VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20241011

[Page version: 20241021 10:27:55]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
208272127623371
T:
jacfp127i
225992399025796
T:
kumjacfp127g
244942608027649
T:
prjfp127i
269522802129992
T:
hecfp127i
368633726840973
T:
gls254
382503870842913
T:
curve2251
387343880242032
T:
gls254prot
371613888742286
T:
hecfp128i
457404579351976
T:
k277taa
503795062157068
T:
k298
527005336559186
T:
kummer
695527057572369
T:
gls1271
709727105677333
T:
k277mon
794397964689175
T:
kumfp127g
111768111946121455
T:
kumfp128g
125442127178137218
T:
curve25519
153043153629165768
T:
ed448goldilocks
177288181776196724
T:
sclaus1024
261320268262284673
T:
nistp256
522418539823555996
T:
surf2113
848843861318884129
T:
ed521gs
912034934283979669
T:
sclaus2048
106517110795591114129
T:
claus
Cycles to compute a shared secret
25%50%75%system
356683573239415
T:
gls254
384783853741750
T:
gls254prot
454424548048824
T:
k277taa
499375005953936
T:
k298
533515349658722
T:
kummer
708297094877272
T:
k277mon
810418121187905
T:
kumfp127g
828638296485717
T:
kumjacfp127g
115992116164124131
T:
kumfp128g
124375124518131129
T:
jacfp127i
135276136793146270
T:
curve25519
144170144494151544
T:
curve2251
165361165762175303
T:
prjfp127i
167564174151184442
T:
hecfp127i
173805178420188659
T:
gls1271
177630184038196867
T:
sclaus1024
248428255119268809
T:
hecfp128i
471294481319500704
T:
ed448goldilocks
516705534970553873
T:
surf2113
848468862816885391
T:
ed521gs
907532924778961206
T:
nistp256
926228945561973281
T:
sclaus2048
107126610847221117873
T:
claus