$[30]3.$ In class, we have covered a Digital Signature Algorithm $($DSA$),$ in which the signature $(r,s)$ for

the message $m$ can be computed as

$r=(g^k,$modp$),$modq

$s=k^{-1}(H(m)+x*r),$modq

where $k$ is a random private key per signing, $x$ is long$-$term private key and $H$ is a cryptographic hash

function.

A$.$ Consider a variant of DSA algorithm, in which the second component of the signature

generation is computed as

$s=k^{-1}(m+x*r),$modq

Show that this variant is not secure$,$ in which the attacker can forge valid signature for

any arbitrary message of it choice without querying any signatures from the signer.

B$.$ Sony PS$3$ was hacked by the hacker group "failoOverflow" via a key recovery attack on

the ECDSA digital signatures computed in Sony PS$3$ platform. Explain what caused the

attack and show the steps of the attack in details.