IACR News item: 12 December 2023
Scott Fluhrer
ePrint Report
In "Oops, I did it again" - Security of One-Time Signatures under Two-Message Attacks, Bruinderink and Hülsing analyzed the effect of key reuse for several one time signature systems.
When they analyzed the Winternitz system, they assumed certain probabilities were independent when they weren't, leading to invalid conclusions.
This paper does a more correct characterization of the Winternitz scheme, and while their ultimate conclusion (that key reuse allows for practical forgeries) is correct, the situation is both better and worse than what they concluded.
Additional news items may be found on the IACR news page.