From 0f1120b2f6b95d4d2b8a5e7a401924e98126b896 Mon Sep 17 00:00:00 2001
From: Sungchan Yi <calofmijuck@snu.ac.kr>
Date: Fri, 27 Oct 2023 21:11:58 +0900
Subject: [PATCH] [PUBLISHER] upload files #121

---
 .../Lecture Notes/Internet Security/2023-10-04-rsa-elgamal.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/Lecture Notes/Internet Security/2023-10-04-rsa-elgamal.md b/_posts/Lecture Notes/Internet Security/2023-10-04-rsa-elgamal.md
index 02129a6..154d3a9 100644
--- a/_posts/Lecture Notes/Internet Security/2023-10-04-rsa-elgamal.md	
+++ b/_posts/Lecture Notes/Internet Security/2023-10-04-rsa-elgamal.md	
@@ -166,7 +166,7 @@ The attacker will see $g^k$. By the hardness of DLP, the attacker is unable to r
 
 #### Ephemeral Key Should Be Distinct
 
-If the same $k$ is used twice, the encryption is not secure. Suppose we encrypt two different messages $m_1, m_2 \in \mathbb{Z}_p^*$. The attacker will see $(g^k, m_1y^k)$ and $(g^k, m_2 y^k)$. Then since we are in a multiplicative group $\mathbb{Z}_p^*$, inverses exist. So
+If the same $k$ is used twice, the encryption is not secure. Suppose we encrypt two different messages $m_1, m_2 \in \mathbb{Z} _ p^{ * }$. The attacker will see $(g^k, m_1y^k)$ and $(g^k, m_2 y^k)$. Then since we are in a multiplicative group $\mathbb{Z} _ p^{ * }$, inverses exist. So
 
 $$
 m_1y^k \cdot (m_2 y^k)^{-1} \equiv m_1m_2^{-1} \equiv 1 \pmod p