. The Schnorr signature scheme is outlined below: Setup: g is a generator in group G with prime order q Define a hash function H such that H:{0,1}* Zg Key Generation: User chooses a secret key x e Zq and computes the public key y = g. Sign: To sign a message m with secret key x, i) Randomly choose k Er zq ii) Compute R = gk iii) Compute e = H(R ||m) iv) Compute s = k - xe mod q v) Output the signature o = (s, e) Verify: To verify a signature o = (s, e) for a message m with public key y, i) Compute R' = gye ii) Compute e' = H(R'||m) iii) Output valid if e=e'. Otherwise output invalid In order to generate a signature, Alice is supposed to generate a new random number k each time. However, she is lazy to do that. She has generated two signatures 01 = ($1,e1) for message my and 02 = (S2, (2) for message m2 (where my # m2) by using the same random number k [Step (i) in Sign). Carol is an attacker who knows that Alice has reused the same random number in every signature. Can Carol compute the secret key x by just seeing these two signatures 01 and 02, two messages my and m2, and knowing the fact that Alice has reused the random number? Explain your answer. (5 marks) . The Schnorr signature scheme is outlined below: Setup: g is a generator in group G with prime order q Define a hash function H such that H:{0,1}* Zg Key Generation: User chooses a secret key x e Zq and computes the public key y = g. Sign: To sign a message m with secret key x, i) Randomly choose k Er zq ii) Compute R = gk iii) Compute e = H(R ||m) iv) Compute s = k - xe mod q v) Output the signature o = (s, e) Verify: To verify a signature o = (s, e) for a message m with public key y, i) Compute R' = gye ii) Compute e' = H(R'||m) iii) Output valid if e=e'. Otherwise output invalid In order to generate a signature, Alice is supposed to generate a new random number k each time. However, she is lazy to do that. She has generated two signatures 01 = ($1,e1) for message my and 02 = (S2, (2) for message m2 (where my # m2) by using the same random number k [Step (i) in Sign). Carol is an attacker who knows that Alice has reused the same random number in every signature. Can Carol compute the secret key x by just seeing these two signatures 01 and 02, two messages my and m2, and knowing the fact that Alice has reused the random number? Explain your