Computer Networking
Math and Arithmetic
Mathematical Constants

Is it ok to use the same random number again while signing two messages m1 and m2 using schnorr signature?



User Avatar
Wiki User

Ok here is the answer u r looking for. You cannot use the same random number twice because it will lead the adversary in to finding the secret key x.

For the first time r1 = gk1 mod p

c1 = H(m1,r1)

s1 = k1 + c1x (mod q)----- eqn 1

output is (r1, s1,m1)

For the second time r1 = r2 = gk1 mod p c2 = H(m2,r1) s2 = k1 + c2x (mod q)-----eqn 2 output is (r1, s2, m2)

eqn1-eqn2 s1-s2=c1x (mod q) - c2x (mod q) s1-s2=x modq (c1- c2) x mod q = s1-s2/c1-c2 s1,s2,c1,c2 and q are known.