VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Duo T7300; 2 x 2000MHz; trident, supercop-20241022

[Page version: 20241101 10:40:32]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
407314130841958
T:
jacfp127i
425544312243820
T:
kumjacfp127g
468794742947932
T:
prjfp127i
483194883549556
T:
hecfp127i
733417386474533
T:
jacfp128bk
749247583876582
T:
ecfp256e
797598044881781
T:
ecfp256h
813868233782994
T:
ecfp256s
864048711788375
T:
hecfp128bk
863458726988505
T:
hecfp128i
868508753688832
T:
hecfp128fkt
864868761788995
T:
ecfp256q
868918762788620
T:
prjfp128bk
126831128544129874
T:
gls1271
134815135667137424
T:
curve2251
179161179195179366
T:
kumfp127g
292827294267295408
T:
curve25519
314501314833315203
T:
kumfp128g
330478331239333568
T:
ed448goldilocks
374682376500379313
T:
ecfp256i
402156407496419725
T:
hector
415172418185418772
T:
kummer
417159419625422751
T:
surf127eps
423010426195431159
T:
sclaus1024
501816502448503584
T:
nistp256
775398779235782494
T:
surf2113
165727516579441660953
T:
ed521gs
191204319144961916744
T:
nist521gs
214938121672052184192
T:
sclaus2048
254279225482972554961
T:
claus
Cycles to compute a shared secret
25%50%75%system
183486183554183683
T:
kumfp127g
187584187722187980
T:
kumjacfp127g
242362242493242788
T:
jacfp128bk
291520291663291966
T:
jacfp127i
293042294615295285
T:
curve25519
299620299813300041
T:
prjfp128bk
307297307425307585
T:
hecfp128bk
318305318565319072
T:
hecfp128fkt
311723321884328632
T:
gls1271
327103327367327674
T:
kumfp128g
356182356351356514
T:
ecfp256e
370238370520370852
T:
ecfp256q
375407375730376300
T:
ecfp256i
380227380384380807
T:
prjfp127i
388585388711389054
T:
hecfp127i
415185416938419043
T:
surf127eps
415481417163418167
T:
kummer
424471431570436702
T:
sclaus1024
444268444382444598
T:
ecfp256h
461901462266463442
T:
ecfp256s
556311558006560294
T:
curve2251
693096693705694382
T:
hecfp128i
768423774105775793
T:
surf2113
103325210349471037847
T:
ed448goldilocks
116941411714271172835
T:
nistp256
134495713597301364232
T:
hector
165785716589281660179
T:
ed521gs
191164919139291916416
T:
nist521gs
216940721834162203569
T:
sclaus2048
254028225429532547679
T:
claus