VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Raptor Cove (b06a2); 2023 Intel Core i7-13700H, P cores; 6 x 4800MHz; raptor, supercop-20231107

[Page version: 20241013 18:38:09]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
179521886121992
T:
kumjacfp127g
181801981322024
T:
jacfp127i
204612225125039
T:
hecfp127i
206282269525772
T:
prjfp127i
272262836729825
T:
jacfp128bk
270122852230479
T:
prjfp128bk
281782948931338
T:
hecfp128bk
297913014630580
T:
gls254
276603039332864
T:
hecfp128i
273333052233092
T:
hecfp128fkt
309853104831128
T:
gls254prot
317543212032701
T:
ecfp256h
317653215632834
T:
ecfp256e
334003348733646
T:
curve2251
353213583737052
T:
ecfp256s
366423706937810
T:
ecfp256q
383113835238403
T:
k277taa
422024225542317
T:
k298
502735085751311
T:
gls1271
518645190751972
T:
kummer
599776004760135
T:
k277mon
640806434864870
T:
kumfp127g
811908169182182
T:
kumfp128g
105767106785107967
T:
curve25519
118861119982121579
T:
surf127eps
126489126909127602
T:
ed448goldilocks
136764137996139575
T:
ecfp256i
166047167235168983
T:
sclaus1024
166794167256167674
T:
nistp256
357379358890360162
T:
surf2113
589954592131596248
T:
ed521gs
750113753412758158
T:
nist521gs
880863886274893621
T:
sclaus2048
987026989367994673
T:
claus
Cycles to compute a shared secret
25%50%75%system
289972904229088
T:
gls254
309123095931005
T:
gls254prot
381983823738284
T:
k277taa
420154205942113
T:
k298
548875494158175
T:
kummer
599265998960054
T:
k277mon
655586575666629
T:
kumfp127g
661036624466402
T:
jacfp128bk
665356672966900
T:
kumjacfp127g
761007625376435
T:
prjfp128bk
772897741477620
T:
hecfp128bk
804208058880797
T:
hecfp128fkt
848918526785603
T:
kumfp128g
101195101347101608
T:
jacfp127i
105749106150106426
T:
curve25519
110206112823115017
T:
surf127eps
120165120878122164
T:
prjfp127i
120892121213122359
T:
hecfp127i
122888123153123532
T:
ecfp256e
119230123632125855
T:
gls1271
129480129675129956
T:
ecfp256i
133582133805134346
T:
ecfp256q
134326134502134659
T:
curve2251
147021147244147555
T:
ecfp256h
166641168050168836
T:
sclaus1024
167966168380169056
T:
hecfp128i
184012184607185992
T:
ecfp256s
354069354953357355
T:
surf2113
395355396847398187
T:
ed448goldilocks
437485439518441937
T:
nistp256
589637591248594776
T:
ed521gs
749732752965757532
T:
nist521gs
873790876766889667
T:
sclaus2048
989281990655993349
T:
claus