DI Management Home > Cryptography > SPHINCS+ > One-time signature (OTS) scheme

One-time signature (OTS) scheme


A one-time signature (OTS) scheme based on a one-way function was first introduced by Lamport [LAM79] in 1979. It is known as the Lamport OTS or Lamport-Diffie OTS. The description by Merkle [MER79] is probably clearer.

It requires a one-way cryptographic hash function, $H()$, for example SHA-256. It is a one-time scheme, so as per the label on the can, a given private-public key pair can only be used once.

Lamport One Time Signature for a single bit message
Lamport OTS for a message of any length
Alternative Summary of Lamport OTS Scheme

Lamport One Time Signature for a single bit message

First, consider a simple Lamport scheme to sign a message of just one bit (0 or 1).

Lamport OTS for a message of any length

For an excellent alternative explanation of this (with great diagrams), see [WONG15]

Alternative Summary of Lamport OTS Scheme

An alternative summary of the Lamport OTS Scheme described in [LEI95]. We will use syntax this later in Basic Merkle Signature Scheme.

m = length of message (digest) to be signed
k = security parameter
h = hash function with k-bit output
<< previous: Properties of a cryptographic hash function Contents next: Winternitz One-Time Signature (WOTS) >>

Contact us

To comment on this page or to contact us, please send us a message.

This page first published 17 March 2023. Last updated 17 March 2023.