One-time password based on hash chain without shared secret and re-registration

摘要

Lamport's one-time password (OTP) was originally proposed to address the weaknesses of a simple password system. However, it has been widely used to design key management and authentication mechanisms. OTP is based on a hash chain constructed using only the cryptographic hash function, in which the hash chain is a main engine for OTP generation. Thus, the structural property of the hash chain determines the advantages and disadvantages of the OTP system that employs it. A main weakness ofLamport's OTP is that the length of the hash chain is finite, meaning that OTP generation is also finite. In this paper, a new hash chain is designed and constructed for infinite OTP generation without a pre-shared secret between two parties (prover and verifier). Instead of a single long hash chain as inLamport's OTP, the hash chain in the proposed OTP consists of multiple short hash chains. This paper shows that the proposed OTP addresses the weaknesses ofLamport's OTP while preserving its advantages.