Computer Networking
Math and Arithmetic
Statistics
Mathematical Constants

Is it ok to use the same random number again while signing two messages m1 and m2 using schnorr signature?

555657

Answer

User Avatar
Wiki User
05/02/2008

Ok here is the answer u r looking for. You cannot use the same random number twice because it will lead the adversary in to finding the secret key x.

For the first time r1 = gk1 mod p

c1 = H(m1,r1)

s1 = k1 + c1x (mod q)----- eqn 1

output is (r1, s1,m1)

For the second time r1 = r2 = gk1 mod p c2 = H(m2,r1) s2 = k1 + c2x (mod q)-----eqn 2 output is (r1, s2, m2)

eqn1-eqn2 s1-s2=c1x (mod q) - c2x (mod q) s1-s2=x modq (c1- c2) x mod q = s1-s2/c1-c2 s1,s2,c1,c2 and q are known.