VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Coffee Lake (806ea); 2018 Intel Core i3-8109U; 2 x 3000MHz; like, supercop-20240909

[Page version: 20241011 15:42:01]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
211602146022758
T:
kumjacfp127g
223352328624750
T:
jacfp127i
259472706428374
T:
prjfp127i
266562759328949
T:
hecfp127i
309133201733423
T:
jacfp128bk
357003677138355
T:
hecfp128i
371283736737680
T:
gls254
365253759738840
T:
prjfp128bk
377563862639586
T:
hecfp128bk
391223915239208
T:
gls254prot
391083945140349
T:
curve2251
388013963640691
T:
hecfp128fkt
463004633146384
T:
k277taa
530835317453282
T:
k298
534255386053950
T:
kummer
705637133572137
T:
gls1271
723787242172485
T:
k277mon
793968010380252
T:
kumfp127g
112709112779112899
T:
kumfp128g
125596126521126730
T:
curve25519
152364153041153591
T:
ed448goldilocks
176875178871180595
T:
sclaus1024
233998234378235292
T:
nistp256
505333507999510102
T:
surf2113
820741821817824146
T:
ed521gs
891143897382905349
T:
sclaus2048
960285961055962038
T:
nist521gs
983834987756991415
T:
claus
Cycles to compute a shared secret
25%50%75%system
359443608636144
T:
gls254
388243887838921
T:
gls254prot
456244608946154
T:
k277taa
529065297653160
T:
k298
532265330854223
T:
kummer
722857235372441
T:
k277mon
817778243882546
T:
kumfp127g
838368414284392
T:
kumjacfp127g
878698881588991
T:
jacfp128bk
108676110154110353
T:
prjfp128bk
113810113960114117
T:
hecfp128bk
117905117975118109
T:
kumfp128g
118244118479118683
T:
hecfp128fkt
125707125861126131
T:
jacfp127i
135623136041136393
T:
curve25519
145348145432145562
T:
curve2251
166750166880167031
T:
prjfp127i
169041169192169295
T:
hecfp127i
176865177461178080
T:
gls1271
176694179574181799
T:
sclaus1024
253122253357253676
T:
hecfp128i
456898457215457496
T:
ed448goldilocks
497691502023504935
T:
surf2113
588228588441588652
T:
nistp256
821451822642824213
T:
ed521gs
888758899530908893
T:
sclaus2048
959758960793961947
T:
nist521gs
983553986691989522
T:
claus