VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 3 (a20f10); 2020 AMD Ryzen 5 5600X; 6 x 3700MHz; unstable; spawn, supercop-20231215

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
200172160823051
T:
jacfp127i
211272227423273
T:
kumjacfp127g
221632349526233
T:
hecfp127i
247532604827306
T:
prjfp127i
272322800928712
T:
jacfp128bk
264552804630044
T:
ecfp256e
283792948932967
T:
curve2251
288973037732486
T:
hecfp128bk
289713071035113
T:
ecfp256h
308953196833189
T:
prjfp128bk
315243259733522
T:
hecfp128i
315243263433670
T:
hecfp128fkt
309693267136741
T:
ecfp256s
328193311533337
T:
gls254
336333385534040
T:
gls254prot
316353392937888
T:
ecfp256q
403304040440478
T:
kummer
404414062640774
T:
k277taa
444374499245473
T:
gls1271
509495113451652
T:
k298
621236227162530
T:
k277mon
672666734067488
T:
kumfp127g
842498439784508
T:
curve25519
867288687686950
T:
kumfp128g
123580124505125171
T:
ecfp256i
148629148962149295
T:
ed448goldilocks
181596183261185333
T:
sclaus1024
199874200133200836
T:
nistp256
620638623191624264
T:
ed521gs
755836757205759203
T:
nist521gs
838198842305850445
T:
claus
912087919228926702
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
317833189432042
T:
gls254
337443392934114
T:
gls254prot
403674040440589
T:
kummer
404414051540663
T:
k277taa
509125098651097
T:
k298
620126216062271
T:
k277mon
671186722967377
T:
jacfp128bk
693756952369856
T:
kumfp127g
705967067070892
T:
kumjacfp127g
860258617386469
T:
prjfp128bk
882088857888763
T:
hecfp128bk
908729094690983
T:
kumfp128g
907989127991649
T:
hecfp128fkt
911689131691575
T:
curve25519
107041107411108114
T:
curve2251
107596108151109113
T:
gls1271
108706108891109409
T:
jacfp127i
110778111259111407
T:
ecfp256e
119473119621119695
T:
ecfp256i
120250120842121027
T:
ecfp256q
136530137270139083
T:
ecfp256h
144892145262145743
T:
prjfp127i
147482147630147704
T:
hecfp127i
164243164983165131
T:
ecfp256s
187442191438192289
T:
sclaus1024
195212196137196248
T:
hecfp128i
441817443741444074
T:
ed448goldilocks
555629557331558848
T:
nistp256
620675622525624079
T:
ed521gs
753320756539758056
T:
nist521gs
835275838309846338
T:
claus
930402936877940022
T:
sclaus2048