i
265808268583271352
T:
sclaus1024
280829281815282250
T:
surf127eps
299067299761299949
T:
ed448goldilocks
336483339571354860
T:
hector
430844430869431005
T:
kummer
442515442588442737
T:
nistp256
730335733291735757
T:
surf2113
910279913800914963
T:
curve2251
126138412704251279482
T:
sclaus2048
149587614965501496954
T:
ed521gs
158422515872391590527
T:
claus
176762617686081771447
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
121610121621121637
T:
kumfp127g
123796123799123809
T:
kumjacfp127g
153246153353153442
T:
jacfp128bk
188727188974189129
T:
prjfp128bk
193250193280193333
T:
hecfp128bk
197280197338197370
T:
jacfp127i
200597200615200654
T:
hecfp128fkt
211577211587211601
T:
kumfp128g
214554214555214566
T:
curve25519
250945250998251135
T:
ecfp256e
257505257548257609
T:
prjfp127i
252242257947261036
T:
gls1271
258988259058259185
T:
ecfp256q
261908261978261995
T:
ecfp256i
262022262052262109
T:
hecfp127i
267545273061276728
T:
sclaus1024
277567280137280564
T:
surf127eps
318873318905319040
T:
ecfp256s
320892322154322221
T:
ecfp256h
427449427504427574
T:
hecfp128i
430810430819430863
T:
kummer
728827731566734014
T:
surf2113
909394910026912047
T:
ed448goldilocks
913009913450913917
T:
curve2251
991221991230992191
T:
nistp256
114943111521431175628
T:
hector
125964412611881295799
T:
sclaus2048
149560814962271496649
T:
ed521gs
158446615871811588402
T:
claus
176740817680141770985
T:
nist521gs