VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Coffee Lake (906ea); 2018 Intel Xeon E-2124; 4 x 3300MHz; r24000, supercop-20240107

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
213292230723791
T:
kumjacfp127g
224372327924483
T:
jacfp127i
253472627527291
T:
prjfp127i
266882752928824
T:
hecfp127i
302843130232432
T:
jacfp128bk
357083658937459
T:
prjfp128bk
367713695237610
T:
gls254
363903708838324
T:
hecfp128i
375963839039397
T:
hecfp128fkt
382723872739262
T:
curve2251
378213880539712
T:
hecfp128bk
388363887438919
T:
gls254prot
426854356144947
T:
ecfp256e
452634585647911
T:
ecfp256h
458564588045914
T:
k277taa
485494937551014
T:
ecfp256q
488144945750185
T:
ecfp256s
522455234852503
T:
k298
530485355353630
T:
kummer
695157033671247
T:
gls1271
713067134071381
T:
k277mon
790977920979328
T:
kumfp127g
110376110439110502
T:
kumfp128g
125187125355125688
T:
curve25519
153372153559153834
T:
ed448goldilocks
176526178343179955
T:
sclaus1024
183940184483185112
T:
surf127eps
190061191047192285
T:
ecfp256i
245568245902246421
T:
nistp256
504969506701507782
T:
surf2113
808227808873810014
T:
ed521gs
886820892549899093
T:
sclaus2048
935405935687936144
T:
nist521gs
969477970536973562
T:
claus
Cycles to compute a shared secret
25%50%75%system
357613580335858
T:
gls254
386003864038682
T:
gls254prot
456094564245669
T:
k277taa
520705215752266
T:
k298
528835295753390
T:
kummer
712127124671290
T:
k277mon
813468144881558
T:
kumfp127g
828518292983004
T:
kumjacfp127g
873248739287472
T:
jacfp128bk
108225108348108491
T:
prjfp128bk
112260112403112601
T:
hecfp128bk
115568115615115684
T:
kumfp128g
116346116510116750
T:
hecfp128fkt
123798123911124029
T:
jacfp127i
134897135425135597
T:
curve25519
145421146169149742
T:
curve2251
165451165609165856
T:
prjfp127i
167050167180167321
T:
hecfp127i
170673174050176246
T:
gls1271
175614175770175958
T:
ecfp256e
175341179985180507
T:
sclaus1024
180559180907181315
T:
surf127eps
185298185449185642
T:
ecfp256q
185432185599185825
T:
ecfp256i
217677217875218118
T:
ecfp256h
240038240187240398
T:
ecfp256s
247900248083248308
T:
hecfp128i
455167455471455971
T:
ed448goldilocks
503377505046506138
T:
surf2113
599209599487599781
T:
nistp256
807576808079808961
T:
ed521gs
892871898036905848
T:
sclaus2048
935146935486935892
T:
nist521gs
963140964000966037
T:
claus