TransWikia.com

How can a collision attack using MD5 be used to break WOTS

Cryptography Asked by evernal on October 24, 2021

It is stated in
Winternitz One time signature security that MD5 is not safe for Winternitz due to collision attack. Given that WOTS generates multiple, say 32 private keys then hashing them a number of times to obtain 32 public keys. How does a collision attack from MD5 break the Winternitz OTS? Does this mean I have to find 32 collisions of MD5 ?

One Answer

I believe that, in the question you cited, the answer included:

BTW: this appears to be more about the proof technique used to prove W-OTS, rather than the actual security; we can create MD5 collisions (invalidating the proof), however we don't know how to use those collisions to actually attack W-OTS-MD5; hence it would appear to be secure (but we can't prove it).

That is, we don't know how a collision attack would break Winternitz; we just can't prove that it can't.

Answered by poncho on October 24, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP