Open AccessPractical‐time related‐key attack on Hummingbird‐2
Author(s) -
Shi Zhenqing,
Zhang Bin,
Feng Dengguo
Publication year - 2015
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2014.0424
Subject(s) - hummingbird , key (lock) , computer science , cryptography , cipher , theoretical computer science , set (abstract data type) , differential (mechanical device) , algorithm , computer security , encryption , engineering , biology , programming language , ecology , aerospace engineering
Hummingbird‐2, designed by Engels et al ., is a lightweight cipher with built‐in MAC functionality. In this study, the authors examine the security of Hummingbird‐2 in the related‐key model. First, the authors define a new cryptographic notion of an S ‐box, called combination points, based on its differential equation, and demonstrate some properties of combination points. A potential application of the new notion is to recover some partial input of an S ‐box, and the authors show this on Hummingbird‐2 by recovering some internal state bits. Then, by carefully studying the differential distributions of the S ‐boxes, a set of key dependent S ‐boxes can be derived and be used to recover the subkey word of Hummingbird‐2. At last, by the divide and conquer strategy, all the 128 key bits can be recovered with a complexity of 2 40 , which is much lower than that (2 64 ) of the attack at FSE 2013. The attack has been fully implemented on a PC and the secret key has been recovered in a few hours. The results provide some new insights into the design of cryptographic S‐boxes.