VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1275 V3; 4 x 3500MHz; titan0, supercop-20250307

[Page version: 20250331 22:49:56]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
299983133534478
T:
kumjacfp127g
305093199133794
T:
jacfp127i
355053602136764
T:
prjfp127i
364633708837700
T:
hecfp127i
420954397747453
T:
curve2251
430024508346517
T:
jacfp128bk
447754532945833
T:
gls254
455584641048988
T:
ecfp256e
457574673748792
T:
hecfp128bk
458624769049149
T:
prjfp128bk
481054870249453
T:
hecfp128i
490204904349081
T:
gls254prot
487594940050198
T:
hecfp128fkt
485085101155841
T:
ecfp256h
503695270056570
T:
ecfp256s
534585558259791
T:
ecfp256q
623026235662432
T:
k277taa
678536794568064
T:
kummer
702327038771196
T:
k298
903589157092280
T:
gls1271
951629520795258
T:
k277mon
111390111525111704
T:
kumfp127g
144479146242146665
T:
curve25519
157806157886157944
T:
kumfp128g
167446168605169525
T:
sclaus1024
175102175417176907
T:
ed448goldilocks
210479211408212590
T:
ecfp256i
213792214986217586
T:
surf127eps
250650252630262227
T:
hector
282286282584282878
T:
nistp256
535841538234539711
T:
surf2113
841761845498847887
T:
sclaus2048
101206610131621015613
T:
ed521gs
110423711058381107300
T:
claus
121195512133671214952
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
407184082141100
T:
gls254
490184908349118
T:
gls254prot
621246218262275
T:
k277taa
677566830573967
T:
kummer
699437002770128
T:
k298
950269506095088
T:
k277mon
113126113264113390
T:
kumfp127g
113471113551113656
T:
jacfp128bk
120743120931123897
T:
kumjacfp127g
139728139885140090
T:
prjfp128bk
145999146163146354
T:
hecfp128bk
151294151511151708
T:
hecfp128fkt
156315157917158158
T:
curve25519
158474158843159908
T:
curve2251
163242163381163486
T:
kumfp128g
185383185654186041
T:
jacfp127i
194354194457194603
T:
ecfp256e
201838202034202190
T:
ecfp256q
205465205646205808
T:
ecfp256i
208323209133211257
T:
surf127eps
217466218392220310
T:
gls1271
226139226482230464
T:
prjfp127i
222267227816230083
T:
sclaus1024
228669228871229120
T:
hecfp127i
234518234637234779
T:
ecfp256h
259219259392259556
T:
ecfp256s
326322326592326955
T:
hecfp128i
535228535565538952
T:
surf2113
539871540809541458
T:
ed448goldilocks
745992746342747180
T:
nistp256
830692837873851179
T:
hector
102009310209291041625
T:
ed521gs
110906411205781129553
T:
sclaus2048
121130712123941214551
T:
nist521gs
129471912976101299207
T:
claus