ECRYPT (European Network of Excellence in Cryptology) was a 4-year European research initiative launched on 1 February 2004 with the stated objective of promoting the collaboration of European researchers in information security, and especially in cryptology and digital watermarking.
ECRYPT listed five core research areas, termed "virtual laboratories": symmetric key algorithms (STVL), public key algorithms (AZTEC), (PROVILAB), secure and efficient implementations (VAMPIRE) and watermarking (WAVILA).
In August 2008 the network started another 4-year phase as ECRYPT II.
During the project, algorithms and key lengths were evaluated yearly. The most recent of these documents is dated 30 September 2012.
Considering the budget of a large intelligence agency to be about 300 million USD for a single ASIC machine, the recommended minimum key size is 84 bits, which would give protection for a few months. In practice, most commonly used algorithms have key sizes of 128 bits or more, providing sufficient security also in the case that the chosen algorithm is slightly weakened by cryptanalysis.
Different kinds of keys are compared in the document (e.g. RSA keys vs. EC keys). This "translation table" can be used to roughly equate keys of other types of algorithms with symmetric encryption algorithms. In short, 128 bit symmetric keys are said to be equivalent to 3248 bits RSA keys or 256-bit EC keys. Symmetric keys of 256 bits are roughly equivalent to 15424 bit RSA keys or 512 bit EC keys. Finally 2048 bit RSA keys are said to be equivalent to 103 bit symmetric keys.
Among key sizes, 8 security levels are defined, from the lowest "Attacks possible in real-time by individuals" (level 1, 32 bits) to "Good for the foreseeable future, also against quantum computers unless Shor's algorithm applies" (level 8, 256 bits). For general long-term protection (30 years), 128 bit keys are recommended (level 7).
Many different primitives and algorithms are evaluated. The primitives are:
Note that the list of algorithms and schemes is non-exhaustive (the document contains more algorithms than are mentioned here).
This document, dated 11 January 2013, provides "an exhaustive overview of every computational assumption that has been used in public key cryptography."