Home

OTS

One-time signatures, abbreviated OTS, are digital signature schemes designed to be secure for a single signing operation with a given key pair. The concept was introduced by Leslie Lamport in 1979 and has since become a foundational component of hash-based cryptography. In a Lamport-style OTS, the signer generates a set of secret values in pairs and publishes the hashes of those values as public data. To sign a message, the signer computes a hash of the message, writes it in binary, and reveals, for each bit, the corresponding preimage from the appropriate secret pair. Verification rehashes the revealed preimages and checks them against the published public hashes. Because only one set of secret preimages is disclosed, the same key material should not be used to sign more than one message.

Variants of OTS include the Winternitz scheme, which reduces signature size by trading off signing time and

In practice, OTS signatures are relatively large and require careful key management, which limits their direct

Other meanings of the acronym OTS exist in different domains, but this article focuses on one-time signatures

public-key
size
through
parameter
choices.
Security
relies
on
the
chosen
hash
function’s
resistance
to
preimage
attacks
and
on
the
one-time
usage
of
the
signing
key;
reusing
keys
can
enable
forgery.
use
for
frequent
signing.
However,
they
play
a
crucial
role
as
building
blocks
in
hash-based,
post-quantum
signature
schemes.
Hash-based
schemes
such
as
XMSS
(eXtended
Merkle
Signature
Scheme)
and
XMSSMT
extend
OTS
into
multi-use,
tree-structured
systems
that
remain
secure
against
quantum
attacks
while
enabling
practical
signing
of
multiple
messages
over
time.
in
cryptography.