Question

Analyse the security of Lamport’s OLP algorithm with the properties of hash function.

Answer 1

Lamport's one-time password algorithm :

The Lamport algorithm for generating and applying one-time passwords (OTPs) is a simple solution that provides great value in the right context. Not only can the Lamport OTP scheme provide effective security for distributed client/service interactions, but it's also simple to comprehend and implement. Louis Iacona introduces the Lamport algorithm, then describes an OTP reference implementation for an extensible, Java-based library.

The Lamport OTP approach is based on a mathematical algorithm for generating a sequence of "passkey" values, each successor value based on the value of its predecessor. This article presents a simple service that is made more secure by adopting the Lamport OTP scheme. I'll demonstrate the concept and mechanics of this approach through a series of client/service interactions. I'll also present a Java-implemented framework that the existing client/service components can easily leverage.

How The Lamport OTP Algorithm Works -

he core of the Lamport OTP scheme requires that cooperating client/service components agree to use a common sequencing algorithm to generate a set of expiring one-time passwords (client side), and validate client-provided passkeys included in each client-initiated request (service side). The client generates a finite sequence of values starting with a "seed" value, and each successor value is generated by applying some transforming algorithm (or F(S) function) to the previous sequence value

S1=Seed, S2=F(S1), S3=F(S2), S4=F(S3), ...S[n]=F(S[n-1])

The particular transforming algorithm used can be as simple or complex as you like as long as it always produces the same result for a given value. The approach has no tolerance for randomness or variability in that value S' must always be generated from a given value S.

Properties of hash function in Lamport’s OLP algorithm

1) In Lamport One Time Signature method for constructing a digital signature and typically involved the use of a cryptographic hash function. As it is a one-time signature scheme, it can only be used to securely sign one message.

2) In order to create the public key, Alice hashes each of the 512 numbers of her private key. This will produce another 512 numbers, each consisting of 256 bits. This is the public key that will be shared with anyone.

3) Alice hashes massage using a 256-bit cryptographic hash function, eg SHA 256, to obtain a 256-bit digest.

4) For each bit, depending on whether the bit value is 1 or 0, Bob will pick the corresponding number from Alice’s public key i.e if the first bit of the message hash is 0, he picks the first hash in the first pair, and so on.The results in a sequence of 256 numbers.
Bob hashes each of the numbers in Alice’s signature to obtain a 256-bit digest. If this matches the sequence of 256 numbers that Bob had previously picked out, the signature is valid.