VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Coffee Lake (906ea); 2018 Intel Xeon E-2124; 4 x 3300MHz; r24000, supercop-20241011

[Page version: 20241120 00:41:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
214232215323839
T:
jacfp127i
219492219223293
T:
kumjacfp127g
262882739928553
T:
prjfp127i
269272816629687
T:
hecfp127i
365143668937176
T:
gls254
380463846639601
T:
hecfp128i
385193855638614
T:
gls254prot
389223908039914
T:
curve2251
456794570945748
T:
k277taa
509485102451740
T:
kummer
516685174251841
T:
k298
710717110071145
T:
k277mon
708787176072539
T:
gls1271
805068059280670
T:
kumfp127g
111016111063111113
T:
kumfp128g
125247125505125679
T:
curve25519
152574152773153024
T:
ed448goldilocks
177265179944188810
T:
sclaus1024
264071264252264505
T:
nistp256
524869527590529530
T:
surf2113
810376810678811283
T:
ed521gs
898307907760924584
T:
sclaus2048
104904710525091055148
T:
claus
Cycles to compute a shared secret
25%50%75%system
357293577335811
T:
gls254
384143844538482
T:
gls254prot
454304545945483
T:
k277taa
506265067450733
T:
kummer
514735152751577
T:
k298
709837101171045
T:
k277mon
818138185981944
T:
kumfp127g
829658304283127
T:
kumjacfp127g
115241115299115366
T:
kumfp128g
124472124572124653
T:
jacfp127i
134866135222135440
T:
curve25519
144642144915145105
T:
curve2251
165457165597165843
T:
prjfp127i
167527167668167815
T:
hecfp127i
173772174180176113
T:
gls1271
176134181361187721
T:
sclaus1024
250038250212250401
T:
hecfp128i
467160469728470379
T:
ed448goldilocks
522707524346525966
T:
surf2113
810548810850811256
T:
ed521gs
898349900296927548
T:
sclaus2048
901052901389901926
T:
nistp256
105072710522411054723
T:
claus