VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 2 (860f81); 2021 AMD Ryzen 3 5300U; 4 x 2600MHz; lucienne, supercop-20241011

[Page version: 20241014 13:34:00]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
211052208624258
T:
kumjacfp127g
209812260824029
T:
jacfp127i
239082525826985
T:
prjfp127i
245302587827728
T:
hecfp127i
338623492037428
T:
ecfp256e
339963520837178
T:
hecfp128i
343543559439458
T:
ecfp256h
387324014544222
T:
ecfp256q
398374047242383
T:
curve2251
434754388944087
T:
gls254
438764393243947
T:
gls254prot
535845359753633
T:
k277taa
601646073961377
T:
gls1271
607516092360974
T:
kummer
638496389964023
T:
k298
821288217682238
T:
kumfp127g
865988659986612
T:
k277mon
109437109551109650
T:
kumfp128g
135033135535136484
T:
curve25519
152954153826154791
T:
ecfp256i
159405159673160855
T:
ed448goldilocks
163188164663166258
T:
sclaus1024
237211237479237706
T:
nistp256
441564443944444891
T:
surf2113
804494805309806157
T:
ed521gs
849004853493859877
T:
sclaus2048
940360941405942523
T:
nist521gs
975235977809980843
T:
claus
Cycles to compute a shared secret
25%50%75%system
412554139641423
T:
gls254
437644376443766
T:
gls254prot
535755358653592
T:
k277taa
608936105661452
T:
kummer
637156375063789
T:
k298
836628408184154
T:
kumfp127g
853548545185886
T:
kumjacfp127g
865678658486584
T:
k277mon
114700114733114846
T:
kumfp128g
128315128426128528
T:
jacfp127i
134844135264135447
T:
curve25519
139864139894140031
T:
ecfp256e
147435147521147531
T:
ecfp256i
146515148929152362
T:
gls1271
150105150121150255
T:
ecfp256q
156289157496157551
T:
curve2251
159645159857160062
T:
prjfp127i
163084163320163469
T:
hecfp127i
166378166636168229
T:
sclaus1024
171523171610171765
T:
ecfp256h
225513225823226245
T:
hecfp128i
441819441925442054
T:
surf2113
483101483997484445
T:
ed448goldilocks
597164599158599887
T:
nistp256
804312805148805773
T:
ed521gs
846061853407860932
T:
sclaus2048
941434950325953808
T:
nist521gs
976367977898978441
T:
claus