VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Tremont (906c0); 2021 Intel Pentium Silver N6000; 4 x 1100MHz; jasper, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
355153604636810
T:
jacfp127i
369953738538228
T:
kumjacfp127g
418404254343587
T:
prjfp127i
441184497746366
T:
hecfp127i
503355084751587
T:
jacfp128bk
515085203252800
T:
curve2251
524785283553689
T:
gls254
549325540756130
T:
gls254prot
602436111062558
T:
prjfp128bk
616096242863958
T:
hecfp128bk
621296278164051
T:
hecfp128fkt
621016291263869
T:
hecfp128i
677716789468103
T:
k277taa
759697715978309
T:
k298
983009847598742
T:
k277mon
99004100051101117
T:
gls1271
153851154239154760
T:
kumfp127g
219062220853221192
T:
kumfp128g
240801241010241227
T:
curve25519
304048304377305031
T:
ed448goldilocks
319641319804320036
T:
kummer
327320330345333704
T:
sclaus1024
343527343834344476
T:
nistp256
602136604873606465
T:
surf2113
174711917500131752160
T:
ed521gs
176181117744681787012
T:
sclaus2048
197298019776691983077
T:
claus
198440819877191990441
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
517735215652777
T:
gls254
545495496755543
T:
gls254prot
676266775867876
T:
k277taa
748747589877169
T:
k298
982619839398527
T:
k277mon
156996157590158119
T:
kumfp127g
159197159872160137
T:
kumjacfp127g
161096162156163419
T:
jacfp128bk
192784193061194483
T:
curve2251
201877202388203205
T:
prjfp128bk
206289206794207396
T:
hecfp128bk
214955216150217188
T:
hecfp128fkt
227222227954228310
T:
kumfp128g
240542240790241011
T:
curve25519
240806241674242406
T:
jacfp127i
234977243060245249
T:
gls1271
312363313339314037
T:
prjfp127i
319686320180320585
T:
kummer
321983322495323222
T:
hecfp127i
333796340038341721
T:
sclaus1024
462644463416464345
T:
hecfp128i
597106598845604437
T:
surf2113
100370410078221008846
T:
ed448goldilocks
118786111886781189689
T:
nistp256
174941817546781758179
T:
ed521gs
178088317838811795184
T:
sclaus2048
197530919778261982683
T:
claus
198020919821031986632
T:
nist521gs