Diffie-Hellman (DH) Performance Test

Test metadata

Please note

• The textarea boxes for the domain parameters and key pairs are prefilled with default data.
• Replacing default data in one box clears any data that depends on it in subsequent boxes.
• Changing the lengths of the primes p and q restores the defaults for the chosen lengths.
• Browsers, particularly Microsoft Edge, may severely throttle the web workers used to measure performance after repeated measurements.
• Concurrent activity on the machine, or power-saving mode, will increase the measured timings.

FFC domain parameters

Choose the lengths (L,N) of the primes (p,q) for a desired security strength:
(2048,256) for 112 bits of security strength (3072,256) for 128 bits of security strength

You may use the domain parameters p, q and g in the text areas below, or generate new ones. Generation of new domain parameters may take a few minutes. It is silently performed in the background by a web worker.

To generate new domain parameters, enter a different initial domain parameter seed in the first text area below or click the button to generate one at random.

Generate Initial Domain Parameter Seed

Initial domain parameter seed (256 bits, encoded as 64 hex digits):
53d70bfdeca05cc4304193091f7a25f89b89d9b1722e4e03d75776860548ebde

Generate Domain Parameters Validate the generated domain parameters using Algorithm A.1.1.3 of NIST FIPS 186-4.

Generation of an FFC key pair for party A

DH uses FFC key pairs. You may use the private and public keys in the text areas below for party A, or time the generation of random FFC key pairs by clicking the button.

The time it takes to generate a key pair is estimated by an experiment run in the background, where a web worker uses performance.now() to measure the time it takes to generate 100 random key pairs. Since performance.now() measures elapsed time rather than computation time, the measured time may be inflated by any extraneous activity taking place in the machine at the same time. To partially compensate for that, the experiment is repeated ten times and the minimum elapsed time is reported. The last random key pair generated in the last repetition of the experiment is written to the private and public key text areas for party A.

Time the generation of FFC key pairs

Private key x_A:

Public key y_A:

Generation of an FFC key pair for party B

You may use the private and public keys in the text areas below for party B, or generate a random FFC key pair by clicking the button.

Generate one random key pair for party B

Private key x_B:

Public key y_B:

DH key exchange computation by party A

Click the button below to time the DH computation performed by party A.

As when timing key pair generation, the time it takes to perform a DH computation is estimated by an experiment run in the background, where a web worker uses performance.now() to measure the time it takes to perform 100 computations. Since performance.now() measures elapsed time rather than computation time, the measured time may be inflated by any extraneous activity taking place in the machine at the same time. To partially compensate for that, the experiment is repeated ten times and the minimum elapsed time is reported. The resulting shared secret is hex-encoded and written to the text area below.

You may check the public key validation checkbox to include validation of the public key of party B in the timing, performed as specified by Algorithm 5.6.2.3.1 of NIST SP 800-56Ar2. (An uncertified public key submitted by an untrusted party must be validated before performing a DH key exchange with that party.)

Time the DH computation by party A Include the validation of the public key of party B in the timing

Shared secret computed by party A (hex encoded):

DH key exchange computation by party B

Click the button below to perform the DH computation of party B.

Perform the DH computation of party B

Shared secret computed by party B (hex encoded):