VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Duo T7300; 2 x 2000MHz; trident, supercop-20250307

[Page version: 20250419 21:20:39]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
403094080941475
T:
jacfp127i
426024311343954
T:
kumjacfp127g
469204746748013
T:
prjfp127i
484034884949453
T:
hecfp127i
728787325473879
T:
jacfp128bk
751737586176594
T:
ecfp256e
792168006081346
T:
ecfp256h
816278255683172
T:
ecfp256s
865228726688266
T:
hecfp128bk
866438726988258
T:
prjfp128bk
867558733088403
T:
hecfp128fkt
866908738488517
T:
hecfp128i
882438910089977
T:
ecfp256q
128884130999132960
T:
gls1271
132203132584133895
T:
curve2251
179174179221179330
T:
kumfp127g
293747294878296016
T:
curve25519
314752314964315300
T:
kumfp128g
321383323439324875
T:
sclaus1024
329944331333333513
T:
ed448goldilocks
374962378192388765
T:
ecfp256i
399775405185417980
T:
hector
413713414379415413
T:
kummer
416203419023422354
T:
surf127eps
501096502198504123
T:
nistp256
768242772609777457
T:
surf2113
165721916576981660010
T:
ed521gs
164962316590681662576
T:
sclaus2048
191206819145471916175
T:
nist521gs
213594521416342183272
T:
claus
Cycles to compute a shared secret
25%50%75%system
183469183531183655
T:
kumfp127g
187594187699187913
T:
kumjacfp127g
242967243174243633
T:
jacfp128bk
291358291601292087
T:
jacfp127i
294279295005296453
T:
curve25519
300490300834302155
T:
prjfp128bk
307231307375307700
T:
hecfp128bk
318221318423319272
T:
hecfp128fkt
317341318686321709
T:
gls1271
327087327298327589
T:
kumfp128g
356223356347356530
T:
ecfp256e
371935372080372329
T:
ecfp256q
375442375698376055
T:
ecfp256i
380297380468380884
T:
prjfp127i
388703388885389212
T:
hecfp127i
413497414314415039
T:
kummer
411809414487417964
T:
surf127eps
430430432838438067
T:
sclaus1024
444652444901445366
T:
ecfp256h
462661462846463152
T:
ecfp256s
551043553306553837
T:
curve2251
692945693321694073
T:
hecfp128i
762239768624770585
T:
surf2113
103374110352531038118
T:
ed448goldilocks
116928311718361172763
T:
nistp256
132315913258541328340
T:
hector
165651916577371659453
T:
ed521gs
191125019127591914701
T:
nist521gs
213452921869892212972
T:
sclaus2048
253861225561112584959
T:
claus