VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bulldozer (600f20); 2012 AMD FX-8350; 4 x 4000MHz; saber214, supercop-20241022

[Page version: 20241207 23:20:59]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
468194766948380
T:
jacfp127i
486264974750630
T:
kumjacfp127g
536155447755532
T:
prjfp127i
538805476055884
T:
hecfp127i
677006835671951
T:
curve2251
691287007071237
T:
jacfp128bk
799618093382178
T:
prjfp128bk
809798164282470
T:
hecfp128i
809528168582876
T:
hecfp128fkt
812438203783082
T:
hecfp128bk
886158963190891
T:
gls254
103930104011104072
T:
gls254prot
114022115383116358
T:
gls1271
139821139845139892
T:
k277taa
157398157447157521
T:
k298
157880157934157981
T:
kumfp127g
174752174779174818
T:
curve25519
203058203059203064
T:
k277mon
204646204699205077
T:
kummer
257342257361257379
T:
kumfp128g
318596320078334500
T:
hector
357713358287358979
T:
ed448goldilocks
374365375738376421
T:
surf127eps
425750430602442374
T:
sclaus1024
524539526701527988
T:
nistp256
664260667107667927
T:
surf2113
174405417442221745689
T:
ed521gs
210951921238502136611
T:
sclaus2048
254106725487302557608
T:
claus
Cycles to compute a shared secret
25%50%75%system
826828501385134
T:
gls254
103873103927104042
T:
gls254prot
139804139836139905
T:
k277taa
157254157274157298
T:
k298
160261160262160292
T:
kumfp127g
160915161073161119
T:
kumjacfp127g
186698186700186726
T:
curve25519
197029197139197279
T:
jacfp128bk
197240197280197452
T:
kummer
203010203010203010
T:
k277mon
242192243556243646
T:
curve2251
245919246094246159
T:
prjfp128bk
252451252595252740
T:
hecfp128bk
262170262278262462
T:
hecfp128fkt
263728263928264070
T:
jacfp127i
267873267876268007
T:
kumfp128g
282567283120290978
T:
gls1271
355055355506355914
T:
prjfp127i
358070358814359326
T:
hecfp127i
372869373520373644
T:
surf127eps
428534437123444446
T:
sclaus1024
562058562262562556
T:
hecfp128i
662211664249664732
T:
surf2113
105824010627471079941
T:
hector
114194611423501144162
T:
ed448goldilocks
174363417437511743862
T:
ed521gs
185308418544181857847
T:
nistp256
213291721518762156732
T:
sclaus2048
254496025515562557230
T:
claus