VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20241022

[Page version: 20241207 23:20:59]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
219802297324078
T:
jacfp127i
234372468526560
T:
kumjacfp127g
258392777031472
T:
prjfp127i
271732840030841
T:
hecfp127i
298133070234236
T:
jacfp128bk
368633726840973
T:
gls254
361473807341548
T:
prjfp128bk
373873841140361
T:
hecfp128bk
383293873642409
T:
curve2251
387343880242032
T:
gls254prot
376583882642526
T:
hecfp128i
376613894641303
T:
hecfp128fkt
457404579351976
T:
k277taa
503795062157068
T:
k298
527005336559186
T:
kummer
695527057572369
T:
gls1271
709727105677333
T:
k277mon
793817956886006
T:
kumfp127g
111166111301120775
T:
kumfp128g
125442127178137218
T:
curve25519
153043153629165768
T:
ed448goldilocks
177288181776196724
T:
sclaus1024
181486187201201290
T:
surf127eps
245657259948282411
T:
hector
261320268262284673
T:
nistp256
522418539823555996
T:
surf2113
848843861318884129
T:
ed521gs
912034934283979669
T:
sclaus2048
106517110795591114129
T:
claus
Cycles to compute a shared secret
25%50%75%system
356683573239415
T:
gls254
384783853741750
T:
gls254prot
454424548048824
T:
k277taa
499375005953936
T:
k298
533515349658722
T:
kummer
708297094877272
T:
k277mon
810388123487792
T:
kumfp127g
828458295683123
T:
kumjacfp127g
880668829095075
T:
jacfp128bk
108811109194118653
T:
prjfp128bk
111986112246118653
T:
hecfp128bk
115439115552125045
T:
kumfp128g
115980116332125690
T:
hecfp128fkt
124337124554136256
T:
jacfp127i
135276136793146270
T:
curve25519
143619147372157159
T:
curve2251
165671169258179871
T:
prjfp127i
167444171039181093
T:
hecfp127i
173805178420188659
T:
gls1271
177723183145195486
T:
surf127eps
177630184038196867
T:
sclaus1024
248607255135269208
T:
hecfp128i
471294481319500704
T:
ed448goldilocks
516705534970553873
T:
surf2113
848468862816885391
T:
ed521gs
846204872587904199
T:
hector
907532924778961206
T:
nistp256
926228945561973281
T:
sclaus2048
107126610847221117873
T:
claus