ocrypto sets the standard for software cryptography on embedded systems

For independent evidence, see the benchmark scores at https://www.eembc.org/securemark/scores.php!

As the measurements demonstrate, no other pure software crypto library even comes close – neither regarding performance score nor energy score. And this is the case even while ocrypto provides side-channel resistance – thanks to strict constant-time, PC-secure and table-free operations on secret data - unlike any of the runners-up.


Here the highlights - ocrypto is about

  • 80% more energy-efficient than the runner-up (library B).
  • 60% faster than the runner-up (library B).
  • 5 - 6 times as energy-efficient as the next runner-up (library A).
  • 6 - 7 times as fast as the next runner-up (library A).

Some other observations (at the time of writing – December 14, 2021) - ocrypto is

  • more energy-efficient than any other pure software implementation, regardless of microcontroller type and clock frequency.
  • faster at 24 MHz than library A on a more modern processor core at 150 MHz.
  • the only library with side-channel resistance guarantees.
  • the only library with EEMBC-certified scores.

For the detailed comparison, check out the score table.


These numbers come from the EEMBC SecureMark™-TLS benchmark. It has been developed by the vendor-neutral Embedded Microprocessor Benchmark Consortium. It is a cryptography benchmark for IoT devices that measures both energy consumption and performance of cryptographic operations, for a workload that is typical for a microcontroller running a TLS session. This benchmark demonstrates that in spite of its focus on side-channel resistance, ocrypto is fast, and correspondingly energy-efficient.

To allow for a direct comparison, the benchmarks – using ocrypto release 3.0 – have been run on the same hardware as the other libraries: a board with an STM32L476 microcontroller running at 80 or 24 MHz.


Sometimes, memory footprint is even more important than speed or energy consumption. Unfortunately, the scores for the other libraries have been published without their code, RAM and stack footprints. Internal, non-certified measurements at Oberon yielded the following results. Compared to ocrypto, the benchmark's crypto code of the

  • runner-up was more than 2.5 times as large (33.6 KB vs. 12.7 KB)
  • next runner-up was more than 6.5 times as large (86.0 KB vs. 12.7 KB)

Everything was measured using a Keil compiler with the Os compiler flag.


In the end, these results mean that there are real-world IoT security scenarios where you don't have to choose between speed / energy efficiency, memory footprint, and side-channel resistance. ocrypto has set the standard in each dimension.