VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Kaby Lake (806e9); 2017 Intel Core i3-7100; 2 x 2400MHz; whosthere, supercop-20221122

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
372803748937771
T:
gls254
392633931439369
T:
gls254prot
416444200442820
T:
curve2251
458134631946401
T:
k277taa
532185360754066
T:
k298
534845387155445
T:
kummer
711287127372399
T:
k277mon
112849114255115628
T:
gls1271
126059127356128223
T:
curve25519
154497155659156258
T:
ed448goldilocks
192916194391196007
T:
surf127eps
197126199570201477
T:
sclaus1024
300445301390302205
T:
nistp256
529936531945534974
T:
surf2113
893927897039900085
T:
ed521gs
100155410131181033949
T:
sclaus2048
104520210486431054813
T:
claus
104926010537761056028
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
360963615236305
T:
gls254
388643895439027
T:
gls254prot
460634610746164
T:
k277taa
527745292853262
T:
k298
534515377355644
T:
kummer
710657227072328
T:
k277mon
135972136643137230
T:
curve25519
144115144493145510
T:
curve2251
186994188482190065
T:
surf127eps
198564201605204874
T:
sclaus1024
273946277886282463
T:
gls1271
461335462594462918
T:
ed448goldilocks
527628529760532633
T:
surf2113
683477687360690652
T:
nistp256
897139900975904698
T:
ed521gs
100738610120281031660
T:
sclaus2048
103689410438611049575
T:
claus
105036910545421056565
T:
nist521gs