It is stated in Winternitz One time signature security that MD5 is not safe for Winternitz due to collision attack. Given that WOTS generates multiple, say 32 private keys then hashing them a number of times to obtain 32 public keys. How does a collision attack from MD5 break the Winternitz OTS? Does this mean I have to find 32 collisions of MD5 ?
Asked
Active
Viewed 151 times
1 Answers
2
I believe that, in the question you cited, the answer included:
BTW: this appears to be more about the proof technique used to prove W-OTS, rather than the actual security; we can create MD5 collisions (invalidating the proof), however we don't know how to use those collisions to actually attack W-OTS-MD5; hence it would appear to be secure (but we can't prove it).
That is, we don't know how a collision attack would break Winternitz; we just can't prove that it can't.
poncho
- 154,064
- 12
- 239
- 382