I read the Wiki example, but I am still confused to be honest. Could someone provide a really simple example?
Asked
Active
Viewed 647 times
7
-
That's a very good question. I do not understand the reason for negative vote. Who voted negative. Could you give more details of your vote? – Avelino Dec 10 '17 at 18:09
-
Good explanation: https://www.youtube.com/watch?v=EohFxzWLh1U – user11909 Dec 14 '17 at 09:52
-
Here you can find another good explanation not only of Lamport OTS but also of Winternitz OTS. – blockmined Jan 10 '18 at 18:58
1 Answers
10
Simplified, Lamport One-Time-Signatures (OTS) work as follows. For illustration purposes I am using Bits and not Trits.
Assume you have a private key PRIV that consists of 100 (random) pairs of numbers, so a total of 200. To create your public key PUB you hash each of these 200 numbers, giving you a new sequence of 100 pairs.
Now if you want to sign any message MSG you hash it and you get back a checksum CHECK of (for argument sake) 100 bits. Then you create a sequence SIG consisting of 100 numbers where each element is picked from the 100 pairs of PRIV based on what the bit in CHECK was. For example, if a given bit of CHECK is 0 you take the first number from the pair, if it was 1 you take the second number. Now you publish PUB, MSG and SIG.
If anyone wants to verify your message MSG, they hash it, and depending on the bits in the hash then pick the corresponding number from each of the 100 pairs in your public key PUB. After hashing the 100 numbers that were picked that way, one should arrive at the same signature SIG you provided, thus verifying the message.
This also explains why you shouldn't re-use a One-Time-Signature private key, because every time you use it your signature SIG reveals 50% of your private key.
