VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen (800f11); 2017 AMD Ryzen 5 1600; 6 x 3200MHz; rumba5, supercop-20240716

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
293413054732580
T:
jacfp127i
299623132532878
T:
kumjacfp127g
299073146434097
T:
prjfp127i
337823553636900
T:
hecfp127i
376783898941005
T:
jacfp128bk
410214191046073
T:
curve2251
416114282244870
T:
hecfp128i
412534297945038
T:
hecfp128bk
417614314444967
T:
prjfp128bk
417184339445284
T:
hecfp128fkt
442484470945076
T:
gls254
447214490344938
T:
gls254prot
557485594556246
T:
k277taa
641536435464654
T:
k298
658296645167056
T:
gls1271
891628923889385
T:
k277mon
100720100894100952
T:
kummer
102856102924102990
T:
kumfp127g
134091134207134288
T:
kumfp128g
144538144604144625
T:
curve25519
200828201020201251
T:
ed448goldilocks
202089204142205982
T:
sclaus1024
274792274868274999
T:
nistp256
475772477516478315
T:
surf2113
956382957065958112
T:
ed521gs
9898659976591005208
T:
sclaus2048
119868312016921204819
T:
claus
Cycles to compute a shared secret
25%50%75%system
423024245642482
T:
gls254
446484482744867
T:
gls254prot
557395610356319
T:
k277taa
640866417764380
T:
k298
891078917789321
T:
k277mon
100873100874100878
T:
kummer
104300104352104411
T:
jacfp128bk
104347104416104493
T:
kumfp127g
106314106370106433
T:
kumjacfp127g
126796126906127002
T:
prjfp128bk
130010130129130255
T:
hecfp128bk
134657134795135074
T:
hecfp128fkt
139038139101139190
T:
kumfp128g
157210157392159067
T:
curve25519
159338160305160793
T:
curve2251
162690162976163181
T:
jacfp127i
162296167142168320
T:
gls1271
203520204095204503
T:
prjfp127i
199114205663207638
T:
sclaus1024
207263207460207800
T:
hecfp127i
285918286044286216
T:
hecfp128i
470197471902475183
T:
surf2113
582216584229586693
T:
ed448goldilocks
946974947273948584
T:
nistp256
955531956973958180
T:
ed521gs
100326710144341015331
T:
sclaus2048
119840612026021203542
T:
claus