VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 2 (830f10); 2019 AMD EPYC 7742; 64 x 2250MHz; rome0, supercop-20240716

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
269282831529467
T:
prjfp127i
325273437236069
T:
jacfp128bk
26808?34625?36947?
T:
jacfp127i
307303496138295
T:
hecfp127i
323533517237872
T:
kumjacfp127g
355923704138893
T:
prjfp128bk
389154046147045
T:
hecfp128i
401784269647142
T:
hecfp128fkt
396364361947862
T:
hecfp128bk
435314379143980
T:
gls254
40767?43814?50982?
T:
curve2251
438894390543910
T:
gls254prot
539405394953963
T:
k277taa
606536066060948
T:
kummer
600736072561270
T:
gls1271
633096337365201
T:
k298
820858213582174
T:
kumfp127g
860378603786044
T:
k277mon
109242109297109356
T:
kumfp128g
135109135387136106
T:
curve25519
158365158614159922
T:
ed448goldilocks
163693165586167482
T:
sclaus1024
238297238670238956
T:
nistp256
448784451841452998
T:
surf2113
803985805012806344
T:
ed521gs
843667850548855344
T:
sclaus2048
938938940896944526
T:
nist521gs
975505978643982180
T:
claus
Cycles to compute a shared secret
25%50%75%system
414064142041434
T:
gls254
438344384743855
T:
gls254prot
539665397253977
T:
k277taa
606296098162624
T:
kummer
632216324063266
T:
k298
835658371083721
T:
kumfp127g
846018471584903
T:
jacfp128bk
854078545885502
T:
kumjacfp127g
875158751587515
T:
k277mon
990939911099148
T:
prjfp128bk
102540102705102745
T:
hecfp128bk
105865105955106008
T:
hecfp128fkt
114674114715114733
T:
kumfp128g
128196128319128912
T:
jacfp127i
135088135322135491
T:
curve25519
147888148095151993
T:
gls1271
157612157911158082
T:
curve2251
159507159562159697
T:
prjfp127i
163300163440163458
T:
hecfp127i
166130166905169036
T:
sclaus1024
225448225760225972
T:
hecfp128i
448830449208449271
T:
surf2113
480839483119484108
T:
ed448goldilocks
601239601671601963
T:
nistp256
803826805338811919
T:
ed521gs
845059845936855038
T:
sclaus2048
938850940545955247
T:
nist521gs
973603976103976711
T:
claus