VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bulldozer (600f20); 2012 AMD FX-8350; 4 x 4000MHz; saber214, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
468004749448503
T:
jacfp127i
482394900749920
T:
kumjacfp127g
538005452055370
T:
hecfp127i
536675463455905
T:
prjfp127i
677016852571576
T:
curve2251
693117034971252
T:
jacfp128bk
802388119682317
T:
prjfp128bk
808458175882996
T:
hecfp128fkt
811438206983242
T:
hecfp128bk
812958215983235
T:
hecfp128i
885928932290494
T:
gls254
103349103381103448
T:
gls254prot
115039116264117801
T:
gls1271
139850139884139927
T:
k277taa
157407157442157532
T:
k298
157880157937158053
T:
kumfp127g
174782174836175803
T:
curve25519
197741197785201217
T:
kummer
203060203087203325
T:
k277mon
257346257362257391
T:
kumfp128g
356471357288358016
T:
ed448goldilocks
424024428476432145
T:
sclaus1024
523583524277525243
T:
nistp256
664289667072667878
T:
surf2113
174412217442921745681
T:
ed521gs
209645821128472133524
T:
sclaus2048
254576425537932561963
T:
claus
Cycles to compute a shared secret
25%50%75%system
820268261883818
T:
gls254
103209103236103239
T:
gls254prot
139877139881139900
T:
k277taa
157255157286157312
T:
k298
160261160262160272
T:
kumfp127g
161041161106161181
T:
kumjacfp127g
186708186712187202
T:
curve25519
196849197005197178
T:
jacfp128bk
197671197688201145
T:
kummer
203008203010203010
T:
k277mon
240652242158243167
T:
curve2251
247465247552247677
T:
prjfp128bk
252337252477252579
T:
hecfp128bk
262215262244262363
T:
hecfp128fkt
263893264036264320
T:
jacfp127i
267873267886267924
T:
kumfp128g
278054280548285724
T:
gls1271
355080355147355269
T:
prjfp127i
358285358321358605
T:
hecfp127i
418054423624435572
T:
sclaus1024
562655562834562932
T:
hecfp128i
663716664329666976
T:
surf2113
114193511421421142265
T:
ed448goldilocks
174359317436251743874
T:
ed521gs
186088818659131869770
T:
nistp256
210957621231182148335
T:
sclaus2048
255156425550812565176
T:
claus