VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Duo T7300; 2 x 2000MHz; trident, supercop-20240425

[Page version: 20240719 07:48:55]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
403114092741480
T:
jacfp127i
424414302543725
T:
kumjacfp127g
468374739647959
T:
prjfp127i
485874900649632
T:
hecfp127i
728737327973857
T:
jacfp128bk
799328077981473
T:
ecfp256e
843598515986588
T:
ecfp256h
864498707088283
T:
hecfp128fkt
864638724988385
T:
hecfp128bk
866108755588840
T:
hecfp128i
869768764888663
T:
prjfp128bk
889669021391253
T:
ecfp256s
943679544496776
T:
ecfp256q
125627126864128105
T:
gls1271
132202132658133973
T:
curve2251
178885179036179253
T:
kumfp127g
294352295189296779
T:
curve25519
314748314969315248
T:
kumfp128g
333158333933334889
T:
ed448goldilocks
393867396141399025
T:
ecfp256i
410995412641418356
T:
kummer
417081418643421496
T:
surf127eps
424898428604432853
T:
sclaus1024
501578502103502978
T:
nistp256
770261774814778594
T:
surf2113
166064816620021664226
T:
ed521gs
191319619166431921647
T:
nist521gs
215442121718322183348
T:
sclaus2048
254340925499862555433
T:
claus
Cycles to compute a shared secret
25%50%75%system
183326183436183609
T:
kumfp127g
187672188063188207
T:
kumjacfp127g
242976243122243443
T:
jacfp128bk
291553291739292065
T:
jacfp127i
294047294915296030
T:
curve25519
299487299648299965
T:
prjfp128bk
307223307426308022
T:
hecfp128bk
309326315980320529
T:
gls1271
318256318456319288
T:
hecfp128fkt
327136327326327632
T:
kumfp128g
373963374200374555
T:
ecfp256e
380231380399380843
T:
prjfp127i
388820388933389196
T:
hecfp127i
388693388997389694
T:
ecfp256q
393210393519393880
T:
ecfp256i
410541412188417733
T:
kummer
412135415053417423
T:
surf127eps
423475432051439579
T:
sclaus1024
464588465146465720
T:
ecfp256h
479898480361481007
T:
ecfp256s
549286552715553159
T:
curve2251
693532693776694651
T:
hecfp128i
770402773011776180
T:
surf2113
103446410363671037338
T:
ed448goldilocks
117009611719411173595
T:
nistp256
165769416587971660281
T:
ed521gs
191225419148151918080
T:
nist521gs
213028721341862189041
T:
sclaus2048
254669925518232560737
T:
claus