If there is a message $m_1$ that $H(m_1) \rightarrow g^r$ and there is another message $m_2$ that $H(m_2) \rightarrow g^k$, where $g^k$ is also a generator of $G$, is this possible? then $g^r$ could equal $(g^k)^m$, where $m < p$, $p$ is the order of $G$. Then any message could be expressed in this form $(g^k)^m$, so if we allow aggregating duplicate messages from one same signer, it is not safe in BLS?
Asked
Active
Viewed 54 times
0
-
Then any message could be expressed in this form (g^k)^m Is this hard for us to find the m? This is the assumption of Discrete logarithm Problem. – Ray James Aug 20 '19 at 08:05
-
Welcome to CryptoGraphy. We have $LaTeX / MathJax $ enabled in our site. – kelalaka Aug 20 '19 at 09:29
-
@ray_james could you turn your comment into an answer? – kelalaka Aug 24 '19 at 21:54