VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1275 V3; 4 x 3500MHz; titan0, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
312793247334323
T:
kumjacfp127g
331753528437805
T:
jacfp127i
342503557736667
T:
prjfp127i
364173687837453
T:
hecfp127i
377203875941300
T:
jacfp128bk
413934343448162
T:
curve2251
442104505847280
T:
prjfp128bk
448534531345748
T:
gls254
480564873449470
T:
hecfp128i
475664878449830
T:
hecfp128bk
490564911049173
T:
gls254prot
485304962350442
T:
hecfp128fkt
622666233562434
T:
k277taa
670886711767699
T:
kummer
703117042070671
T:
k298
905249159092399
T:
gls1271
951609520195245
T:
k277mon
111759112800113432
T:
kumfp127g
144407144456144503
T:
curve25519
157454157561157794
T:
kumfp128g
174925175169175624
T:
ed448goldilocks
218603221423231678
T:
sclaus1024
286369286537286799
T:
nistp256
536607538690539983
T:
surf2113
101196510124911013285
T:
ed521gs
109291911026481109067
T:
sclaus2048
130009513041321307633
T:
claus
Cycles to compute a shared secret
25%50%75%system
403704107641187
T:
gls254
490524909649174
T:
gls254prot
621646224662305
T:
k277taa
670126706167727
T:
kummer
699607003870131
T:
k298
949769501595060
T:
k277mon
113151113330113777
T:
kumfp127g
113551113615113681
T:
jacfp128bk
119824119987120130
T:
kumjacfp127g
140962141119141274
T:
prjfp128bk
146007146159146371
T:
hecfp128bk
150859150994151181
T:
hecfp128fkt
155985156064156567
T:
curve25519
159048159416160340
T:
curve2251
162897162992163346
T:
kumfp128g
186643186903187208
T:
jacfp127i
220434220808242134
T:
sclaus1024
221788224422226036
T:
gls1271
226628226865227216
T:
prjfp127i
228766228923229145
T:
hecfp127i
326171326444326737
T:
hecfp128i
535635535949539198
T:
surf2113
539266539414539592
T:
ed448goldilocks
977328978639979578
T:
nistp256
101982410201141020441
T:
ed521gs
108096510880491114855
T:
sclaus2048
130009013033621303740
T:
claus