High-speed high-security signatures

D.J. Bernstein, N. Duif, T. Lange, P. Schwabe, B.Y. Yang

Research output: Contribution to journalArticleAcademicpeer-review

337 Citations (Scopus)


This paper shows that a $390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 109000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2^128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software side-channel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.
Original languageEnglish
Pages (from-to)77-89
JournalJournal of Cryptographic Engineering
Issue number2
Publication statusPublished - 2012


Dive into the research topics of 'High-speed high-security signatures'. Together they form a unique fingerprint.

Cite this