VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 32nm (300f10); 2011 AMD A6-3650; 4 x 2600MHz; hydra4, supercop-20250307

[Page version: 20250403 08:57:19]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
288722906329340
T:
jacfp127i
309283134131896
T:
kumjacfp127g
335893381334081
T:
prjfp127i
349323527235686
T:
hecfp127i
475284795248452
T:
jacfp128bk
546925505255444
T:
prjfp128bk
548005510555498
T:
hecfp128fkt
548125516255511
T:
hecfp128bk
562775664157072
T:
hecfp128i
693597065171944
T:
ecfp256e
730147424575572
T:
ecfp256s
735807450275819
T:
ecfp256h
759867765279020
T:
ecfp256q
105495106578107763
T:
gls1271
118916118938119001
T:
kumfp127g
205297205323205390
T:
kumfp128g
206646207557208389
T:
sclaus1024
214578214580214614
T:
curve25519
261769263739265327
T:
ecfp256i
281090282290282674
T:
surf127eps
299102299802305303
T:
ed448goldilocks
337057344595361858
T:
hector
430784430849430954
T:
kummer
442600442682442953
T:
nistp256
731849733403735673
T:
surf2113
909938913215914708
T:
curve2251
970120974922977462
T:
sclaus2048
135337713550601356923
T:
claus
149599014965271497070
T:
ed521gs
176929117708611771587
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
121609121611121639
T:
kumfp127g
123793123798123816
T:
kumjacfp127g
152194152205152277
T:
jacfp128bk
188798188936188989
T:
prjfp128bk
193304193323193363
T:
hecfp128bk
197335197394197500
T:
jacfp127i
200565200611200657
T:
hecfp128fkt
211530211532211553
T:
kumfp128g
214541214564214566
T:
curve25519
250948250980251128
T:
ecfp256e
257491257524257594
T:
prjfp127i
254923258651261201
T:
gls1271
259046259146259219
T:
ecfp256q
261925262020262119
T:
ecfp256i
262226262264262314
T:
hecfp127i
266585270322277430
T:
sclaus1024
280130280256280369
T:
surf127eps
318828318895319009
T:
ecfp256s
320870320911321006
T:
ecfp256h
426640426690426717
T:
hecfp128i
430617430806430812
T:
kummer
728147730985733945
T:
surf2113
909414910008910297
T:
ed448goldilocks
906646911932914948
T:
curve2251
991212991226992101
T:
nistp256
115676411628571169170
T:
hector
125062712791071287416
T:
sclaus2048
149559814957451496395
T:
ed521gs
157820315874431588113
T:
claus
176755217689261770216
T:
nist521gs