Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20260217
[Page version: 20260319 20:29:15]
eBATS
(ECRYPT Benchmarking
of Asymmetric Systems)
is a project
to measure the performance of public-key systems.
This page presents benchmark results collected in eBATS
for public-key Diffie–Hellman secret-sharing systems:
- Time (cycles) to generate a key pair:
a secret key and a corresponding public key.
- Time to compute a shared secret,
given one user's secret key and another user's public key.
- Space (bytes) for a secret key.
- Space for a public key.
- Space for a shared secret.
Each table row lists
the first quartile of many speed measurements (or StQ1 starting with supercop-20260214),
the median of many speed measurements (or StQ2 starting with supercop-20260214),
the third quartile of many speed measurements (or StQ3 starting with supercop-20260214), and
the name of the primitive.
Measurements with large interquartile range (or stabilized interquartile range) are indicated in red with question marks.
The symbol
T:
(starting with supercop-20200816)
means that the SUPERCOP database
at the time of benchmarking did not list constant time
as a goal for this implementation.
The symbol
T!!!
means that constant time was listed as a goal for this implementation,
but that the implementation failed TIMECOP.
(TIMECOP failures are not necessarily security issues;
they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)
There is a
separate page
with more information about each Diffie–Hellman system and each implementation.
Designers and implementors
interested in submitting new Diffie–Hellman systems
and new implementations of existing systems
should read the call for submissions.
Test results
Graphs:
old
(pkcycles,pkbytes)
(scycles,pkbytes)
| Cycles to generate a key pair |
|---|
| 25% | 50% | 75% | system |
|---|
| 21715 | 22618 | 24097 | T: kumjacfp127g |
| 21928 | 23007 | 24285 | T: jacfp127i |
| 24560 | 25494 | 27280 | T: prjfp127i |
| 27775 | 27864 | 27943 | curve25519 |
| 27239 | 28489 | 30300 | T: hecfp127i |
| 29636 | 29954 | 31100 | T: jacfp128bk |
| 35510 | 36763 | 38508 | T: prjfp128bk |
| 36653 | 36911 | 37453 | T: gls254 |
| 37448 | 37988 | 39350 | T: hecfp128i |
| 37833 | 38538 | 39975 | T: hecfp128bk |
| 38609 | 38655 | 38704 | T: gls254prot |
| 38775 | 38938 | 39866 | T: curve2251 |
| 38245 | 39257 | 40350 | T: hecfp128fkt |
| 42139 | 42206 | 42264 | nistp256 |
| 42123 | 43009 | 44296 | T: ecfp256e |
| 44522 | 45265 | 47391 | T: ecfp256s |
| 45686 | 45714 | 45749 | T: k277taa |
| 46670 | 47502 | 49676 | T: ecfp256q |
| 47762 | 48251 | 49454 | T: ecfp256h |
| 51813 | 51887 | 52013 | T: k298 |
| 70680 | 70720 | 70762 | T: k277mon |
| 70247 | 71079 | 71931 | T: gls1271 |
| 59639 | 71170 | 71249 | T: kummer |
| 79300 | 79398 | 79505 | T: kumfp127g |
| 111023 | 111073 | 111129 | T: kumfp128g |
| 138596 | 139994 | 151757 | T: sclaus1024 |
| 153356 | 153621 | 153964 | T: ed448goldilocks |
| 176734 | 178130 | 179687 | T: ecfp256i |
| 183007 | 183796 | 184632 | T: surf127eps |
| 246526 | 251716 | 264946 | T: hector |
| 520388 | 522862 | 525578 | T: surf2113 |
| 656588 | 660106 | 663657 | T: sclaus2048 |
| 807246 | 807769 | 813927 | T: ed521gs |
| 899483 | 902219 | 908626 | T: claus |
| 951287 | 952820 | 959883 | T: nist521gs |
|
| Cycles to compute a shared secret |
|---|
| 25% | 50% | 75% | system |
|---|
| 35733 | 35774 | 35816 | T: gls254 |
| 38517 | 38554 | 38586 | T: gls254prot |
| 45426 | 45456 | 45480 | T: k277taa |
| 51579 | 51651 | 51731 | T: k298 |
| 55518 | 55571 | 55629 | T: kummer |
| 70595 | 70628 | 70664 | T: k277mon |
| 80654 | 80775 | 80956 | T: kumfp127g |
| 82731 | 82815 | 82924 | T: kumjacfp127g |
| 84407 | 84582 | 84717 | curve25519 |
| 88694 | 88762 | 88858 | T: jacfp128bk |
| 110070 | 110186 | 110351 | T: prjfp128bk |
| 114086 | 114216 | 114376 | T: hecfp128fkt |
| 115021 | 115119 | 115263 | T: hecfp128bk |
| 115297 | 115350 | 115407 | T: kumfp128g |
| 124458 | 124534 | 124637 | T: jacfp127i |
| 144696 | 145779 | 145982 | T: curve2251 |
| 157301 | 157449 | 157578 | nistp256 |
| 159341 | 159580 | 159931 | T: ecfp256e |
| 165877 | 166055 | 166323 | T: prjfp127i |
| 166924 | 167219 | 167519 | T: ecfp256i |
| 166989 | 167267 | 167760 | T: ecfp256q |
| 169034 | 169648 | 172883 | T: hecfp127i |
| 170320 | 172000 | 174693 | T: gls1271 |
| 175893 | 176372 | 197437 | T: sclaus1024 |
| 179700 | 180057 | 180619 | T: surf127eps |
| 213965 | 214120 | 214351 | T: ecfp256h |
| 222191 | 222391 | 222794 | T: ecfp256s |
| 249825 | 249973 | 250298 | T: hecfp128i |
| 465950 | 468570 | 473254 | T: ed448goldilocks |
| 518949 | 520509 | 523543 | T: surf2113 |
| 803459 | 806028 | 813599 | T: hector |
| 807572 | 808047 | 813708 | T: ed521gs |
| 848881 | 855561 | 864034 | T: sclaus2048 |
| 951121 | 952705 | 959463 | T: nist521gs |
| 1036291 | 1041202 | 1045748 | T: claus |
|
|
| 
