Consider ElGamal public key cryptosystem with public key $(p,,)$ and private key $a$

where $={}^a.$ The ElGamal Signature Scheme works as follows: picks $k$ at random from

$Z_{p-1}^{**}$ and computes the signature for message $m$ as sig$(m)=(,)$ where $={}^k$ and $=$

$k^{-1}(m-a)mod(p-1).$

Prove that such a signature scheme is not allowed to have $=0.$ That is: if a message were

signed with a "signature" in which $=0,$ then it would be easy for an adversary to compute

the private key $a.$ Show how?