ECRYPT

ECRYPT (European Network of Excellence in Cryptology) was a 4-year European research initiative launched on 1 February 2004 with the stated objective of promoting the collaboration of European researchers in information security, and especially in cryptology and digital watermarking.

ECRYPT listed five core research areas, termed "virtual laboratories": symmetric key algorithms (STVL), public key algorithms (AZTEC), protocol (PROVILAB), secure and efficient implementations (VAMPIRE) and watermarking (WAVILA).

In August 2008 the network started another 4-year phase as ECRYPT II.

Yearly report on algorithms and key lengths
During the project, algorithms and key lengths were evaluated yearly. The most recent of these documents is dated 30 September 2012.

Key sizes
Considering the budget of a large intelligence agency to be about US$300 million for a single ASIC machine, the recommended minimum key size is 84 bits, which would give protection for a few months. In practice, most commonly used algorithms have key sizes of 128 bits or more, providing sufficient security also in the case that the chosen algorithm is slightly weakened by cryptanalysis.

Different kinds of keys are compared in the document (e.g. RSA keys vs. EC keys). This "translation table" can be used to roughly equate keys of other types of algorithms with symmetric encryption algorithms. In short, 128 bit symmetric keys are said to be equivalent to 3248 bits RSA keys or 256-bit EC keys. Symmetric keys of 256 bits are roughly equivalent to 15424 bit RSA keys or 512 bit EC keys. Finally 2048 bit RSA keys are said to be equivalent to 103 bit symmetric keys.

Among key sizes, 8 security levels are defined, from the lowest "Attacks possible in real-time by individuals" (level 1, 32 bits) to "Good for the foreseeable future, also against quantum computers unless Shor's algorithm applies" (level 8, 256 bits). For general long-term protection (30 years), 128 bit keys are recommended (level 7).

Use of specific algorithms
Many different primitives and algorithms are evaluated. The primitives are:


 * symmetric encryption algorithms such as 3DES and AES;
 * block cipher modes of operation such as ECB, CBC, CTR and XTS;
 * authenticated encryption methods such as GCM;
 * stream ciphers RC4, eSTREAM and SNOW 2.0;
 * hashing algorithms MD5, RIPEMD-128/160, SHA-1, SHA-2 and Whirlpool;
 * MAC algorithms HMAC, CBC-MAC and CMAC;
 * asymmetric encryption algorithms ElGamal and RSA;
 * key exchange schemes and algorithms such as SSH, TLS, ISO/IEC 11770, IKE and RFC 5114;
 * key encapsulation mechanisms RSA-KEM and ECIES-KEM;
 * signature schemes such as RSA-PSS, DSA and ECDSA; and
 * public key authentication and identification algorithm GQ.

Note that the list of algorithms and schemes is non-exhaustive (the document contains more algorithms than are mentioned here).

Main Computational Assumptions in Cryptography
This document, dated 11 January 2013, provides "an exhaustive overview of every computational assumption that has been used in public key cryptography."

Report on physical attacks and countermeasures
The "Vampire lab" produced over 80 peer-reviewed and joined authored publications during the four years of the project. This final document looks back on results and discusses newly arising research directions. The goals were to advance attacks and countermeasures; bridging the gap between cryptographic protocol designers and smart card implementers; and to investigate countermeasures against power analysis attacks (contact-based and contact-less).