Cryptology ePrint Archive: Report 2012/207

Cryptanalysis of Hummingbird-2

Kai Zhang, Lin Ding and Jie Guan

Abstract: Hummingbird is a lightweight encryption and message authentication primitive published in RISC’09 and WLC’10. In FSE’11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by 264 operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presented in RFIDSec 2011. Based on the idea of differential collision, this paper discovers some weaknesses of the round function WD16 combining with key loading algorithm and we propose a related-key chosen-IV attack which can recover the full secret key. Under 24 pairs of related keys, the 128 bit initial key can be recovered, with the computational complexity of O(232.6) and data complexity of O(232.6). The result shows that the Hummingbird-2 cipher can’t resist related key attack.

Category / Keywords: secret-key cryptography / Cryptanalysis; Hummingbird-2; Related Key Attack; Lightweight Cipher; Hybrid Cipher

Date: received 16 Apr 2012, withdrawn 24 May 2012

Contact author: zhkai2010 at 139 com

Available format(s): (-- withdrawn --)

Note: We found some small mistakes in the old version of our paper so we withdraw this paper and revise it later.

Version: 20120525:044515 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]