VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Ivy Bridge+AES (306a9); 2012 Intel Xeon E3-1275 V2; 4 x 3500MHz; hydra8, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
307493144533999
T:
kumjacfp127g
330983442835431
T:
jacfp127i
375193952542752
T:
hecfp127i
392724101143146
T:
prjfp127i
433654472146451
T:
jacfp128bk
512545246954879
T:
hecfp128bk
514235289954939
T:
hecfp128fkt
523405324754138
T:
hecfp128i
519875419257489
T:
prjfp128bk
571685763260785
T:
curve2251
742057561376581
T:
gls254
886838871888745
T:
kummer
961699727298131
T:
gls1271
120060120110120181
T:
kumfp127g
120484120569120828
T:
gls254prot
145565145616145677
T:
curve25519
164815165045165188
T:
kumfp128g
172606172655172735
T:
k277taa
180657180711180924
T:
k298
208277208489208744
T:
ed448goldilocks
255692255699255716
T:
k277mon
267335270062272186
T:
sclaus1024
310826311212315223
T:
nistp256
595075597384598057
T:
surf2113
111137411117711112848
T:
ed521gs
135819213679931379135
T:
sclaus2048
159706316008371604809
T:
claus
Cycles to compute a shared secret
25%50%75%system
671756756569110
T:
gls254
884668849088522
T:
kummer
120433120535120593
T:
gls254prot
121850121893121941
T:
kumfp127g
124871124968125074
T:
jacfp128bk
126013126064126163
T:
kumjacfp127g
156806156873157371
T:
curve25519
157968158105158253
T:
prjfp128bk
161608161756161904
T:
hecfp128bk
167514167602167755
T:
hecfp128fkt
170435170754170865
T:
kumfp128g
172436172479172527
T:
k277taa
180481180523180616
T:
k298
190964191515193129
T:
jacfp127i
223296223530225075
T:
curve2251
235398238009240547
T:
gls1271
238401238666239061
T:
prjfp127i
245304245616246013
T:
hecfp127i
255628255633255647
T:
k277mon
269827271094273150
T:
sclaus1024
364877365114365477
T:
hecfp128i
595431595928597742
T:
surf2113
629984630397631125
T:
ed448goldilocks
106421610657311073917
T:
nistp256
112473311251161125778
T:
ed521gs
137238113732731400261
T:
sclaus2048
160057316048461606069
T:
claus