Related-Key Attacks Against Full Hummingbird-2
نویسنده
چکیده
We present attacks on full Hummingbird-2 which are able to recover the 128-bit secret keys of two black box cipher instances that have a certain type of low-weight XOR difference in their keys. We call these highly correlated keys as they produce the same ciphertext with a significant probability. The complexity of our main chosen-IV key-recovery attack is 2. The first 64 bits of the key can be independently recovered with only 2 effort. This is the first sub-exhaustive attack on the full cipher under two related keys. Our attacks use some novel tricks and techniques which are made possible by Hummingbird-2’s unique word-based structure. We have verified the correctness and complexity of our attacks by fully implementing them. We also discuss enabling factors of these attacks and describe an alternative design for the WD16 nonlinear keyed function which is resistant to attacks of this type. The new experimental function replaces S-boxes with simple χ functions.
منابع مشابه
Cryptanalysis of Hummingbird-2
Abstract: Hummingbird is a lightweight encryption and message authentication primitive published in RISC’09 and WLC’10. In FSE’11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by 2 operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presen...
متن کاملA Cryptanalysis of HummingBird-2: The Differential Sequence Analysis
Hummingbird-2 is one recent design of lightweight block ciphers that enables compact hardware implementations, ultra-low power consumption and stringent response time as specified in ISO18000-6C. In this paper, we present cryptanalytic results on the full version of this cipher using two pairs of related keys. We discover that the differential sequences for the last invocation of the round func...
متن کاملCryptanalysis of Hummingbird-1
Hummingbird-1 is a lightweight encryption and message authentication primitive published in RISC ’09 and WLC ’10. Hummingbird-1 utilizes a 256-bit secret key and a 64-bit IV. We report a chosen-IV, chosenmessage attack that can recover the full secret key with a few million chosen messages processed under two related IVs. The attack requires at most 2 off-line computational effort. The attack h...
متن کاملOn the Related-key Attacks against Aes
Alex Biryukov and Dmitry Khovratovich presented related-key attacks on AES and reduced-round versions of AES. The most impressive of these were presented at Asiacrypt 2009: related-key attacks against the full AES-256 and AES-192. We discuss the applicability of these attacks and related-key attacks in general. We model the access of the attacker to the key in the form of key access schemes. Re...
متن کاملTotal break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کامل