Cryptology ePrint Archive: Report 2010/612
Cryptanalysis of Hummingbird-1
Markku-Juhani O. Saarinen
Abstract: Hummingbird-1 is a lightweight encryption and message authentication primitive published in RISC ’09 and WLC ’10. Hummingbird-1 utilizes a 256-bit secret key and a 64-bit IV. We report a chosen-IV, chosen message attack that can recover the full secret key with a few million chosen messages processed under two related IVs. The attack requires at most 264 off-line computational effort. The attack has been implemented and demonstrated to work against a real-life implementation of Hummingbird-1. By attacking the differentially weak E component, the overall attack complexity can be reduced by a significant factor. Our cryptanalysis is based on a differential divide-and-conquer method with some novel techniques that are uniquely applicable to ciphers of this type.
Category / Keywords: secret-key cryptography / Hummingbird cipher, constrained devices, lightweight cryptography, stream cipher cryptanalysis.
Publication Info: A version of this paper was accepted to FSE 2011.
Date: received 29 Nov 2010, last revised 5 Dec 2010, withdrawn 6 Jan 2011
Contact author: mjos at reveresecurity com
Available formats: (-- withdrawn --)
Note: This document is being revised and new material is being incorporated.
Version: 20110106:103603 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]