In: Computer Science
Analyse the security of Lamport’s OLP algorithm with the properties of hash function.
Lamport's one-time password algorithm :
The Lamport algorithm for generating and applying one-time passwords (OTPs) is a simple solution that provides great value in the right context. Not only can the Lamport OTP scheme provide effective security for distributed client/service interactions, but it's also simple to comprehend and implement. Louis Iacona introduces the Lamport algorithm, then describes an OTP reference implementation for an extensible, Java-based library.
The Lamport OTP approach is based on a mathematical algorithm for generating a sequence of "passkey" values, each successor value based on the value of its predecessor. This article presents a simple service that is made more secure by adopting the Lamport OTP scheme. I'll demonstrate the concept and mechanics of this approach through a series of client/service interactions. I'll also present a Java-implemented framework that the existing client/service components can easily leverage.
How The Lamport OTP Algorithm Works -
he core of the Lamport OTP scheme requires that cooperating
client/service components agree to use a common sequencing
algorithm to generate a set of expiring one-time passwords (client
side), and validate client-provided passkeys included in each
client-initiated request (service side). The client generates a
finite sequence of values starting with a "seed" value, and each
successor value is generated by applying some transforming
algorithm (or F(S)
function) to the previous sequence
value
S1=Seed, S2=F(S1), S3=F(S2), S4=F(S3), ...S[n]=F(S[n-1])
The particular transforming algorithm used can be as simple or
complex as you like as long as it always produces the same result
for a given value. The approach has no tolerance for randomness or
variability in that value S'
must always be generated
from a given value S
.
Properties of hash function in Lamport’s OLP algorithm
1) In Lamport One Time Signature method for constructing a digital signature and typically involved the use of a cryptographic hash function. As it is a one-time signature scheme, it can only be used to securely sign one message.
2) In order to create the public key, Alice hashes each of the 512 numbers of her private key. This will produce another 512 numbers, each consisting of 256 bits. This is the public key that will be shared with anyone.
3) Alice hashes massage using a 256-bit cryptographic hash function, eg SHA 256, to obtain a 256-bit digest.
4) For each bit, depending on whether the bit value is 1 or 0,
Bob will pick the corresponding number from Alice’s public key i.e
if the first bit of the message hash is 0, he picks the first hash
in the first pair, and so on.The results in a sequence of 256
numbers.
Bob hashes each of the numbers in Alice’s signature to obtain a
256-bit digest. If this matches the sequence of 256 numbers that
Bob had previously picked out, the signature is valid.