[16] in cryptography@c2.net mail archive
A question on ElGamal encryption and signatures
daemon@ATHENA.MIT.EDU (Paulo Barreto)
Fri Jan 3 13:38:47 1997
Date: Fri, 03 Jan 1997 13:21:00 -0300
To: cryptography@c2.net
From: Paulo Barreto <pbarreto@uninet.com.br>
All ElGamal encryptions and signatures depend on a one-time secret
parameter k (cf. Applied Cryptography 2nd ed, 476-478).
If the same k is used to *sign* two documents, the signer's secret key
can be recovered (this holds for DSA as well, and probably also for
Schnorr).
Now how about *encrypting* two documents with the same k? Which problem
(if any) does this imply?
Paulo.