Generating EIGamal Signatures Without Knowing the Secret Key [chapter]

Daniel Bleichenbacher
1996 Lecture Notes in Computer Science  
We present a new method to forge EIGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby riot fourid this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem.
doi:10.1007/3-540-68339-9_2 fatcat:43nkpw76dfgrzjfrktuvld246u