VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Sandy Bridge+AES (206a7); 2011 Intel Xeon E3-1225; 4 x 3100MHz; hydra7, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
313263193732856
T:
jacfp127i
328603387634777
T:
kumjacfp127g
367053713537652
T:
prjfp127i
368913741938156
T:
hecfp127i
458484663048628
T:
jacfp128bk
550455547855871
T:
hecfp128i
553855608056910
T:
prjfp128bk
557265647757295
T:
hecfp128bk
566725751158344
T:
hecfp128fkt
604486072862448
T:
curve2251
747337600677072
T:
gls254
895408958489670
T:
kummer
102156103916105338
T:
gls1271
121246121394121535
T:
gls254prot
121874122549123454
T:
kumfp127g
147279147370147461
T:
curve25519
173486173570173663
T:
k277taa
182628182708182975
T:
k298
184177185012185331
T:
kumfp128g
214842215304217577
T:
ed448goldilocks
257978258054258360
T:
k277mon
269334271030285542
T:
surf127eps
285935288667291868
T:
sclaus1024
296264303137311623
T:
hector
353705354056357715
T:
nistp256
630495633491635495
T:
surf2113
121178212129881214514
T:
ed521gs
146087414783091536648
T:
sclaus2048
171402517186831722430
T:
claus
Cycles to compute a shared secret
25%50%75%system
702867185673855
T:
gls254
893138936589408
T:
kummer
121064121106121196
T:
gls254prot
123534123899125565
T:
kumfp127g
131578131641131744
T:
kumjacfp127g
140711140958153526
T:
jacfp128bk
158846158938164942
T:
curve25519
173279173325173418
T:
k277taa
179347179621179974
T:
prjfp128bk
182634182772183007
T:
k298
183141183373183659
T:
hecfp128bk
189740189928190155
T:
hecfp128fkt
190946191686191970
T:
kumfp128g
200540200861201140
T:
jacfp127i
226960229581230399
T:
curve2251
257995258046258173
T:
k277mon
260561261016261457
T:
prjfp127i
254645262017266302
T:
gls1271
265079265506265936
T:
hecfp127i
265843266515281736
T:
surf127eps
293391295194295513
T:
sclaus1024
414263414707415312
T:
hecfp128i
625490631600637431
T:
surf2113
653458654592655309
T:
ed448goldilocks
9791589952111009748
T:
hector
122168512236021225562
T:
ed521gs
122478212257721228373
T:
nistp256
148742714894891544584
T:
sclaus2048
171695717186321725688
T:
claus