VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 32nm (300f10); 2011 AMD A8-3850; 4 x 2900MHz; hydra5, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
300483024930523
T:
jacfp127i
328193302733327
T:
kumjacfp127g
350283520935443
T:
prjfp127i
354653564835991
T:
hecfp127i
490204947250057
T:
jacfp128bk
561735651156919
T:
prjfp128bk
562985658657016
T:
hecfp128i
563185672357306
T:
hecfp128bk
562375674457181
T:
hecfp128fkt
106768108250109640
T:
gls1271
120069120108120169
T:
kumfp127g
206545206589206683
T:
kumfp128g
214378214404214551
T:
curve25519
266294268855271033
T:
sclaus1024
308885309153309791
T:
ed448goldilocks
403957404774405001
T:
nistp256
414631414694415172
T:
kummer
706444709748710621
T:
surf2113
886030889520891300
T:
curve2251
124638112551181264933
T:
sclaus2048
150374315042471504630
T:
ed521gs
158328215866491589931
T:
claus
Cycles to compute a shared secret
25%50%75%system
121734121739121753
T:
kumfp127g
122802122807122831
T:
kumjacfp127g
152691152824153021
T:
jacfp128bk
188817188853189031
T:
prjfp128bk
193868193911194001
T:
hecfp128bk
197756197786197830
T:
jacfp127i
201099201116201249
T:
hecfp128fkt
212583212601212619
T:
kumfp128g
214364214382214414
T:
curve25519
257889258040258327
T:
prjfp127i
255829259293263179
T:
gls1271
263395263407263458
T:
hecfp127i
270827275514278970
T:
sclaus1024
414434414638414753
T:
kummer
428101428168428493
T:
hecfp128i
707714708542709148
T:
surf2113
889109889721890425
T:
curve2251
936174937667938764
T:
ed448goldilocks
125177912675621269013
T:
sclaus2048
139095313924221393088
T:
nistp256
150332215036501504090
T:
ed521gs
158083015878971590406
T:
claus