VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Zen 4 (a60f12); 2023 AMD Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
240322489626127
T:
jacfp127i
245422571626702
T:
kumjacfp127g
258662714928477
T:
hecfp127i
260722727728379
T:
prjfp127i
290013049131967
T:
jacfp128bk
309033110831540
T:
gls254
316443168231736
T:
gls254prot
330933462236701
T:
hecfp128fkt
342213549838600
T:
curve2251
343573579836985
T:
prjfp128bk
350283596736958
T:
hecfp128i
352223621637313
T:
hecfp128bk
420834212242167
T:
kummer
422584232442394
T:
k277taa
481184827149206
T:
k298
561415697457642
T:
gls1271
634466350664014
T:
k277mon
789577905779288
T:
kumfp127g
101407101533103020
T:
curve25519
104252104331104405
T:
kumfp128g
158593158830159134
T:
ed448goldilocks
196519198427200420
T:
sclaus1024
222601223409224392
T:
nistp256
338386340068341612
T:
surf2113
744798747686771482
T:
ed521gs
914397915409916199
T:
nist521gs
99869510078501013910
T:
sclaus2048
101496610165441020777
T:
claus
Cycles to compute a shared secret
25%50%75%system
297562982029895
T:
gls254
316423168731823
T:
gls254prot
420554206842119
T:
kummer
422084221042282
T:
k277taa
479604806348156
T:
k298
634066340663446
T:
k277mon
788787899879119
T:
jacfp128bk
811798131081320
T:
kumfp127g
826878272582746
T:
kumjacfp127g
932409333593443
T:
prjfp128bk
961529627996673
T:
hecfp128bk
995499974699950
T:
hecfp128fkt
109062109155109250
T:
kumfp128g
109482109583110809
T:
curve25519
120188120264120341
T:
jacfp127i
127615129540130013
T:
gls1271
135500136781137012
T:
curve2251
149858149965150105
T:
prjfp127i
152003152107152254
T:
hecfp127i
198177198893200055
T:
sclaus1024
210615210693210993
T:
hecfp128i
332376336761337870
T:
surf2113
525940527184529251
T:
ed448goldilocks
716412718055729646
T:
nistp256
746010768784777229
T:
ed521gs
912243914820915982
T:
nist521gs
99345610089171019152
T:
sclaus2048
101262810135551015647
T:
claus