VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1275 V3; 4 x 3500MHz; titan0, supercop-20241022

[Page version: 20241109 15:41:12]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
316483301934917
T:
kumjacfp127g
335863551337669
T:
jacfp127i
353593605636696
T:
prjfp127i
365433696237543
T:
hecfp127i
431864518449004
T:
curve2251
446704520145780
T:
gls254
442814562346798
T:
jacfp128bk
458704741350180
T:
prjfp128bk
490124905549098
T:
gls254prot
482694924750245
T:
hecfp128bk
487524939450065
T:
hecfp128fkt
528085412554824
T:
hecfp128i
622706236262435
T:
k277taa
669796706667132
T:
kummer
701187021970360
T:
k298
900109105891862
T:
gls1271
951719522295302
T:
k277mon
112380112581113149
T:
kumfp127g
144396144488146787
T:
curve25519
157438157539157824
T:
kumfp128g
174912175078175370
T:
ed448goldilocks
213841214676216291
T:
surf127eps
217793219640221583
T:
sclaus1024
247438254988262242
T:
hector
285376285524285760
T:
nistp256
535318538286540490
T:
surf2113
101201610133181017992
T:
ed521gs
109271011020341110795
T:
sclaus2048
130061013030441306009
T:
claus
Cycles to compute a shared secret
25%50%75%system
405414162441965
T:
gls254
490904913449192
T:
gls254prot
621376223362300
T:
k277taa
669006695967044
T:
kummer
699106997270058
T:
k298
949939504695114
T:
k277mon
113945114053114219
T:
kumfp127g
114095114177114269
T:
jacfp128bk
120702120787120887
T:
kumjacfp127g
140916141056141289
T:
prjfp128bk
145676145827145964
T:
hecfp128bk
150897151043151209
T:
hecfp128fkt
155990156091158294
T:
curve25519
157660160068160228
T:
curve2251
162886162955163004
T:
kumfp128g
186572186705186812
T:
jacfp127i
207695208745209746
T:
surf127eps
215786218600220981
T:
gls1271
218207220761221132
T:
sclaus1024
226841227053227344
T:
prjfp127i
228886229153229788
T:
hecfp127i
326018326299326687
T:
hecfp128i
533258538939546566
T:
surf2113
539333539652542522
T:
ed448goldilocks
823820838841852382
T:
hector
978432978805979998
T:
nistp256
101992310201961020698
T:
ed521gs
110121211020521109750
T:
sclaus2048
130362313042591305444
T:
claus