VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 2 (860f81); 2021 AMD Ryzen 3 5300U; 4 x 2600MHz; lucienne, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
220922333225454
T:
kumjacfp127g
237402499426963
T:
prjfp127i
241302554627228
T:
jacfp127i
249202622927964
T:
hecfp127i
297603130732875
T:
jacfp128bk
329173437936300
T:
prjfp128bk
336693503937163
T:
hecfp128fkt
336493506537244
T:
hecfp128bk
339663550437456
T:
hecfp128i
399074066442622
T:
curve2251
433244383244162
T:
gls254
438614386943957
T:
gls254prot
541385416054167
T:
k277taa
604396055960559
T:
kummer
598116057861224
T:
gls1271
638526388963983
T:
k298
821848232482542
T:
kumfp127g
865958659586612
T:
k277mon
109197109283109388
T:
kumfp128g
135307135341135384
T:
curve25519
159004159429159686
T:
ed448goldilocks
163463165400167069
T:
sclaus1024
236077237288238527
T:
nistp256
441293443814445173
T:
surf2113
805666807710814341
T:
ed521gs
846387852747859512
T:
sclaus2048
953103955144955951
T:
nist521gs
975897979555983671
T:
claus
Cycles to compute a shared secret
25%50%75%system
413034134141429
T:
gls254
438504388143892
T:
gls254prot
541135412854181
T:
k277taa
606336063360640
T:
kummer
637246375463794
T:
k298
836208362083620
T:
kumfp127g
843098439584481
T:
jacfp128bk
854008546985869
T:
kumjacfp127g
865678658386583
T:
k277mon
991809919399234
T:
prjfp128bk
102247102404102440
T:
hecfp128bk
105730105781106042
T:
hecfp128fkt
114880115063115141
T:
kumfp128g
128761128808129081
T:
jacfp127i
134930135245135285
T:
curve25519
147429148443148820
T:
gls1271
156921157017158144
T:
curve2251
159694159951160000
T:
prjfp127i
163054163260163446
T:
hecfp127i
163877166973169051
T:
sclaus1024
225614225882226122
T:
hecfp128i
431813443395443668
T:
surf2113
480077482514484451
T:
ed448goldilocks
598752599618600818
T:
nistp256
804435805465806768
T:
ed521gs
861379863562866346
T:
sclaus2048
939123943233955607
T:
nist521gs
978270979742984904
T:
claus