Paper 2011/126

The Hummingbird-2 Lightweight Authenticated Encryption Algorithm

Daniel Engels, Markku-Juhani O. Saarinen, Peter Schweitzer, and Eric M. Smith


Hummingbird-2 is an encryption algorithm with a 128-bit secret key and a 64-bit initialization vector. Hummingbird-2 optionally produces an authentication tag for each message processed. Like it's predecessor Hummingbird-1, Hummingbird-2 has been targeted for low-end microcontrollers and for hardware implementation in lightweight devices such as RFID tags and wireless sensors. Compared to the previous version of the cipher, and in response to extensive analysis, the internal state has been increased to 128 bits and a flow of entropy from the state to the mixing function has been improved. In this paper we present the Hummingbird-2 algorithm, its design and security arguments, performance analysis on both software and hardware platforms, and timing analysis in relation to the ISO 18000-6C protocol.

Note: This final version includes the updated S-Boxes of May 2011.

Available format(s)
Publication info
Published elsewhere. RFIDSec '11, 26-28 June 2011, Amherst, Massachusetts, USA.
Hummingbird cipherconstrained deviceslightweight cryptographyISO 18000-6C.
Contact author(s)
mjos @ iki fi
2011-07-12: last of 6 revisions
2011-03-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Engels and Markku-Juhani O.  Saarinen and Peter Schweitzer and Eric M.  Smith},
      title = {The Hummingbird-2 Lightweight Authenticated Encryption Algorithm},
      howpublished = {Cryptology ePrint Archive, Paper 2011/126},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.