VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
227582375026510
T:
jacfp127i
225542429227053
T:
kumjacfp127g
248362619628359
T:
prjfp127i
271052869033028
T:
hecfp127i
298973052233701
T:
jacfp128bk
367143700038252
T:
gls254
382483851841916
T:
curve2251
377103868640772
T:
hecfp128i
387383878741926
T:
gls254prot
370793888541593
T:
prjfp128bk
386373949641925
T:
hecfp128bk
384033958241938
T:
hecfp128fkt
457144578252115
T:
k277taa
503255046054340
T:
k298
530255314156484
T:
kummer
697327046672085
T:
gls1271
709647105977462
T:
k277mon
794007959486274
T:
kumfp127g
111181111302120863
T:
kumfp128g
125446126809132830
T:
curve25519
153708157111168716
T:
ed448goldilocks
177553182782195036
T:
sclaus1024
263375270325286298
T:
nistp256
521903537401552149
T:
surf2113
846296857762883510
T:
ed521gs
912525936387967165
T:
sclaus2048
106527010833871125070
T:
claus
Cycles to compute a shared secret
25%50%75%system
356943575835867
T:
gls254
384843852241780
T:
gls254prot
454374549248776
T:
k277taa
499075003553450
T:
k298
539465405454280
T:
kummer
708837097477453
T:
k277mon
810658122087734
T:
kumfp127g
827168288389502
T:
kumjacfp127g
880208820094756
T:
jacfp128bk
107484107635114508
T:
prjfp128bk
112050112313119930
T:
hecfp128bk
115454115537125057
T:
kumfp128g
115962116217123258
T:
hecfp128fkt
124621126280138609
T:
jacfp127i
135510136306143310
T:
curve25519
144034144233151180
T:
curve2251
166202166556176353
T:
prjfp127i
167361170720177930
T:
hecfp127i
171897176143182673
T:
gls1271
180492184640197895
T:
sclaus1024
248599255377272143
T:
hecfp128i
471748484881500728
T:
ed448goldilocks
519795537012549821
T:
surf2113
839702857045881635
T:
ed521gs
919180931677966315
T:
nistp256
924147941582970464
T:
sclaus2048
106199210832801111084
T:
claus