VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; K10 32nm (300f10); 2011 AMD A8-3850; 4 x 2900MHz; hydra5, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
300093022730506
T:
jacfp127i
326143279233019
T:
kumjacfp127g
348653509435368
T:
prjfp127i
354343564335936
T:
hecfp127i
492974974650288
T:
jacfp128bk
561685649956882
T:
hecfp128bk
562155654756965
T:
hecfp128fkt
570235742457906
T:
prjfp128bk
573475766758205
T:
hecfp128i
105628106900108192
T:
gls1271
120080120103120172
T:
kumfp127g
206801206857206951
T:
kumfp128g
214384214387214436
T:
curve25519
267970270204272872
T:
sclaus1024
307698308427308798
T:
ed448goldilocks
404065404237409592
T:
nistp256
414264414361415057
T:
kummer
706038709489710440
T:
surf2113
886395888659890882
T:
curve2251
124629912561651266924
T:
sclaus2048
150354615041281504567
T:
ed521gs
158313815861981589219
T:
claus
Cycles to compute a shared secret
25%50%75%system
121740121744121770
T:
kumfp127g
122801122805122814
T:
kumjacfp127g
152113152468152575
T:
jacfp128bk
188029188337188386
T:
prjfp128bk
193861193892193938
T:
hecfp128bk
197786197935197975
T:
jacfp127i
201067201116201151
T:
hecfp128fkt
211991212005212014
T:
kumfp128g
214365214368214372
T:
curve25519
257923258035258079
T:
prjfp127i
260163262448263755
T:
gls1271
263341263360263397
T:
hecfp127i
273122273573275812
T:
sclaus1024
414275414284414998
T:
kummer
426686426808426849
T:
hecfp128i
705200706047708132
T:
surf2113
881560888879889318
T:
curve2251
937654938114938463
T:
ed448goldilocks
125143812730441279746
T:
sclaus2048
139209213923121393264
T:
nistp256
150332215035541504014
T:
ed521gs
158581915862881592899
T:
claus