Show how DSA can be attacked if the same ephemeral key is us

Show how DSA can be attacked if the same ephemeral key is used to sign
two different messages

Solution

A ephemeraal public keys in a Diffie-Hellman key agreement protocl in order to reduce its computational workload or to mitigate against denail-of-service attacks.As in DSA,G is the sub group of prime order q of the multiplicative group.

G1 of prime filed Cp. The bit length of q is substantially smaller than of p.For example the bitlength ofq and p may be 160 and 1024 respectively or 256 and 3072 respectively.Since the group parameters are typically generated by randomly selecting a prime q,and then randomly selecting even integers k of the appropriate bitlength until p+1+kq is prime, one can expect with non -elgibile probability will have asmooth divisor greater than q.Hense DSA groups are ulnerable to small -sub group attacks if the recipient of public key B does not verify .