VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Sandy Bridge+AES (206a7); 2011 Intel Xeon E3-1225; 4 x 3100MHz; hydra7, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
316593193233072
T:
jacfp127i
333203379634433
T:
kumjacfp127g
388303955040523
T:
hecfp127i
386553963740771
T:
prjfp127i
462594687247481
T:
jacfp128bk
564185727258220
T:
hecfp128fkt
566605771958618
T:
prjfp128bk
570825780958771
T:
hecfp128bk
569325783158879
T:
hecfp128i
603476070262522
T:
curve2251
789528020181665
T:
gls254
895158956989625
T:
kummer
103854105354106467
T:
gls1271
121367121542121727
T:
kumfp127g
126891126931127068
T:
gls254prot
147092147216147351
T:
curve25519
178411178502178607
T:
k277taa
185353185493185591
T:
kumfp128g
267130267228267306
T:
k277mon
288607292151313040
T:
sclaus1024
405864406015406478
T:
nistp256
632658636941639648
T:
surf2113
121340512151051218640
T:
ed521gs
145530414655371475118
T:
sclaus2048
171480817173621720663
T:
claus
Cycles to compute a shared secret
25%50%75%system
708317585476465
T:
gls254
893138935389392
T:
kummer
123438123661123854
T:
kumfp127g
126785126830126859
T:
gls254prot
130599130747130837
T:
kumjacfp127g
140342140467140600
T:
jacfp128bk
158883159074159175
T:
curve25519
178498178551178656
T:
k277taa
178700178927179201
T:
prjfp128bk
183379183549183766
T:
hecfp128bk
189752189931190161
T:
hecfp128fkt
191830191936192036
T:
kumfp128g
200548200807201128
T:
jacfp127i
230553231107231467
T:
curve2251
252786255275262891
T:
gls1271
260527261388277345
T:
prjfp127i
266249266648267126
T:
hecfp127i
267161267204267243
T:
k277mon
288900292736320958
T:
sclaus1024
414857425112432783
T:
hecfp128i
629744631473632483
T:
surf2113
122366512244861244213
T:
ed521gs
141025114114481412425
T:
nistp256
146324114722551475607
T:
sclaus2048
171073317141171716186
T:
claus