VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Tremont (906c0); 2021 Intel Pentium Silver N6000; 4 x 1100MHz; jasper, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
348413544436290
T:
jacfp127i
365703707837965
T:
kumjacfp127g
425054307443783
T:
hecfp127i
428724328244103
T:
prjfp127i
501055074651622
T:
curve2251
510275155952161
T:
jacfp128bk
536855383854060
T:
gls254
554885557155647
T:
gls254prot
604806112061702
T:
hecfp128fkt
606626129762933
T:
prjfp128bk
605866150963347
T:
hecfp128i
602706156763130
T:
hecfp128bk
677706790968115
T:
k277taa
742937509276054
T:
k298
969749716897411
T:
k277mon
99478100575101627
T:
gls1271
153524153602153709
T:
kumfp127g
219075220532220926
T:
kumfp128g
244586245569245961
T:
curve25519
303720304249304803
T:
ed448goldilocks
320053320338320651
T:
kummer
326798329972332672
T:
sclaus1024
345167345931346176
T:
nistp256
599832601903603600
T:
surf2113
174597917475271749282
T:
ed521gs
176035317700721785313
T:
sclaus2048
196840619742461978469
T:
claus
197745419796961981052
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
529295300053099
T:
gls254
552395533055392
T:
gls254prot
675636767067762
T:
k277taa
730787368074448
T:
k298
970299717897386
T:
k277mon
156969157054157179
T:
kumfp127g
158922159044159188
T:
kumjacfp127g
161466161947162519
T:
jacfp128bk
193098193257193409
T:
curve2251
201101201587202245
T:
prjfp128bk
205678206226206874
T:
hecfp128bk
214048214488215042
T:
hecfp128fkt
226674227046227288
T:
kumfp128g
239731239948240113
T:
curve25519
240175240631241132
T:
jacfp127i
234458242697246078
T:
gls1271
312439312655313177
T:
prjfp127i
319704320055320301
T:
kummer
321060321729322196
T:
hecfp127i
326077332113336850
T:
sclaus1024
462350462716463657
T:
hecfp128i
597293599109601622
T:
surf2113
100318910035771004142
T:
ed448goldilocks
118629111874291188306
T:
nistp256
174723717486581750450
T:
ed521gs
174850717792131784960
T:
sclaus2048
197291719752081977447
T:
nist521gs
197103019757031984563
T:
claus