DSA $(2$pt$.)$

In DSA, it is crucial to use choose a fresh new random nonce for each

signature. Prove that DSA is not secure if these integers are reused.

Show that it also holds for ECDSA

$($Hint: Show that having two signatures $(r,s_1),$ and $(r,s_2)$ with $s_1{s}_2$

of two messages, it is possible to compute a valid signature $(r,s_3)$ of

another message. Use the security definition of the slides.$)$