While the classical attack of ``monitor the network and intercept the password'' can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentication since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport's hash chain to improve security and flexibility of one-time passwords. Our proposition improves the security because first, like other public-key authentication protocols, the server and the user do not share a secret, thereby eliminating attacks on the server side. Second, from any incorrectly revealed one-time password, unspent passwords cannot be calculated if a signature chain is preferred. Having an infinite length, the chain in our proposition is more flexible and facilitates using the protocol without the complexity of restarting. On the other hand, the disadvantage of signature chain is the longer verification time with respect to hash chain based approaches.

While the classical attack of ``monitor the network and intercept the password'' can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentication since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport's hash chain to improve security and flexibility of one-time passwords. Our proposition improves the security because first, like other public-key authentication protocols, the server and the user do not share a secret, thereby eliminating attacks on the server side. Second, from any incorrectly revealed one-time password, unspent passwords cannot be calculated if a signature chain is preferred. Having an infinite length, the chain in our proposition is more flexible and facilitates using the protocol without the complexity of restarting. On the other hand, the disadvantage of signature chain is the longer verification time with respect to hash chain based approaches.