VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Ivy Bridge+AES (306a9); 2012 Intel Xeon E3-1275 V2; 4 x 3500MHz; hydra8, supercop-20250307

[Page version: 20250328 20:57:54]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
314923298435129
T:
jacfp127i
330613325034145
T:
kumjacfp127g
363073843741614
T:
prjfp127i
379673986243055
T:
hecfp127i
443354536046347
T:
jacfp128bk
489414965651025
T:
ecfp256e
502685105753969
T:
ecfp256h
516095248953394
T:
prjfp128bk
517035290254506
T:
hecfp128i
530245372056171
T:
ecfp256s
528755401855460
T:
hecfp128fkt
529215417555498
T:
hecfp128bk
565205751660955
T:
ecfp256q
572845797261310
T:
curve2251
733727450875780
T:
gls254
883818871888934
T:
kummer
950619636097130
T:
gls1271
106328106373106489
T:
gls254prot
120064120105120179
T:
kumfp127g
145039145126145454
T:
curve25519
164804165028165183
T:
kumfp128g
174404176136176225
T:
k277taa
180662180772181053
T:
k298
206684207801209486
T:
sclaus1024
209055209338209488
T:
ed448goldilocks
226564227678229105
T:
ecfp256i
233528234422234879
T:
surf127eps
255685255692255708
T:
k277mon
275752279176295858
T:
hector
320524320922321190
T:
nistp256
590583592917594285
T:
surf2113
106336710679481071968
T:
sclaus2048
111150811119851113532
T:
ed521gs
127100512716431272559
T:
nist521gs
136403213654161367082
T:
claus
Cycles to compute a shared secret
25%50%75%system
683896967772488
T:
gls254
884478853488756
T:
kummer
106242106276106308
T:
gls254prot
121853121884121922
T:
kumfp127g
124723124819124939
T:
jacfp128bk
125988126097126230
T:
kumjacfp127g
156757157245157313
T:
curve25519
157077157248157439
T:
prjfp128bk
162050162167162301
T:
hecfp128bk
167826167970168116
T:
hecfp128fkt
170458170750170874
T:
kumfp128g
175958176071176132
T:
k277taa
180484180536180642
T:
k298
190872191162194025
T:
jacfp127i
207596207770208017
T:
ecfp256e
219620219859220279
T:
ecfp256q
221217221471221773
T:
ecfp256i
221473222508225532
T:
curve2251
230617230968231304
T:
surf127eps
236136237020241508
T:
gls1271
238580238819239134
T:
prjfp127i
245314245674245960
T:
hecfp127i
251747251979252264
T:
ecfp256h
255628255632255640
T:
k277mon
272000277844278167
T:
sclaus1024
285170285413285678
T:
ecfp256s
364759365090365550
T:
hecfp128i
588217589508593502
T:
surf2113
629934630159630404
T:
ed448goldilocks
821378822410823157
T:
nistp256
921506933872942283
T:
hector
112503211253531125983
T:
ed521gs
127048012710601271689
T:
nist521gs
135447413564891396901
T:
sclaus2048
163191616340211648055
T:
claus