VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 2 (860f01); 2022 AMD Ryzen 5 4500U; 6 x 3600MHz; renoir, supercop-20240625

[Page version: 20240719 07:48:55]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
211762242424262
T:
jacfp127i
220372343024935
T:
kumjacfp127g
239722526427262
T:
prjfp127i
248572629628049
T:
hecfp127i
299623135433157
T:
jacfp128bk
330343458236450
T:
prjfp128bk
336323535637100
T:
hecfp128fkt
340573537137542
T:
hecfp128i
339303554137237
T:
hecfp128bk
399954084742928
T:
curve2251
422774247543239
T:
gls254
438494385943916
T:
gls254prot
536345365053674
T:
k277taa
595396024261015
T:
gls1271
605866066660717
T:
kummer
640146405064139
T:
k298
820898213282196
T:
kumfp127g
865988659886619
T:
k277mon
109156109228109375
T:
kumfp128g
134121134189134393
T:
curve25519
158233159645160040
T:
ed448goldilocks
164039165395167037
T:
sclaus1024
235874235994236404
T:
nistp256
441562443798444965
T:
surf2113
803575804380804907
T:
ed521gs
845498850252857263
T:
sclaus2048
937713938155938835
T:
nist521gs
975335978856981660
T:
claus
Cycles to compute a shared secret
25%50%75%system
413654139541396
T:
gls254
437324383143831
T:
gls254prot
536045361753622
T:
k277taa
604916050260891
T:
kummer
639356396663998
T:
k298
836208362084233
T:
kumfp127g
854288547086111
T:
kumjacfp127g
853428551485650
T:
jacfp128bk
865838658386584
T:
k277mon
990409917799198
T:
prjfp128bk
102592102691102803
T:
hecfp128bk
106149106237106358
T:
hecfp128fkt
114855114927114970
T:
kumfp128g
128275128332128413
T:
jacfp127i
134244134370134489
T:
curve25519
148018152654154438
T:
gls1271
157683157717157910
T:
curve2251
159648159821159876
T:
prjfp127i
163250163269163402
T:
hecfp127i
164060166825169296
T:
sclaus1024
225725225937226084
T:
hecfp128i
443893444257444444
T:
surf2113
480617484748485203
T:
ed448goldilocks
597004598620599698
T:
nistp256
803435804089805052
T:
ed521gs
847707849766869845
T:
sclaus2048
939487940418951499
T:
nist521gs
978281979939980241
T:
claus