VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Ivy Bridge+AES (306a9); 2012 Intel Xeon E3-1275 V2; 4 x 3500MHz; hydra8, supercop-20241022

[Page version: 20241120 00:41:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
315113271734866
T:
jacfp127i
331903435936095
T:
kumjacfp127g
368303811439628
T:
hecfp127i
392694104043066
T:
prjfp127i
448224576346695
T:
jacfp128bk
524425322554259
T:
hecfp128i
518475328855332
T:
hecfp128bk
528785393955365
T:
hecfp128fkt
545815617658404
T:
prjfp128bk
575125880462523
T:
curve2251
734147469775731
T:
gls254
887008872588760
T:
kummer
947789588396649
T:
gls1271
120076120116120178
T:
kumfp127g
120421120451120975
T:
gls254prot
145091145156145481
T:
curve25519
165474165685165767
T:
kumfp128g
172637172684172778
T:
k277taa
180894181036181341
T:
k298
208141208368208691
T:
ed448goldilocks
233466234342234870
T:
surf127eps
256181256187256224
T:
k277mon
267361269623272335
T:
sclaus1024
275453285855298180
T:
hector
310686310972311395
T:
nistp256
595391597883599299
T:
surf2113
111159911121931113107
T:
ed521gs
136516813780181401986
T:
sclaus2048
160221216115211634236
T:
claus
Cycles to compute a shared secret
25%50%75%system
675426923971241
T:
gls254
884948852088554
T:
kummer
120289120434120626
T:
gls254prot
121836121877121919
T:
kumfp127g
124580124655124815
T:
jacfp128bk
126014126106126203
T:
kumjacfp127g
157018157176157364
T:
prjfp128bk
157299157343157401
T:
curve25519
161633161755161941
T:
hecfp128bk
167798167913168038
T:
hecfp128fkt
171212171348171475
T:
kumfp128g
172434172491172550
T:
k277taa
180595180687180810
T:
k298
190904191357192224
T:
jacfp127i
223674224389225094
T:
curve2251
230438231189231429
T:
surf127eps
237566238361242569
T:
gls1271
238621238854239305
T:
prjfp127i
245143245464245950
T:
hecfp127i
256095256102256151
T:
k277mon
267743271307278921
T:
sclaus1024
364749365035365369
T:
hecfp128i
587269596770597997
T:
surf2113
629856630027630216
T:
ed448goldilocks
923920928610935849
T:
hector
106252210634341064407
T:
nistp256
112312611241521125215
T:
ed521gs
136082413800401382383
T:
sclaus2048
160763916116681633559
T:
claus