VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen (800f11); 2017 AMD Ryzen 5 1600; 6 x 3200MHz; rumba5, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
291393057332646
T:
jacfp127i
301203136733300
T:
kumjacfp127g
297893154233839
T:
prjfp127i
341933569337259
T:
hecfp127i
376793926741302
T:
jacfp128bk
407224163944828
T:
curve2251
414414283645115
T:
hecfp128i
418374293645349
T:
hecfp128fkt
416474320644948
T:
prjfp128bk
417524326645668
T:
hecfp128bk
442484470945076
T:
gls254
447214490344938
T:
gls254prot
557485594556246
T:
k277taa
641536435464654
T:
k298
658296645167056
T:
gls1271
891628923889385
T:
k277mon
100738100929100932
T:
kummer
102824102909102984
T:
kumfp127g
134085134209134286
T:
kumfp128g
144323144338144367
T:
curve25519
186533187304187975
T:
surf127eps
200828201020201251
T:
ed448goldilocks
202089204142205982
T:
sclaus1024
205076214691227174
T:
hector
274718274873275246
T:
nistp256
475772477516478315
T:
surf2113
956382957065958112
T:
ed521gs
9898659976591005208
T:
sclaus2048
119868312016921204819
T:
claus
Cycles to compute a shared secret
25%50%75%system
423024245642482
T:
gls254
446484482744867
T:
gls254prot
557395610356319
T:
k277taa
640866417764380
T:
k298
891078917789321
T:
k277mon
100696100900100957
T:
kummer
104366104426104502
T:
kumfp127g
104490104558104613
T:
jacfp128bk
106326106381106449
T:
kumjacfp127g
126885127015127356
T:
prjfp128bk
129748129849129993
T:
hecfp128bk
134490134620134764
T:
hecfp128fkt
139054139107139179
T:
kumfp128g
157046157288158829
T:
curve25519
158172158773159199
T:
curve2251
162792162982163354
T:
jacfp127i
162296167142168320
T:
gls1271
182670183208184949
T:
surf127eps
203665203967204132
T:
prjfp127i
199114205663207638
T:
sclaus1024
207325207554208520
T:
hecfp127i
285894286278287270
T:
hecfp128i
470197471902475183
T:
surf2113
582216584229586693
T:
ed448goldilocks
742771743435754475
T:
hector
945412946020946586
T:
nistp256
955531956973958180
T:
ed521gs
100326710144341015331
T:
sclaus2048
119840612026021203542
T:
claus