Paper 2013/070

Related-key Attacks Against Full Hummingbird-2

Markku-Juhani O. Saarinen

Abstract

We present attacks on full Hummingbird-2 which are able to recover the 128-bit secret keys of two black box cipher instances that have a certain type of low-weight XOR difference in their keys. We call these highly correlated keys as they produce the same ciphertext with a significant probability. The complexity of our main chosen-IV key-recovery attack is $2^{64}$. The first 64 bits of the key can be independently recovered with only $2^{36}$ effort. This is the first sub-exhaustive attack on the full cipher under two related keys. Our attacks use some novel tricks and techniques which are made possible by Hummingbird-2's unique word-based structure. We have verified the correctness and complexity of our attacks by fully implementing them. We also discuss enabling factors of these attacks and describe an alternative design for the WD16 nonlinear keyed function which is resistant to attacks of this type. The new experimental function replaces S-boxes with simple $\chi$ functions.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. FSE 2013, March 11-13, 2013, Singapore.
Keywords
Hummingbird-2Related-Key CryptanalysisLightweight CryptographyAuthenticated EncryptionHummingbird-2nu
Contact author(s)
mjos @ iki fi
History
2013-03-12: revised
2013-02-20: received
See all versions
Short URL
https://ia.cr/2013/070
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/070,
      author = {Markku-Juhani O.  Saarinen},
      title = {Related-key Attacks Against Full Hummingbird-2},
      howpublished = {Cryptology ePrint Archive, Paper 2013/070},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/070}},
      url = {https://eprint.iacr.org/2013/070}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.