-r--r--r-- 11960 libntruprime-20240825/doc/html/speed.html raw
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
html{overflow-y:scroll;background-color:#004591}
body{font-family:"Noto Sans","Droid Sans","DejaVu Sans","Arial",sans-serif;line-height:1.5}
tt,code{background-color:#f0f0f0;font-family:"Noto Sans Mono","Droid Sans Mono","DejaVu Sans Mono","Courier New",monospace,sans-serif;font-size:1em;}
pre{margin-left:3em}
p,ul,ol,blockquote,pre{font-size:1.0em;line-height:1.6}
li p{font-size:1.0em}
blockquote p{font-size:1.0em}
h1{font-size:1.5em}
h2{font-size:1.3em}
h3{font-size:1.0em}
h1 a{text-decoration:none}
table{border-collapse:collapse}
th,td{border:1px solid black}
table a{text-decoration:none}
table tr{font-size:1.0em;line-height:1.6em}
table tr{font-size:1.0em;line-height:1.5}
tbody tr:nth-child(12n+1){background-color:#f0ffff}
tbody tr:nth-child(12n+2){background-color:#f0ffff}
tbody tr:nth-child(12n+3){background-color:#f0ffff}
tbody tr:nth-child(12n+4){background-color:#f0ffff}
tbody tr:nth-child(12n+5){background-color:#f0ffff}
tbody tr:nth-child(12n+6){background-color:#f0ffff}
tbody tr:nth-child(12n+7){background-color:#fffff0}
tbody tr:nth-child(12n+8){background-color:#fffff0}
tbody tr:nth-child(12n+9){background-color:#fffff0}
tbody tr:nth-child(12n+10){background-color:#fffff0}
tbody tr:nth-child(12n+11){background-color:#fffff0}
tbody tr:nth-child(12n+12){background-color:#fffff0}
.headline{padding:0;font-weight:bold;font-size:1.0em;vertical-align:top;padding-bottom:0.5em;color:#ffffff;background-color:#004591}
.navt{display:block;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;margin:0;padding:0;vertical-align:center;font-size:1.0em}
.here{background-color:#004591}
.here{color:#ffffff}
.away{background-color:#004591}
.away a{text-decoration:none;display:block;color:#ffffff}
.away a:hover,.away a:active{text-decoration:underline}
.main{padding:5px}
.main{background-color:#ffffff}
.pagetitle{font-size:1.4em;font-weight:bold}
@media only screen and (min-width:512px) {
.fixed{margin:0;padding:0;width:160px;height:100%;position:fixed;overflow:auto}
.main{margin-left:170px}
}
</style>
<title>
libntruprime: Speed</title>
</head>
<body>
<div class=fixed>
<div class=headline>
libntruprime</div>
<div class="navt away"><a href=index.html>Intro</a>
</div><div class="navt away"><a href=download.html>Download</a>
</div><div class="navt away"><a href=install.html>Install</a>
</div><div class="navt away"><a href=test.html>Test</a>
</div><div class="navt away"><a href=api.html>API</a>
</div><div class="navt away"><a href=cli.html>CLI</a>
</div><div class="navt away"><a href=security.html>Security</a>
</div><div class="navt away"><a href=verification.html>Verification</a>
</div><div class="navt here">Speed
</div><div class="navt away"><a href=internals.html>Internals</a>
</div><div class="navt away"><a href=people.html>People</a>
</div><div class="navt away"><a href=license.html>License</a>
</div></div>
<div class=main>
<div class=pagetitle>libntruprime: Speed</div>
<p>In the following speed table, smaller keygen/enc/dec numbers are better.
The numbers are interquartile means of single-core cycle counts on various microarchitectures.
Overclocking is disabled.</p>
<table>
<thead>
<tr>
<th style="text-align: left;">μarch</th>
<th style="text-align: left;">KEM</th>
<th style="text-align: right;">keypair</th>
<th style="text-align: right;">enc</th>
<th style="text-align: right;">dec</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">Zen 3 (2020)</td>
<td style="text-align: left;">sntrup653</td>
<td style="text-align: right;">624984</td>
<td style="text-align: right;">32586</td>
<td style="text-align: right;">45614</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup761</td>
<td style="text-align: right;">832981</td>
<td style="text-align: right;">35728</td>
<td style="text-align: right;">47720</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup857</td>
<td style="text-align: right;">1046715</td>
<td style="text-align: right;">42691</td>
<td style="text-align: right;">60909</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup953</td>
<td style="text-align: right;">1234177</td>
<td style="text-align: right;">45770</td>
<td style="text-align: right;">65164</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1013</td>
<td style="text-align: right;">1372132</td>
<td style="text-align: right;">46670</td>
<td style="text-align: right;">65848</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1277</td>
<td style="text-align: right;">2243926</td>
<td style="text-align: right;">59286</td>
<td style="text-align: right;">80917</td>
</tr>
<tr>
<td style="text-align: left;">Zen 2 (2019)</td>
<td style="text-align: left;">sntrup653</td>
<td style="text-align: right;">938915</td>
<td style="text-align: right;">38190</td>
<td style="text-align: right;">60364</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup761</td>
<td style="text-align: right;">1252286</td>
<td style="text-align: right;">41932</td>
<td style="text-align: right;">63279</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup857</td>
<td style="text-align: right;">1603327</td>
<td style="text-align: right;">51045</td>
<td style="text-align: right;">81958</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup953</td>
<td style="text-align: right;">1954404</td>
<td style="text-align: right;">54283</td>
<td style="text-align: right;">85850</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1013</td>
<td style="text-align: right;">2202132</td>
<td style="text-align: right;">55113</td>
<td style="text-align: right;">87982</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1277</td>
<td style="text-align: right;">3447331</td>
<td style="text-align: right;">69302</td>
<td style="text-align: right;">108263</td>
</tr>
<tr>
<td style="text-align: left;">Cortex-A72 (2016)</td>
<td style="text-align: left;">sntrup653</td>
<td style="text-align: right;">9638356</td>
<td style="text-align: right;">693800</td>
<td style="text-align: right;">1241500</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup761</td>
<td style="text-align: right;">12849166</td>
<td style="text-align: right;">894735</td>
<td style="text-align: right;">1662045</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup857</td>
<td style="text-align: right;">16107454</td>
<td style="text-align: right;">1090320</td>
<td style="text-align: right;">2088182</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup953</td>
<td style="text-align: right;">20050844</td>
<td style="text-align: right;">1303813</td>
<td style="text-align: right;">2570311</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1013</td>
<td style="text-align: right;">22564453</td>
<td style="text-align: right;">1446928</td>
<td style="text-align: right;">2885112</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1277</td>
<td style="text-align: right;">35885422</td>
<td style="text-align: right;">2327244</td>
<td style="text-align: right;">4855653</td>
</tr>
<tr>
<td style="text-align: left;">Skylake (2015)</td>
<td style="text-align: left;">sntrup653</td>
<td style="text-align: right;">652780</td>
<td style="text-align: right;">39670</td>
<td style="text-align: right;">59354</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup761</td>
<td style="text-align: right;">825921</td>
<td style="text-align: right;">42616</td>
<td style="text-align: right;">61734</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup857</td>
<td style="text-align: right;">1083616</td>
<td style="text-align: right;">51061</td>
<td style="text-align: right;">78134</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup953</td>
<td style="text-align: right;">1274661</td>
<td style="text-align: right;">54933</td>
<td style="text-align: right;">82806</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1013</td>
<td style="text-align: right;">1493919</td>
<td style="text-align: right;">57335</td>
<td style="text-align: right;">87541</td>
</tr>
<tr>
<td style="text-align: left;"></td>
<td style="text-align: left;">sntrup1277</td>
<td style="text-align: right;">2179755</td>
<td style="text-align: right;">73587</td>
<td style="text-align: right;">108213</td>
</tr>
</tbody>
</table>
<p>Microarchitectures are listed in reverse chronological order of when they were introduced.</p>
<p>In the libntruprime distribution,
<code>command/ntruprime-speed.c</code> measures libntruprime;
<code>benchmarks/*-*</code> is the output of <code>ntruprime-speed</code> on various machines;
and <code>autogen/md-speed</code> extracts the table from those measurements.</p>
<p>The table reports only interquartile means of cycle counts, not the full distribution of cycle counts.
See the full output files
for differences between multiple measurements and the interquartile mean.</p>
<h3><a name="faster">Faster <code>sntrup</code> software</h3>
<p>There has been extensive further work on <code>sntrup</code> software speeds
beyond the current libntruprime speeds.
libntruprime has a policy of <a href="security.html">limiting code size</a>,
but if there are applications that need these speedups
then they can still be considered for inclusion in libntruprime:</p>
<ul>
<li>
<p><code>mult3sntrup761/avx2unsigned</code> in SUPERCOP
from Ming-Shing Chen:
faster multiplications on Intel/AMD.</p>
</li>
<li>
<p><code>invsntrup761/jumpdivsteps</code> in SUPERCOP
from Daniel J. Bernstein, Ming-Shing Chen, Gregor Seiler, and Bo-Yin Yang:
faster inversions on Intel/AMD.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2021/826">"OpenSSLNTRU: Faster post-quantum TLS key exchange"</a>
from Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, and Nicola Tuveri:
faster inversions for batch operations.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2022/930">"Multi-Parameter Support with NTTs for NTRU and NTRU Prime on Cortex-M4"</a>
from Erdem Alkim, Vincent Hwang, and Bo-Yin Yang:
faster multiplications on 32-bit ARM.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2023/541">"Algorithmic Views of Vectorized Polynomial Multipliers for NTRU and NTRU Prime"</a>
from Han-Ting Chen, Yi-Hua Chung, Vincent Hwang, Chi-Ting Liu, and Bo-Yin Yang:
faster multiplications on 64-bit ARM.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2023/604">"Pushing the Limit of Vectorized Polynomial Multiplication for NTRU Prime"</a>
from Vincent Hwang:
faster multiplications on 64-bit ARM and Intel/AMD.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2023/1580">"Algorithmic Views of Vectorized Polynomial Multipliers – NTRU Prime"</a>
from Vincent Hwang, Chi-Ting Liu, and Bo-Yin Yang:
faster multiplications on 64-bit ARM.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2023/1962">"A Survey of Polynomial Multiplications for Lattice-Based Cryptosystems"</a>
from Vincent Hwang:
faster multiplications on Intel/AMD.</p>
</li>
<li>
<p><a href="https://eprint.iacr.org/2024/644">"Jumping for Bernstein-Yang Inversion"</a>
from Li-Jie Jian, Ting-Yuan Wang, Bo-Yin Yang, and Ming-Shing Chen:
faster inversions on 64-bit ARM.</p>
</li>
</ul><hr><font size=1><b>Version:</b>
This is version 2024.08.25 of the "Speed" web page.
</font>
</div>
</body>
</html>