D. J. Bernstein
Hash functions and ciphers
Notes on the ECRYPT Stream Cipher Project (eSTREAM)

Software timings

Old-style graphs

Old-style database
Generating old-style data and graphs
New-style graphs

New-style database
Generating new-style data and graphs
Comparing median-cycle-count graphs

Future timings
Credits

Old-style graphs

The following graphs report cycle counts for encryption. There are several important limitations in the information conveyed by these old-style graphs, compared to the new-style graphs shown below:

The old-style graphs report encryption time for each stream cipher. Applications need authentication, so most stream ciphers need to be combined with authentication mechanisms, adding some number of cycles per byte; but some stream ciphers have authentication built in. The old-style graphs ignore this difference. The new-style graphs report time for authenticated encryption.
The old-style graphs report only encryption. The new-style graphs report encryption, decryption of valid packets, and rejection of invalid packets. Some ciphers reject as slowly as they decrypt, while others reject much more quickly; this is shown in the new-style graphs and not in the old-style graphs.
The old-style graphs report only a few selected packet lengths: 40 bytes, 576 bytes, 1500 bytes, long. The new-style graphs report every packet length between 0 bytes and 8192 bytes.
The old-style graphs are dedicated to single-key benchmarks, except for an "agility" benchmark of unclear relevance to the user. The new-style graphs report, for each short packet size, for each k in {1,2,4,8,...,8192}, encryption time under a random choice of key from k active keys.

I've omitted broken ciphers (including RC4) from these graphs.

Some additional ciphers were "archived" by the eSTREAM committee at the end of Phase 2 of eSTREAM, even though they have not been broken:

DICING: "While no attacks have been report against DICING (P2), it does not seem to offer any significant performance advantages over the AES or over other candidates submitted to eSTREAM."
Phelix: Archived for stupid marketing reasons.
Polar Bear v2: "Generally speaking, the software performance of Polar Bear v2 doesn't compare too well to many other eSTREAM candidates."
TPy, TPy6, and TPypy: Too new to be considered as part of eSTREAM. The previously submitted Py, Py6, and Pypy were all broken.
ZK-Crypt: "Zk-Crypt has poor documentation. This is a great obstacle to anyone trying to attempt cryptanalysis. In particular, within a limited timeframe, anyone looking over the set of eSTREAM submissions with a view to attempting cryptanalysis on one of them, will almost certainly pick an algorithm that can be understood more readily. We suspect that there has been little independent security analysis of Zk-Crypt and, with the documentation to hand, we would expect this to continue in the third phase."

These "archived" ciphers are omitted from the following graphs:

I presented graphs of this type at the SASC 2006 workshop, comparing the speeds (and other features) of the 256-bit ciphers:

[stream256] 14pp. (PDF) D. J. Bernstein. Comparison of 256-bit stream ciphers at the beginning of 2006. Document ID: eff0eb8eebacda58462948ab97ca48a0. URL: https://cr.yp.to/papers.html#stream256. Date: 2006.01.23. Supersedes: (PDF) 2005.12.23.

I also used an interactive tool to move around graphs similar to the graphs in the paper. Here's how to download and use the tool:

     wget https://cr.yp.to/streamciphers/timings/estreamdraw.c.20070120
     wget https://cr.yp.to/streamciphers/timings/machines.txt
     wget https://cr.yp.to/streamciphers/timings/ciphers-tograph.txt
     wget https://cr.yp.to/streamciphers/timings/olddatabase.txt
     cp estreamdraw.c.20070120 estreamdraw.c
     gcc -o estreamdraw estreamdraw.c \
     -I/usr/X11R6/include -L/usr/X11R6/lib -lXm -lX11 -lm
     cat machines.txt ciphers-tograph.txt olddatabase.txt | ./estreamdraw

Keyboard commands: q to quit, h and l to move x positions, j and k to select other ciphers, = and - to select or deselect a second cipher, o and O to add or subtract overhead, [ and ] and space to switch among graphs.

Here is an updated comparison paper for the phase-3 software ciphers:

[phase3speed] 13pp. (PDF) D. J. Bernstein. Which phase-3 eSTREAM ciphers provide the best software speeds? Document ID: 185342964abfcd1357a58e3caf9e61d9. URL: https://cr.yp.to/papers.html#phase3speed. Date: 2008.03.31. Supersedes: (PDF) 2008.02.25.

Old-style database

The old-style database is in a format designed for easy computer processing. Each line in the database has four space-separated words:

Operation measured; e.g., cipher1500 for setting up a nonce and encrypting 1500 bytes.
Computer; e.g., katana.
Key bits and cipher, separated by a dot; e.g., 128.ABCv3.
Cycles per byte; e.g., 2.76.

The old-style database was extracted from a collection of old-style reports. The old-style reports were designed for web-browser viewing rather than computer processing.

See the official eSTREAM web site for additional reports collected by Christophe De Canniere.

Generating old-style reports, data, and graphs

To generate reports on one machine using the old toolkit:

     wget https://cr.yp.to/streamciphers/timings/estreambench-20080905.tar.bz2
     bunzip2 < estreambench-20080905.tar.bz2 | tar -xf -
     cd estreambench-20080905
     chmod +x start scripts/*
     (echo '';echo '';echo '';echo '';echo '') | scripts/configure
     cd reports-`hostname`
     (../scripts/run; echo y|../scripts/collect) > run.log 2>&1 </dev/null &

Several machines sharing a network filesystem can run simultaneously inside the same trunk-* directory, each using its own reports directory.

To convert reports into data and graphs (on a system with gnuplot and netpbm installed), first download my conversion tools and cipher list into the directory that contains the trunk-* directory:

     wget https://cr.yp.to/streamciphers/timings/ciphers-tograph.txt
     wget https://cr.yp.to/streamciphers/timings/ciphers-focus.txt
     wget https://cr.yp.to/streamciphers/timings/machines.txt.do
     wget https://cr.yp.to/streamciphers/timings/olddatabase.txt.do
     wget https://cr.yp.to/streamciphers/timings/machinespeed.txt.do
     wget https://cr.yp.to/streamciphers/timings/machinedesc.txt
     wget https://cr.yp.to/streamciphers/timings/cipherspeed.txt.do
     wget https://cr.yp.to/streamciphers/timings/onegraph.do
     wget https://cr.yp.to/streamciphers/timings/oldgraphs.do
     wget https://cr.yp.to/streamciphers/timings/oldgraphs-focus.do

Then convert the reports into data, build sorted lists of machines and ciphers, and convert the data into graphs:

     sh machines.txt.do
     sh olddatabase.txt.do
     sh machinespeed.txt.do
     sh cipherspeed.txt.do
     sh oldgraphs.do
     sh oldgraphs-focus.do

Here are various versions of the old toolkit:

trunk-20051107.tar.gz (official)
trunk-20051222-141.tar.gz (official)
trunk-20051229-147.tar.gz (official)
trunk-20060116-156.tar.gz (official)
trunk-20060223-162.tar.gz (official)
trunk-20060302-163.tar.gz (official)
estreambench-20061031.tar.gz (my update, including "phase 2" cipher implementations)
estreambench-20061108.tar.gz
estreambench-20061117.tar.gz
estreambench-20061121.tar.gz
estreambench-20061122.tar.gz
estreambench-20061126.tar.gz
estreambench-20061130.tar.gz
estreambench-20061206.tar.bz2
estreambench-20061208.tar.bz2
estreambench-20061217.tar.bz2
estreambench-20061222.tar.bz2
estreambench-20061224.tar.bz2
estreambench-20070111.tar.bz2
trunk-20070118-199.tar.bz2 (bz2-compressed copy of version 199 of official toolkit)
trunk-20070129-206.tar.bz2
estreambench-20070618.tar.bz2
estreambench-20070917.tar.bz2
estreambench-20080118.tar.bz2
estreambench-20080120.tar.bz2
estreambench-20080206.tar.bz2
estreambench-20080209.tar.bz2
trunk-20080228-216.tar.bz2
estreambench-20080316.tar.bz2 (finally includes official LEX v2 software; also includes some AES/LEX implementations from Peter Schwabe)
estreambench-20080326.tar.bz2
estreambench-20080905.tar.bz2 (includes record-setting AES implementations from Peter Schwabe)

New-style graphs

The following array of graphs reports cycle counts for secret-key cryptography: specifically, for (authenticated) encryption of packets, (verified) decryption of packets, and rejection of forged packets.

Rows in the array are authenticated-encryption systems. Columns in the array are computers. Within each graph, the horizontal axis is packet length, between 0 bytes and 8192 bytes. The vertical axis is time, between 0 cycles and 98304 cycles. The diagonal from the lower left corner of the graph to the upper right corner is 12 cycles per byte.

For most ciphers, there are two visible black lines stretching across each graph. The higher line shows the time for encryption and decryption. The lower line shows the time for rejection. This separation is not visible for unified systems where rejection and decryption take the same amount of time, such as phelix:256,128,128.

Each system is timed repeatedly, with the results superimposed on the same graph. Faint "shadow" lines above the original lines often indicate cache misses in the initial timings. "Blurry" lines often indicate time variability from data-dependent array indexing.

For some ciphers, multiple colors spread from the higher line up to a curve strecthing partway across the graph. These points indicate the time for encrypting packets of {0,1,...,2048} bytes using a random key from a pool of 8192 active keys; the time for encrypting packets of {0,1,...,1920} bytes using a random key from a pool of 4096 active keys; the time for encrypting packets of {0,1,...,1792} bytes using a random key from a pool of 2048 active keys; etc.

Broken graph links and empty graphs can be produced by systems that have no working implementations, by systems where all the working implementations were too slow, by systems where the fastest apparently-working implementation turned out not to work, or by systems that were added later to the benchmark suite.

amd64 2000MHz (one of two CPU cores) AMD Athlon 64 X2 (15,75,2) owned by UIC named mace amd64 2137MHz (one of two CPU cores) Intel Core 2 Duo (6f6) owned by UIC named katana amd64 3000MHz Intel Pentium 4 (f43) owned by TU/e named pclin153 ia64 1600MHz (one of two CPUs) HP Itanium II owned by HP named td160 ppc32 533MHz (one of two CPUs) Motorola PowerPC G4 7410 owned by UIC named gggg sparcv9 900MHz (one of eight CPUs) Sun UltraSPARC III owned by UIC named icarus x86 900MHz AMD Athlon (622) owned by UIC named thoth x86 1000MHz Intel Pentium III (68a) owned by UIC named neumann x86 1400MHz (one of two CPUs) Intel Pentium III (6b1) owned by HP named td158 x86 2137MHz (one of two CPU cores) Intel Core 2 Duo (6f6) owned by UIC named katana-x86 x86 2800MHz (one of two CPUs) Intel Xeon (f29) owned by TU/e named poema x86 3000MHz (one of eight CPUs) Intel Xeon (f26) owned by HP named td185 x86 3000MHz Intel Pentium 4 (f41) owned by TU/e named pclin118 x86 3400MHz Intel Pentium 4 (f29) owned by UIC named shellold

abc-v3-hmacmd5:128,128 abc-v3-hmacmd5:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-128-hmacmd5:128,128 aes-128-hmacmd5:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-256-hmacmd5:256,128 aes-256-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

cryptmt-v2-hmacmd5:256,128 cryptmt-v2-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dicing-v2-hmacmd5:256,128 dicing-v2-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dragon-hmacmd5:256,128 dragon-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-v1-hmacmd5:80,64 grain-v1-hmacmd5:80,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-128-hmacmd5:128,96 grain-128-hmacmd5:128,96

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-128-hmacmd5:128,128 hc-128-hmacmd5:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-256-hmacmd5:256,128 hc-256-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

lex-v1-hmacmd5:128,128 lex-v1-hmacmd5:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

mir-1-hmacmd5:128,64 mir-1-hmacmd5:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls:128,128,128 nls:128,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls-hmacmd5:128,128 nls-hmacmd5:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

phelix:256,128,128 phelix:256,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py6-hmacmd5:256,128 py6-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py-hmacmd5:256,128 py-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

pypy-hmacmd5:256,128 pypy-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

rabbit-hmacmd5:128,64 rabbit-hmacmd5:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-8-hmacmd5:256,64 salsa20-8-hmacmd5:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-12-hmacmd5:256,64 salsa20-12-hmacmd5:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-hmacmd5:256,64 salsa20-hmacmd5:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

snow-2.0-hmacmd5:256,128 snow-2.0-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

sosemanuk-hmacmd5:256,128 sosemanuk-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

trivium-hmacmd5:80,80 trivium-hmacmd5:80,80

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

yamb-hmacmd5:256,128 yamb-hmacmd5:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

abc-v3-poly1305:128,128 abc-v3-poly1305:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-128-poly1305:128,128 aes-128-poly1305:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-256-poly1305:256,128 aes-256-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

cryptmt-v2-poly1305:256,128 cryptmt-v2-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dicing-v2-poly1305:256,128 dicing-v2-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dragon-poly1305:256,128 dragon-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-v1-poly1305:80,64 grain-v1-poly1305:80,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-128-poly1305:128,96 grain-128-poly1305:128,96

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-128-poly1305:128,128 hc-128-poly1305:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-256-poly1305:256,128 hc-256-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

lex-v1-poly1305:128,128 lex-v1-poly1305:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

mir-1-poly1305:128,64 mir-1-poly1305:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls:128,128,128 nls:128,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls-poly1305:128,128 nls-poly1305:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

phelix:256,128,128 phelix:256,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py6-poly1305:256,128 py6-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py-poly1305:256,128 py-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

pypy-poly1305:256,128 pypy-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

rabbit-poly1305:128,64 rabbit-poly1305:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

rc4-poly1305:256,0 rc4-poly1305:256,0

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-8-poly1305:256,64 salsa20-8-poly1305:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-12-poly1305:256,64 salsa20-12-poly1305:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-poly1305:256,64 salsa20-poly1305:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

snow-2.0-poly1305:256,128 snow-2.0-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

sosemanuk-poly1305:256,128 sosemanuk-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

trivium-poly1305:80,80 trivium-poly1305:80,80

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

yamb-poly1305:256,128 yamb-poly1305:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

abc-v3-umac128:128,128 abc-v3-umac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-128-umac128:128,128 aes-128-umac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-256-umac128:256,128 aes-256-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

cryptmt-v2-umac128:256,128 cryptmt-v2-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dicing-v2-umac128:256,128 dicing-v2-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dragon-umac128:256,128 dragon-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-v1-umac128:80,64 grain-v1-umac128:80,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-128-umac128:128,96 grain-128-umac128:128,96

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-128-umac128:128,128 hc-128-umac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-256-umac128:256,128 hc-256-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

lex-v1-umac128:128,128 lex-v1-umac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

mir-1-umac128:128,64 mir-1-umac128:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls:128,128,128 nls:128,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls-umac128:128,128 nls-umac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

phelix:256,128,128 phelix:256,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py6-umac128:256,128 py6-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py-umac128:256,128 py-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

pypy-umac128:256,128 pypy-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

rabbit-umac128:128,64 rabbit-umac128:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-8-umac128:256,64 salsa20-8-umac128:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-12-umac128:256,64 salsa20-12-umac128:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-umac128:256,64 salsa20-umac128:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

snow-2.0-umac128:256,128 snow-2.0-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

sosemanuk-umac128:256,128 sosemanuk-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

trivium-umac128:80,80 trivium-umac128:80,80

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

yamb-umac128:256,128 yamb-umac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

abc-v3-vmac128:128,128 abc-v3-vmac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-128-vmac128:128,128 aes-128-vmac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

aes-256-vmac128:256,128 aes-256-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

cryptmt-v2-vmac128:256,128 cryptmt-v2-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dicing-v2-vmac128:256,128 dicing-v2-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

dragon-vmac128:256,128 dragon-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-v1-vmac128:80,64 grain-v1-vmac128:80,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

grain-128-vmac128:128,96 grain-128-vmac128:128,96

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-128-vmac128:128,128 hc-128-vmac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

hc-256-vmac128:256,128 hc-256-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

lex-v1-vmac128:128,128 lex-v1-vmac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

mir-1-vmac128:128,64 mir-1-vmac128:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls:128,128,128 nls:128,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

nls-vmac128:128,128 nls-vmac128:128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

phelix:256,128,128 phelix:256,128,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py6-vmac128:256,128 py6-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

py-vmac128:256,128 py-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

pypy-vmac128:256,128 pypy-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

rabbit-vmac128:128,64 rabbit-vmac128:128,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-8-vmac128:256,64 salsa20-8-vmac128:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-12-vmac128:256,64 salsa20-12-vmac128:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

salsa20-vmac128:256,64 salsa20-vmac128:256,64

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

snow-2.0-vmac128:256,128 snow-2.0-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

sosemanuk-vmac128:256,128 sosemanuk-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

trivium-vmac128:80,80 trivium-vmac128:80,80

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

yamb-vmac128:256,128 yamb-vmac128:256,128

mace katana pclin153 td160 gggg icarus thoth neumann td158 katana-x86 poema td185 pclin118 shell

	amd64 2000MHz (one of two CPU cores) AMD Athlon 64 X2 (15,75,2) owned by UIC named mace	amd64 2137MHz (one of two CPU cores) Intel Core 2 Duo (6f6) owned by UIC named katana	amd64 3000MHz Intel Pentium 4 (f43) owned by TU/e named pclin153	ia64 1600MHz (one of two CPUs) HP Itanium II owned by HP named td160	ppc32 533MHz (one of two CPUs) Motorola PowerPC G4 7410 owned by UIC named gggg	sparcv9 900MHz (one of eight CPUs) Sun UltraSPARC III owned by UIC named icarus	x86 900MHz AMD Athlon (622) owned by UIC named thoth	x86 1000MHz Intel Pentium III (68a) owned by UIC named neumann	x86 1400MHz (one of two CPUs) Intel Pentium III (6b1) owned by HP named td158	x86 2137MHz (one of two CPU cores) Intel Core 2 Duo (6f6) owned by UIC named katana-x86	x86 2800MHz (one of two CPUs) Intel Xeon (f29) owned by TU/e named poema	x86 3000MHz (one of eight CPUs) Intel Xeon (f26) owned by HP named td185	x86 3000MHz Intel Pentium 4 (f41) owned by TU/e named pclin118	x86 3400MHz Intel Pentium 4 (f29) owned by UIC named shellold
abc-v3-hmacmd5:128,128															abc-v3-hmacmd5:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-128-hmacmd5:128,128															aes-128-hmacmd5:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-256-hmacmd5:256,128															aes-256-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
cryptmt-v2-hmacmd5:256,128															cryptmt-v2-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dicing-v2-hmacmd5:256,128															dicing-v2-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dragon-hmacmd5:256,128															dragon-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-v1-hmacmd5:80,64															grain-v1-hmacmd5:80,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-128-hmacmd5:128,96															grain-128-hmacmd5:128,96
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-128-hmacmd5:128,128															hc-128-hmacmd5:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-256-hmacmd5:256,128															hc-256-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
lex-v1-hmacmd5:128,128															lex-v1-hmacmd5:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
mir-1-hmacmd5:128,64															mir-1-hmacmd5:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls:128,128,128															nls:128,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls-hmacmd5:128,128															nls-hmacmd5:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
phelix:256,128,128															phelix:256,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py6-hmacmd5:256,128															py6-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py-hmacmd5:256,128															py-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
pypy-hmacmd5:256,128															pypy-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
rabbit-hmacmd5:128,64															rabbit-hmacmd5:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-8-hmacmd5:256,64															salsa20-8-hmacmd5:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-12-hmacmd5:256,64															salsa20-12-hmacmd5:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-hmacmd5:256,64															salsa20-hmacmd5:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
snow-2.0-hmacmd5:256,128															snow-2.0-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
sosemanuk-hmacmd5:256,128															sosemanuk-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
trivium-hmacmd5:80,80															trivium-hmacmd5:80,80
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
yamb-hmacmd5:256,128															yamb-hmacmd5:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
abc-v3-poly1305:128,128															abc-v3-poly1305:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-128-poly1305:128,128															aes-128-poly1305:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-256-poly1305:256,128															aes-256-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
cryptmt-v2-poly1305:256,128															cryptmt-v2-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dicing-v2-poly1305:256,128															dicing-v2-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dragon-poly1305:256,128															dragon-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-v1-poly1305:80,64															grain-v1-poly1305:80,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-128-poly1305:128,96															grain-128-poly1305:128,96
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-128-poly1305:128,128															hc-128-poly1305:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-256-poly1305:256,128															hc-256-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
lex-v1-poly1305:128,128															lex-v1-poly1305:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
mir-1-poly1305:128,64															mir-1-poly1305:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls:128,128,128															nls:128,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls-poly1305:128,128															nls-poly1305:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
phelix:256,128,128															phelix:256,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py6-poly1305:256,128															py6-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py-poly1305:256,128															py-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
pypy-poly1305:256,128															pypy-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
rabbit-poly1305:128,64															rabbit-poly1305:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
rc4-poly1305:256,0															rc4-poly1305:256,0
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-8-poly1305:256,64															salsa20-8-poly1305:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-12-poly1305:256,64															salsa20-12-poly1305:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-poly1305:256,64															salsa20-poly1305:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
snow-2.0-poly1305:256,128															snow-2.0-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
sosemanuk-poly1305:256,128															sosemanuk-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
trivium-poly1305:80,80															trivium-poly1305:80,80
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
yamb-poly1305:256,128															yamb-poly1305:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
abc-v3-umac128:128,128															abc-v3-umac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-128-umac128:128,128															aes-128-umac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-256-umac128:256,128															aes-256-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
cryptmt-v2-umac128:256,128															cryptmt-v2-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dicing-v2-umac128:256,128															dicing-v2-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dragon-umac128:256,128															dragon-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-v1-umac128:80,64															grain-v1-umac128:80,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-128-umac128:128,96															grain-128-umac128:128,96
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-128-umac128:128,128															hc-128-umac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-256-umac128:256,128															hc-256-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
lex-v1-umac128:128,128															lex-v1-umac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
mir-1-umac128:128,64															mir-1-umac128:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls:128,128,128															nls:128,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls-umac128:128,128															nls-umac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
phelix:256,128,128															phelix:256,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py6-umac128:256,128															py6-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py-umac128:256,128															py-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
pypy-umac128:256,128															pypy-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
rabbit-umac128:128,64															rabbit-umac128:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-8-umac128:256,64															salsa20-8-umac128:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-12-umac128:256,64															salsa20-12-umac128:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-umac128:256,64															salsa20-umac128:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
snow-2.0-umac128:256,128															snow-2.0-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
sosemanuk-umac128:256,128															sosemanuk-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
trivium-umac128:80,80															trivium-umac128:80,80
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
yamb-umac128:256,128															yamb-umac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
abc-v3-vmac128:128,128															abc-v3-vmac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-128-vmac128:128,128															aes-128-vmac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
aes-256-vmac128:256,128															aes-256-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
cryptmt-v2-vmac128:256,128															cryptmt-v2-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dicing-v2-vmac128:256,128															dicing-v2-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
dragon-vmac128:256,128															dragon-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-v1-vmac128:80,64															grain-v1-vmac128:80,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
grain-128-vmac128:128,96															grain-128-vmac128:128,96
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-128-vmac128:128,128															hc-128-vmac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
hc-256-vmac128:256,128															hc-256-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
lex-v1-vmac128:128,128															lex-v1-vmac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
mir-1-vmac128:128,64															mir-1-vmac128:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls:128,128,128															nls:128,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
nls-vmac128:128,128															nls-vmac128:128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
phelix:256,128,128															phelix:256,128,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py6-vmac128:256,128															py6-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
py-vmac128:256,128															py-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
pypy-vmac128:256,128															pypy-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
rabbit-vmac128:128,64															rabbit-vmac128:128,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-8-vmac128:256,64															salsa20-8-vmac128:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-12-vmac128:256,64															salsa20-12-vmac128:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
salsa20-vmac128:256,64															salsa20-vmac128:256,64
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
snow-2.0-vmac128:256,128															snow-2.0-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
sosemanuk-vmac128:256,128															sosemanuk-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
trivium-vmac128:80,80															trivium-vmac128:80,80
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell
yamb-vmac128:256,128															yamb-vmac128:256,128
	mace	katana	pclin153	td160	gggg	icarus	thoth	neumann	td158	katana-x86	poema	td185	pclin118	shell

My SASC 2007 paper presented some of these graphs:

[aecycles] 13pp. (PDF) D. J. Bernstein. Cycle counts for authenticated encryption. Document ID: be6b4df07eb1ae67aba9338991b78388. URL: https://cr.yp.to/papers.html#aecycles. Date: 2007.01.18. Supersedes: (PDF) 2007.01.13. (PDF) 2007.01.12. (PDF) 2007.01.11.

Comparing median-cycle-count graphs

At SASC 2007 I used a fast graphing tool to superimpose and compare median-cycle-count graphs. The median-cycle-count graphs don't show how cycle counts are distributed around the median but are otherwise similar to the new-style graphs shown above. Here's a sample screenshot from the tool:

The tool requires a local copy of the median-cycle-count database (a few hundred megabytes). Here's how to download the database, download the graphing tool, and use the graphing tool:

     wget https://cr.yp.to/streamciphers/timings/viz/median2ram.c
     wget https://cr.yp.to/streamciphers/timings/viz/rams.do
     wget https://cr.yp.to/streamciphers/timings/viz/AESCHEMES
     wget https://cr.yp.to/streamciphers/timings/viz/MACHINES
     wget https://cr.yp.to/streamciphers/timings/viz/viz.c
     wget https://cr.yp.to/streamciphers/timings/viz/font.h
     wget https://cr.yp.to/streamciphers/timings/viz/font.c
     wget https://cr.yp.to/streamciphers/timings/medians.tar
     tar -xf medians.tar
     gcc -o median2ram median2ram.c -O3 -fomit-frame-pointer
     gcc -o viz viz.c font.c -O3 -fomit-frame-pointer -lX11 -lm
     sh rams.do
     cat AESCHEMES MACHINES | ./viz

New-style database

The new-style database is in a format designed for easy computer processing. Each line in the database has the following series of space-separated words:

Version of the ciphercycles toolkit; e.g., 20070116.
Computer; e.g., katana.
Date when the timings were collected; e.g., 20070117.
Authenticated-encryption system; e.g., aes-128-poly1305.
System version; e.g., 1.
System parameters; e.g., 128,128.
System tuning; e.g., amd64-2.
Compiler; e.g., gcc_-O3_-fomit-frame-pointer.
Compiler version; e.g., 4.0.3_(Ubuntu_4.0.3-1ubuntu5).
Poly1305 tuning; e.g., poly1305_53x.
Operation measured; e.g., encrypt.
Plaintext bytes; e.g., 2048.
Number of active keys; e.g., 16384.
Type of measurement; e.g., cycles.
Implementation of cpucycles; e.g., amd64cpuinfo.
Median measurement; e.g., 41112.
All measurements; e.g., 42416 41112 41152 41064 40536 41152 41168 41160 40984 41008 41208 41264 41112 41048 41008.

The new-style database is large (several gigabytes). A relatively small median-cycle-count database (a few hundred megabytes) was extracted from the new-style database and is now available for download:

     wget https://cr.yp.to/streamciphers/timings/medians.tar
     tar -xf medians.tar

The extract is in a format designed for easy computer processing. Each line in the extract has the following series of space-separated words:

Operation measured; e.g., encrypt.
Plaintext bytes; e.g., 576.
Number of active keys; e.g., 8192. Can also be - for a single-key test.
Median cycle count; e.g., 10272.

The extract is split across many files in several directories. Directories are labelled by toolkit version and computer. Files are labelled by computer, authenticated-encryption system, and system parameters.

Generating new-style data and graphs

To generate data and graphs on one machine using the new toolkit:

     wget https://cr.yp.to/streamciphers/timings/ciphercycles-20070205.tar.bz2
     bunzip2 < ciphercycles-20070205.tar.bz2 | tar -xf -
     cd ciphercycles-20070205
     ./do &

Output is in the 20070205-host directory: *:output.gz for the data (one file for each cipher), *.png for graphs (assuming that the pnmtopng program from the netpbm package is installed), *:notes.gz for cipher-specific notes, and :notes for general notes.

Notes on resource use: Version 20070128 takes 610 minutes on katana; 738 minutes on shellold; 769 minutes on td160; 781 minutes on mace; 878 minutes on pclin153; 1567 minutes on neumann; 1726 minutes on poema; 1929 minutes on pclin118; and 3210 minutes on icarus. Version 20070205 is faster; it omits broken ciphers.

Here are all versions of the new toolkit:

Future timings

More CPUs. The existing benchmark toolkit should be run on more machines.

More levels of instruction-cache competition. The toolkit should systematically measure encryption times with different amounts of competition for instruction-cache space. Instruction-cache misses are expensive; a cipher that doesn't leave room in cache for the rest of the network stack might do well on benchmarks but will do badly in real-world tests. Right now the toolkit doesn't even do a crude code-size measurement.

More communication costs. The current benchmarks show that some ciphers are dramatically slowed down when many keys are active. The obvious explanation is the cache-miss cost of loading an expanded key that isn't in cache. What about the cache-miss cost of loading a message that isn't in cache? This should be measured even if it doesn't interact with the choice of cipher.

Cipher software for more platforms. eSTREAM has done a fantastic job of encouraging authors to write and publish stream-cipher implementations suitable for benchmarking. But these are implementations for big CPUs (e.g., a Pentium) used in laptops, servers, etc.; most of them won't work on small CPUs (e.g., an 8051) used in embedded systems. The performance picture for small CPUs, like the performance picture for FPGAs and ASICs, is horribly unclear.

I can easily imagine a benchmarking toolkit aimed at small CPUs, built on top of a cycle-accurate small-CPU simulator. But who will implement all the stream ciphers for all these CPUs? Maybe an automatic code translator would work for small ciphers, but fitting large ciphers into limited RAM will be a struggle.

Cipher software for additional security requirements. Users who aren't happy with 80-bit security can easily find encryption software labelled as providing 128-bit security. Users who aren't happy with 128-bit security can easily find encryption software labelled as providing 256-bit security. But what about users who aren't happy with timing leaks? There's a limited selection of software protected against timing attacks. Nobody has written Py software protected against timing attacks, for example, so it isn't possible to see how much slowdown is caused by this protection.

Automatic benchmarking of new and updated software. Cipher authors can and generally do write software that fits the API of the benchmarking toolkit. It would be nice to have the software magically timed on a wide variety of machines.

What happens today falls far short of this goal. The toolkit author manually includes the new software in the toolkit and posts the new toolkit. Someone manually starts the new toolkit on each of the benchmark machines. Manual intervention means considerable latency: benchmark reports are often months or years out of date.

There's no reason for this manual effort. The benchmark machines should automatically run new software, subject to security constraints (each cipher should be confined to its own sandbox) and resource limits.

Credits

There have been several efforts to unify stream-cipher implementations under a common API for benchmarking. Markus Dichtl and Eli Biham specified an API in 2002 as an official part of the NESSIE project. Christophe De Canniere specified a revised API in 2005 as an official part of ECRYPT's eSTREAM project. I specified a new API in 2007 as a contribution to eSTREAM.

Each of us wrote a corresponding toolkit for benchmarking ciphers that matched the API. The NESSIE and eSTREAM toolkits produced old-style reports; I wrote tools to convert the old-style reports into the old-style database and the old-style graphs. My toolkit, ciphercycles, produces the new-style database and new-style graphs.

Almost all of the eSTREAM submissions were accompanied by reference implementations within the official eSTREAM API. Quite a few improved implementations were added later. Most of the implementations were written by the cipher authors. Some exceptions: the original AES implementation was from Brian Gladman; I contributed faster AES code; I'm aware of contributions from Christophe De Canniere to quite a few cipher implementations.