VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Tiger Lake (806c1); 2020 Intel Core i7-1165G7; 4 x 2800MHz; panther, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
194012073121813
T:
jacfp127i
208532189023489
T:
kumjacfp127g
226612370225428
T:
hecfp127i
240632516826914
T:
prjfp127i
298083029330948
T:
gls254
316153167931742
T:
gls254prot
308363186932958
T:
jacfp128bk
355683597836617
T:
curve2251
364273816841761
T:
prjfp128bk
383533841038462
T:
k277taa
366673864942506
T:
hecfp128i
374083895042377
T:
hecfp128bk
370813896442466
T:
hecfp128fkt
425294259342700
T:
k298
508455089550969
T:
kummer
550285509755186
T:
k277mon
623636314364329
T:
gls1271
792267946880229
T:
kumfp127g
116273116411116536
T:
kumfp128g
121095121202121360
T:
curve25519
143896144240144588
T:
ed448goldilocks
211230213005214651
T:
sclaus1024
223777224341225105
T:
nistp256
404074405594407264
T:
surf2113
794350796030798937
T:
ed521gs
965892970205973425
T:
nist521gs
105787210593661098173
T:
claus
107412910818861091358
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
288362888628937
T:
gls254
315353157731633
T:
gls254prot
383013836838456
T:
k277taa
422624232842380
T:
k298
507455078750839
T:
kummer
549365498655060
T:
k277mon
817478201682368
T:
kumfp127g
821048226082464
T:
kumjacfp127g
933549352093712
T:
jacfp128bk
111760112098112414
T:
prjfp128bk
114710114991115329
T:
hecfp128bk
118838119088119352
T:
hecfp128fkt
122413122534122658
T:
kumfp128g
122395122832123121
T:
jacfp127i
130067130184130300
T:
curve25519
139957140904141194
T:
curve2251
152996153302153848
T:
prjfp127i
154806155164155624
T:
hecfp127i
154704159190160572
T:
gls1271
212928213605214280
T:
sclaus1024
252317252734253173
T:
hecfp128i
413762415776417493
T:
surf2113
457180458130458838
T:
ed448goldilocks
575750577843579470
T:
nistp256
792081794098795993
T:
ed521gs
974077977812983194
T:
nist521gs
105389410550841094976
T:
claus
107400610885801091651
T:
sclaus2048