VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 32nm (300f10); 2011 AMD A6-3650; 4 x 2600MHz; hydra4, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
289682911829429
T:
jacfp127i
314043163631857
T:
kumjacfp127g
336233382334061
T:
prjfp127i
348973529135666
T:
hecfp127i
459034642946922
T:
jacfp128bk
547045505155432
T:
prjfp128bk
548045510755474
T:
hecfp128fkt
548485518355594
T:
hecfp128bk
562665664557014
T:
hecfp128i
105346106669107790
T:
gls1271
118946118966118992
T:
kumfp127g
205308205336205420
T:
kumfp128g
214379214380214426
T:
curve25519
265808268583271352
T:
sclaus1024
299067299761299949
T:
ed448goldilocks
430847430855430957
T:
kummer
442515442588442737
T:
nistp256
730335733291735757
T:
surf2113
910279913800914963
T:
curve2251
126138412704251279482
T:
sclaus2048
149587614965501496954
T:
ed521gs
158422515872391590527
T:
claus
176762617686081771447
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
121605121607121613
T:
kumfp127g
123795123802123815
T:
kumjacfp127g
153344153431153469
T:
jacfp128bk
188894189008189026
T:
prjfp128bk
193285193335193409
T:
hecfp128bk
197320197348197483
T:
jacfp127i
200579200638200658
T:
hecfp128fkt
211534211536211543
T:
kumfp128g
214366214368214368
T:
curve25519
257499257541257567
T:
prjfp127i
252242257947261036
T:
gls1271
262209262287262333
T:
hecfp127i
267545273061276728
T:
sclaus1024
426548426598426714
T:
hecfp128i
430590430601430873
T:
kummer
728827731566734014
T:
surf2113
909394910026912047
T:
ed448goldilocks
913009913450913917
T:
curve2251
991221991230992191
T:
nistp256
125964412611881295799
T:
sclaus2048
149560814962271496649
T:
ed521gs
158446615871811588402
T:
claus
176740817680141770985
T:
nist521gs