Security Analysis of Zipper Hash Against Multicollisions Attacks


  • N. Bagheri Electrical Engineering Department, Shahid Rajee Teacher Training University, Iran


In this paper,  the existence of multicollisions in Zipper Hash structure, a new Hash structure which was introduced to strengthen the iterated Hash structures, is presented. This study shows that finding multicollisions, i.e. 2k-way collision, in this Hash structure is not much harder than finding such  multicollisions in ordinary Merkle  - Damgard (MD)  structure. In fact, the complexity of the attacks is approximately n/2 times harder than what has been found for MD structures. Then, these large multicollisions are used as a tool to find D-way preimage for this structure. The complexity of finding 2K-way multicollisions and 2k-way preimages are  (eq) and (eq) respectively. Similar to what has been proved by Joux for MD, it is shown in this paper that this structure could not be used to create a Hash function with 2n-bit length by concatenating this structure with any other Hash structure by Hash’s output length of n-bite. It is also shown that time complexity of finding a collision for this concatenated structure is (eq)  which is much smaller than what was expected from generic-birthday attack which would be (eq) . In addition, it is shown that increasing the number of rounds of this Hash function can not improve its security against this attack significantly and the attacker can find multicollisions on this Hash function which means that this Hash function has a structural flaw.


Zipper Hash Structure, Hash function, multicollision attack, Joux attack, preimage attack, r-way collision


Download data is not yet available.


A. Joux, “Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions”, Advances in Cryptology-CRYPTO ’04, Springer-Verlag, pp. 306–316, 2004 DOI:

M. Nandi, D. R. Stinson, “Multicollision Attacks on Some Generalized Sequential Hash Functions”, IEEE Transactions on Information Theory, Vol. 53, No. 2, pp. 759-767, 2007 DOI:

M. Liskov, “Constructing an Ideal Hash Function from Weak Ideal Compression Functions”, 13th International Conference on Selected Areas in Cryptography, pp. 358-375, 2007 DOI:

P. Gauravaram, W. Millan, E. Dawson, K. Viswanathan, ”Constructing Secure Hash Functions by Enhancing Merkle-Damgard Construction”, Lecture Notes in Computer Science, Vol. 4058, pp. 407–420, 2006

P. Gauravaram, W. Millan, E. Dawson, K. Viswanathan, ”Constructing Secure Hash Functions by Enhancing Merkle-Damgard Construction (Extended Version)”, Information Security Institute (ISI), Queensland University of Technology (QUT), number QUT-ISI-TR-2006-013, research/ publications/technical/qut-isi-tr-2006-013.pdf, July 2006 DOI:

S. Su, Y. Yang, B. Yang, S. Zhang ,”The Design and Analysis of a Hash Ring-iterative Structure”, available:

S. Lucks, “A failure-friendly design principle for Hash functions”, Advances in Cryptology - ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, 2005 DOI:

W. R. Speirs, J. Molly, ”Making large Hash Functions from small compression function”, available:

P. Lin, W. Wu, C. Wu1, T. Qiu, "Analysis of Zipper as a Hash Function”, Lecture Notes in Computer Science, Vol. 4991, pp. 392-403, 2008 DOI:


How to Cite

N. Bagheri, “Security Analysis of Zipper Hash Against Multicollisions Attacks”, Eng. Technol. Appl. Sci. Res., vol. 2, no. 3, pp. 226–231, Jun. 2012.


Abstract Views: 421
PDF Downloads: 118

Metrics Information
Bookmark and Share