VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Core i7-4770; 4 x 3400MHz; speed2supercop, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
26832?32356?35480?
T:
jacfp127i
278883291634008
T:
kumjacfp127g
302163484836284
T:
prjfp127i
308963546836864
T:
hecfp127i
358044086442232
T:
jacfp128bk
412324140442984
T:
curve2251
444324494045488
T:
gls254
455284610447180
T:
ecfp256e
432164845249868
T:
hecfp128bk
434764853249840
T:
hecfp128fkt
421604895252088
T:
prjfp128bk
491964925249328
T:
gls254prot
487684946851016
T:
ecfp256h
456645027651532
T:
hecfp128i
526925355255420
T:
ecfp256q
625486310065884
T:
kummer
634446358463688
T:
k277taa
715287163271856
T:
k298
890849030491152
T:
gls1271
968089685296920
T:
k277mon
110768110888110984
T:
kumfp127g
144428144504147412
T:
curve25519
156900157040157356
T:
kumfp128g
175192175400175596
T:
ed448goldilocks
210972212484216304
T:
ecfp256i
212556213228213912
T:
surf127eps
218596221728236636
T:
sclaus1024
280820280972281260
T:
nistp256
530548532956534164
T:
surf2113
99962410003721001176
T:
ed521gs
110080411101161116604
T:
sclaus2048
115731611577001158368
T:
nist521gs
152824415320961552896
T:
claus
Cycles to compute a shared secret
25%50%75%system
403924149241936
T:
gls254
490724912449176
T:
gls254prot
633806346063568
T:
k277taa
628846518070288
T:
kummer
713287141671644
T:
k298
966169666096716
T:
k277mon
112228112368112708
T:
kumfp127g
112592112664112728
T:
jacfp128bk
120340120524121388
T:
kumjacfp127g
139060139196139432
T:
prjfp128bk
145796145964146192
T:
hecfp128bk
150812150976151196
T:
hecfp128fkt
155912156036158792
T:
curve25519
158252159400159604
T:
curve2251
162244162312162808
T:
kumfp128g
185040185256185472
T:
jacfp127i
193560193644193716
T:
ecfp256e
201584201756201960
T:
ecfp256q
204888205020205216
T:
ecfp256i
209524210112210624
T:
surf127eps
212532214180223236
T:
gls1271
222680224540239764
T:
sclaus1024
226632226800227024
T:
prjfp127i
230180230452230744
T:
hecfp127i
248744249036249280
T:
ecfp256h
325552325972327884
T:
hecfp128i
531576531828532064
T:
surf2113
538304538600548396
T:
ed448goldilocks
732052732392733072
T:
nistp256
963720964304965200
T:
claus
100124410014481001776
T:
ed521gs
110875611132521124828
T:
sclaus2048
115706411574161157844
T:
nist521gs