Paper 2010/612

Cryptanalysis of Hummingbird-1

Markku-Juhani O. Saarinen


Hummingbird-1 is a lightweight encryption and message authentication primitive published in RISC ’09 and WLC ’10. Hummingbird-1 utilizes a 256-bit secret key and a 64-bit IV. We report a chosen-IV, chosen message attack that can recover the full secret key with a few million chosen messages processed under two related IVs. The attack requires at most 264 off-line computational effort. The attack has been implemented and demonstrated to work against a real-life implementation of Hummingbird-1. By attacking the differentially weak E component, the overall attack complexity can be reduced by a significant factor. Our cryptanalysis is based on a differential divide-and-conquer method with some novel techniques that are uniquely applicable to ciphers of this type.

Note: This document is being revised and new material is being incorporated.

Available format(s)
-- withdrawn --
Secret-key cryptography
Publication info
Published elsewhere. A version of this paper was accepted to FSE 2011.
Hummingbird cipherconstrained deviceslightweight cryptographystream cipher cryptanalysis.
Contact author(s)
mjos @ reveresecurity com
2011-01-06: withdrawn
2010-11-30: received
See all versions
Short URL
Creative Commons Attribution
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.