|
Security Analysis of Zipper Hash Against Multicollisions AttacksKeywords: Zipper Hash Structure , Hash function , multicollision attack , Joux attack , preimage attack , r-way collision Abstract: In this paper, the existence of multicollisions in Zipper Hash structure, a new Hash structure which was introduced to strengthen the iterated Hash structures, is presented. This study shows that finding multicollisions, i.e. 2k-way collision, in this Hash structure is not much harder than finding such multicollisions in ordinary Merkle - Damgard (MD) structure. In fact, the complexity of the attacks is approximately n/2 times harder than what has been found for MD structures. Then, these large multicollisions are used as a tool to find D-way preimage for this structure. The complexity of finding 2K-way multicollisions and 2k-way preimages are (eq) and (eq) respectively. Similar to what has been proved by Joux for MD, it is shown in this paper that this structure could not be used to create a Hash function with 2n-bit length by concatenating this structure with any other Hash structure by Hash’s output length of n-bite. It is also shown that time complexity of finding a collision for this concatenated structure is (eq) which is much smaller than what was expected from generic-birthday attack which would be (eq) . In addition, it is shown that increasing the number of rounds of this Hash function can not improve its security against this attack significantly and the attacker can find multicollisions on this Hash function which means that this Hash function has a structural flaw.
|