Cryptology ePrint Archive: Report 2010/612

Cryptanalysis of Hummingbird-1

Markku-Juhani O. Saarinen

Abstract: Hummingbird-1 is a lightweight encryption and message authentication primitive published in RISC 09 and WLC 10. Hummingbird-1 utilizes a 256-bit secret key and a 64-bit IV. We report a chosen-IV, chosen message attack that can recover the full secret key with a few million chosen messages processed under two related IVs. The attack requires at most 264 off-line computational effort. The attack has been implemented and demonstrated to work against a real-life implementation of Hummingbird-1. By attacking the differentially weak E component, the overall attack complexity can be reduced by a significant factor. Our cryptanalysis is based on a differential divide-and-conquer method with some novel techniques that are uniquely applicable to ciphers of this type.

Category / Keywords: secret-key cryptography / Hummingbird cipher, constrained devices, lightweight cryptography, stream cipher cryptanalysis.

Publication Info: A version of this paper was accepted to FSE 2011.

Date: received 29 Nov 2010, last revised 5 Dec 2010, withdrawn 6 Jan 2011

Contact author: mjos at reveresecurity com

Available format(s): (-- withdrawn --)

Note: This document is being revised and new material is being incorporated.

Version: 20110106:103603 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]