Independent, lab-certified benchmarks confirm the excellent energy efficiency and performance of ocrypto, using a mix of crypto operations that reflect realistic IoT communication scenarios.

Energy-efficiency and performance

As the measurements demonstrate (see below), no other pure software crypto library even comes close – neither regarding performance score nor energy score. And this is the case though while ocrypto provides a higher degree of side-channel resistance – thanks to strict constant-time, PC-secure and table-free operations on secret data - unlike any of the runners-up.

Here the highlights – ocrypto is about

  • 80% more energy-efficient than the runner-up (library B).
  • 60% faster than the runner-up (library B).
  • 5 - 6 times as energy-efficient as the next runner-up (library A).
  • 6 - 7 times as fast as the next runner-up (library A).

Some other observations (at the time of writing – December 14, 2021) - ocrypto is

  • more energy-efficient than any other pure software implementation, regardless of microcontroller type and clock frequency.
  • faster at 24 MHz than library A on a more modern processor core at 150 MHz.
  • the only library with constant-time, pc-secure and table-free code (for better side-channel resistance).
  • the only library with EEMBC-certified scores.

For more details and comparisons, please check the ocrypto scores published on the EEMBC SecureMark™-TLS benchmark Web site. This benchmark has been developed by the vendor-neutral Embedded Microprocessor Benchmark Consortium. It is a cryptography benchmark for IoT devices that measures both energy consumption and performance of cryptographic operations, for a workload that is typical for a microcontroller running a TLS session. This benchmark demonstrates that in spite of its focus on side-channel resistance, ocrypto is fast, and correspondingly energy-efficient.

To allow for a direct comparison, the benchmarks have also been run on the same hardware as the other libraries: a board with an STM32L476 microcontroller running at 80 or 24 MHz. As Keil compiler flags for these benchmarks, Os (i.e., balanced speed/size) has been used for ocrypto and O2 (i.e., speed) for the competing libraries.

Memory footprint

Sometimes, memory footprint is even more important than speed or energy consumption. Unfortunately, unlike ocrypto, the scores for the other libraries have been published without their code sizes, RAM and stack footprints. Internal, non-certified measurements at Oberon yielded the following results. Compared to ocrypto, the benchmark's crypto code of the

  • runner-up was more than 2.5 times as large (33.6 KB vs. 12.7 KB)
  • next runner-up was more than 6.5 times as large (86.0 KB vs. 12.7 KB)

For the size comparison, everything was measured using a Keil compiler with the Os compiler flag.

ocrypto sets the standard for software cryptography on embedded systems

In the end, these results mean that there are real-world IoT security scenarios where you don't have to choose between speed / energy efficiency, memory footprint, and side-channel resistance. For software implementations, ocrypto has set the standard in each dimension.