VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 2 (830f10); 2019 AMD EPYC 7742; 64 x 2250MHz; rome0, supercop-20240909

[Page version: 20241001 17:31:03]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
27188?28301?34367?
T:
kumjacfp127g
290683030135826
T:
prjfp127i
291403098235024
T:
hecfp127i
27946?33033?35377?
T:
jacfp127i
326443477938320
T:
jacfp128bk
375063869739747
T:
prjfp128bk
378633964045820
T:
hecfp128fkt
386063987945613
T:
hecfp128bk
40821?43576?51470?
T:
curve2251
437044390144134
T:
gls254
438914390243911
T:
gls254prot
417924404646743
T:
hecfp128i
538885389653920
T:
k277taa
598676065361370
T:
gls1271
607416090960996
T:
kummer
633166337564977
T:
k298
821168219682318
T:
kumfp127g
860448604586045
T:
k277mon
109301109356109427
T:
kumfp128g
134910134963135307
T:
curve25519
158961159548160722
T:
ed448goldilocks
163066164508166220
T:
sclaus1024
237208237266237473
T:
nistp256
442098443831444756
T:
surf2113
805276806341813636
T:
ed521gs
848084854018859982
T:
sclaus2048
937701940610941809
T:
nist521gs
974700977071981092
T:
claus
Cycles to compute a shared secret
25%50%75%system
413994141041410
T:
gls254
438494386543882
T:
gls254prot
538515386553894
T:
k277taa
605186084761001
T:
kummer
632356325663288
T:
k298
836208362083620
T:
kumfp127g
846478468784831
T:
jacfp128bk
853818546585953
T:
kumjacfp127g
860018600186001
T:
k277mon
990559916599329
T:
prjfp128bk
102647102788102843
T:
hecfp128bk
106128106327106580
T:
hecfp128fkt
114852114912114941
T:
kumfp128g
130594130660130993
T:
jacfp127i
135083135239135453
T:
curve25519
148962149333154154
T:
gls1271
157186157587158015
T:
curve2251
159885160276160603
T:
prjfp127i
160522161771166459
T:
sclaus1024
163504163527163677
T:
hecfp127i
225693225754226413
T:
hecfp128i
441610443126443449
T:
surf2113
483635484431484723
T:
ed448goldilocks
598622599146599887
T:
nistp256
804476805525806520
T:
ed521gs
831294858816865363
T:
sclaus2048
941094952483955003
T:
nist521gs
975216976504978267
T:
claus