Differential fault analysis of Hummingbird

Hummingbird is a lightweight encryption algorithm proposed by Engels, Fan, Gong, Hu and Smith at FC′10. Unlike other lightweight cryptographic primitives which can be classified as either block ciphers or stream ciphers, Hummingbird has a hybrid structure of block cipher and stream cipher with 16-bit block size, 256-bit key size, and 80-bit internal state. Preliminary analysis conducted by the cipher´s designers show that it is resistant to most common attacks against block ciphers and stream ciphers. In this paper, we present a differential fault analysis attack on Hummingbird. The fault model in which we analyze the cipher is the one in which the attacker is assumed to be able to fault a random word before the linear transform, after the s-boxes, of the four block ciphers which are used in the Hummingbird encryption process but cannot control the exact location of injected faults. Our attack, which recovers the 256-bit key, requires around 50 faults and 2⁶⁶ steps.