VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Broadwell+AES (306d4); 2015 Intel Core i3-5005U; 2 x 1900MHz; shoe, supercop-20240425

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
244102488825379
T:
jacfp127i
257232602426388
T:
kumjacfp127g
283982896529542
T:
hecfp127i
288622947630099
T:
prjfp127i
322703293633622
T:
jacfp128bk
369703718337421
T:
gls254
375553822439013
T:
hecfp128i
378163836339167
T:
hecfp128bk
381253850139056
T:
hecfp128fkt
384233897639769
T:
prjfp128bk
396293974039861
T:
gls254prot
413724193243337
T:
curve2251
436604450145333
T:
ecfp256e
463204725049061
T:
ecfp256h
476914853550212
T:
ecfp256s
494014952349685
T:
k277taa
498235092552661
T:
ecfp256q
551255554556191
T:
k298
648676495265852
T:
kummer
759927683477603
T:
gls1271
768187685476889
T:
k277mon
901839026290340
T:
kumfp127g
128403128501128638
T:
kumfp128g
142911143003143108
T:
curve25519
157137157346157582
T:
ed448goldilocks
185648187404189148
T:
sclaus1024
197118197751198306
T:
surf127eps
200207201608205165
T:
ecfp256i
247845248002248269
T:
nistp256
519961521648523185
T:
surf2113
904136904674905239
T:
ed521gs
938628948848961791
T:
sclaus2048
990969991925992318
T:
claus
102112510216841022424
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
361173622036318
T:
gls254
395313963839777
T:
gls254prot
493724945149558
T:
k277taa
548705510755358
T:
k298
647726483665725
T:
kummer
766907670176746
T:
k277mon
874628763488332
T:
kumjacfp127g
926569276292921
T:
kumfp127g
964589655796666
T:
jacfp128bk
116624116742116862
T:
prjfp128bk
120428120542120678
T:
hecfp128bk
125043125217125374
T:
hecfp128fkt
133723133825134248
T:
kumfp128g
142754142840142940
T:
curve25519
154090154438155142
T:
curve2251
154625154777155187
T:
jacfp127i
184275184508188987
T:
prjfp127i
185549185677185836
T:
ecfp256e
186475186631186828
T:
hecfp127i
187237188187192767
T:
gls1271
182110188458190736
T:
sclaus1024
193089193205193361
T:
ecfp256q
194586195204195534
T:
surf127eps
196008196206196375
T:
ecfp256i
228602228775228925
T:
ecfp256h
248507248658248884
T:
ecfp256s
267689267864268076
T:
hecfp128i
467452468136478025
T:
ed448goldilocks
511592516078520980
T:
surf2113
628348628630628906
T:
nistp256
904772905073905606
T:
ed521gs
935068959919962244
T:
sclaus2048
986273987539988139
T:
claus
102079210212991021849
T:
nist521gs