I'm studying the post-quantum cryptography (PQC). While studying hash-based pqc, I read a thesis about Winternitz one-time signature scheme (W-OTS). What is the exact definition of "One-time Signature (OTS)"? There is lots of papers and posts quote the word "OTS", but anybody didn't write the definition of OTS.
Asked
Active
Viewed 1,390 times
1 Answers
5
Paraphrasing the short summary there: A one-time signature (OTS) scheme is a digital signature scheme that can be used to sign one message per key pair, with no assurance of security if the key pair is reused to sign again.
The standard (s)EUF-CMA experiment defining signature security is modified by allowing adversaries to obtain a single signature.
fgrieu
- 149,326
- 13
- 324
- 622