VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1275 V3; 4 x 3500MHz; titan0, supercop-20240909

[Page version: 20241011 15:42:01]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
307693192134344
T:
kumjacfp127g
322603285133339
T:
jacfp127i
363183703437521
T:
hecfp127i
361243818140821
T:
prjfp127i
412344204746218
T:
curve2251
419194378346062
T:
jacfp128bk
446704520145780
T:
gls254
447634600149643
T:
prjfp128bk
452364612348710
T:
hecfp128i
490124905549098
T:
gls254prot
488004934850127
T:
hecfp128fkt
485204946350679
T:
hecfp128bk
622706236262435
T:
k277taa
667876713268094
T:
kummer
701187021970360
T:
k298
900109105891862
T:
gls1271
951719522295302
T:
k277mon
111388111539111705
T:
kumfp127g
144426144506145244
T:
curve25519
157613157698157770
T:
kumfp128g
174912175078175370
T:
ed448goldilocks
217793219640221583
T:
sclaus1024
285388285556288182
T:
nistp256
535318538286540490
T:
surf2113
101201610133181017992
T:
ed521gs
109271011020341110795
T:
sclaus2048
130061013030441306009
T:
claus
Cycles to compute a shared secret
25%50%75%system
405414162441965
T:
gls254
490904913449192
T:
gls254prot
621376223362300
T:
k277taa
670816767968118
T:
kummer
699106997270058
T:
k298
949939504695114
T:
k277mon
113128113243113366
T:
kumfp127g
113418113484113559
T:
jacfp128bk
119899120171121229
T:
kumjacfp127g
139790139952140115
T:
prjfp128bk
145568145729145881
T:
hecfp128bk
151218151374151520
T:
hecfp128fkt
155977156036156138
T:
curve25519
159801160258160313
T:
curve2251
163110163163163212
T:
kumfp128g
185618185900186192
T:
jacfp127i
215786218600220981
T:
gls1271
218207220761221132
T:
sclaus1024
225367225623225881
T:
prjfp127i
228754228992229262
T:
hecfp127i
326321326550326884
T:
hecfp128i
533258538939546566
T:
surf2113
539333539652542522
T:
ed448goldilocks
978404978970979506
T:
nistp256
101992310201961020698
T:
ed521gs
110121211020521109750
T:
sclaus2048
130362313042591305444
T:
claus