# Benchmarks

*Verificatum JavaScript Cryptographic Library*

*Version: *

*Date: *

*Browser: (best effort detection)*

Each benchmark computes at least
samples of the measured quantity and takes the average. The
running time of the layout engine is not included in the running
time. Note that benchmarks give different results using
different JavaScript engines and that other factors may
influence the results. In particular, the last measurements may
not reflect actual running time (it would be faster), since the
garbage collection is poor on some platforms. Thus, interpret
the results with care and investigate the particular case you
are interested in before drawing any hard conclusions.

The library is designed with pre-computation in mind all the way
up to the highest abstraction layer. Combined with a web worker
as in this benchmark, such computations can be done in the
background.

## Exponentiation

The running times include the cost of generating random
exponents, which gives an upper bound of the running time of the
actual exponentiation.

The running time of modular exponentiation is increased by
almost factor of 8 when the bit size of the modulus is doubled
as expected from a relatively naive implementation. A similar
behavior can be seen in the elliptic curves with growing field
size, but with a slightly smaller factor.

### Standard Multiplicative Groups

Waiting.

### Standard Elliptic Curves

Waiting.

## Fixed-basis Exponentiation for Selected Groups

Here zero gives plain exponentiation for easy reference.

Waiting.

## Encryption over Selected Groups

The running time of encryption grows linearly with the width, so
the values for greater widths are readily extrapolated from the
given numbers.

### El Gamal Encryption (ms / ciphertext)

This is only benchmarked for the purpose of comparison. It is
not CCA2 secure or even non-malleable, and should therefore not
be used unless other equivalent mechanisms are in place.

Waiting.

### El Gamal Encryption with Label and ZKPoK (ms / ciphertext)

This is the simplest cryptosystem, which is non-malleable in a
standard heuristic sense, i.e., it is the El Gamal cryptosystem
with proof of knowledge of the randomness turned non-interactive
using the Fiat-Shamir heuristic. This is not provably secure in
the random oracle model, but likely to be secure.

Waiting.

### Naor-Yung with Label and ZKPoK (ms / ciphertext)

This is the Naor-Yung cryptosystem, which is provably CCA2
secure with the Fiat-Shamir heuristic in the random oracle
model.

Waiting.