VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Quad Q6600; 4 x 2404MHz; margaux, supercop-20240425

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
436534463845972
T:
jacfp127i
452204629147391
T:
kumjacfp127g
499235108852184
T:
prjfp127i
518535292754210
T:
hecfp127i
766807782678829
T:
jacfp128bk
836948467686118
T:
ecfp256e
867528739088688
T:
ecfp256h
892669056493270
T:
hecfp128bk
894459098992837
T:
prjfp128bk
897549110293687
T:
hecfp128fkt
903599169194447
T:
hecfp128i
909649203492985
T:
ecfp256s
950869606897267
T:
ecfp256q
126694128714132315
T:
gls1271
131291131921133912
T:
curve2251
180685180704180725
T:
kumfp127g
294237295562295625
T:
curve25519
316328316636317561
T:
kumfp128g
329601330195330774
T:
ed448goldilocks
396865398097400488
T:
ecfp256i
414405416265418509
T:
surf127eps
417294417337417590
T:
kummer
424478428599432171
T:
sclaus1024
511345512164512348
T:
nistp256
771266774310775910
T:
surf2113
170592317069941707292
T:
ed521gs
196090219612311962880
T:
nist521gs
214581621638832177143
T:
sclaus2048
253834825472172730436
T:
claus
Cycles to compute a shared secret
25%50%75%system
183233183250183281
T:
kumfp127g
187785188387188426
T:
kumjacfp127g
242948243081243203
T:
jacfp128bk
292131292338292525
T:
jacfp127i
294135294867294985
T:
curve25519
300088300195300286
T:
prjfp128bk
307332307421307597
T:
hecfp128bk
318425318573319256
T:
hecfp128fkt
317991321075333331
T:
gls1271
326729326733326754
T:
kumfp128g
371824372094372448
T:
ecfp256e
380973381248381414
T:
prjfp127i
386751386996387277
T:
ecfp256q
388730388920389001
T:
hecfp127i
394518394662394924
T:
ecfp256i
406669414724416829
T:
surf127eps
417268417328418426
T:
kummer
430598434671442107
T:
sclaus1024
463271463767464050
T:
ecfp256h
481642481928482259
T:
ecfp256s
551048555115555250
T:
curve2251
693954694677695278
T:
hecfp128i
771707774888775989
T:
surf2113
102764210318871038122
T:
ed448goldilocks
122689012269101226977
T:
nistp256
170818417088321709243
T:
ed521gs
195881419590501959291
T:
nist521gs
214445421683272228332
T:
sclaus2048
253091525459202736869
T:
claus