VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Tremont (906c0); 2021 Intel Celeron N5105; 4 x 2000MHz; jasper3, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
370703807039273
T:
kumjacfp127g
372273810239144
T:
jacfp127i
429984354744839
T:
prjfp127i
442724490746325
T:
hecfp127i
498365005651414
T:
curve2251
513165208653116
T:
jacfp128bk
537525394054260
T:
gls254
552055528555377
T:
gls254prot
619566267364067
T:
hecfp128fkt
613266281465254
T:
prjfp128bk
619526382466070
T:
hecfp128bk
627286426266853
T:
hecfp128i
675736771467962
T:
k277taa
747207558476552
T:
k298
983609852198788
T:
k277mon
9849999789101011
T:
gls1271
153463154008154526
T:
kumfp127g
219047220566220986
T:
kumfp128g
239811239881239959
T:
curve25519
303911304519305232
T:
ed448goldilocks
319863320166320482
T:
kummer
326506330065333099
T:
sclaus1024
340808341142341417
T:
nistp256
597661600163601655
T:
surf2113
174173517428351745725
T:
ed521gs
176405317768921789235
T:
sclaus2048
197279519744631976676
T:
nist521gs
197031219776991992601
T:
claus
Cycles to compute a shared secret
25%50%75%system
528155288652988
T:
gls254
551415519755298
T:
gls254prot
674796757167675
T:
k277taa
733077456675859
T:
k298
982879840798608
T:
k277mon
156613157143157487
T:
kumfp127g
158919159056159228
T:
kumjacfp127g
159887160501160988
T:
jacfp128bk
192606193361194142
T:
curve2251
204504205046206101
T:
prjfp128bk
206377206646207292
T:
hecfp128bk
213182214192215262
T:
hecfp128fkt
226672227061227769
T:
kumfp128g
236434238889244333
T:
gls1271
239702239823239880
T:
curve25519
240750241131242014
T:
jacfp127i
312192312466312962
T:
prjfp127i
319792320251323555
T:
kummer
321507321968322613
T:
hecfp127i
330225333487333786
T:
sclaus1024
462290462781463787
T:
hecfp128i
592375594640599088
T:
surf2113
100303010034681007256
T:
ed448goldilocks
117736711779961178736
T:
nistp256
174410917455401746913
T:
ed521gs
177914817823251790927
T:
sclaus2048
196895819709501973106
T:
nist521gs
196325219757522000674
T:
claus