 So to recap, Alice has an L-Gamal system with public base A, public modulus N. Bob wants her to sign message M, so Alice picks a random x and evaluates P congruent to a to power x mod N, picks a random k and evaluates S1 congruent to a to power k mod N, evaluates S2 congruent to k inverse M minus S1x mod phi of N. Now for the document M with encryption half key P, her signed document is going to be the pair S1, S2. And to verify that the signature is genuine, Bob computes V, P to S1, S1 to S2 mod N, and W, A to power M mod N. And if V equals W, if the two match up, the message is genuine. For example, suppose Alice has L-Gamal system with A, the public base equal to 32, and N, the public modulus 211. And Bob wants her to sign document M equals 154. And so let's find Alice's signature and then verify. So remember the first step here is Alice chooses a random x for her communication half key. In other words, if she's encrypting this message, she has to pick some random value of x anyway, and so let's say she picks x equal to 17 and finds her half key 32 to 17 or 110 mod 211. Now remember this is the half key she'll be using for her communication with Bob, and so she sends this number to Bob. Now that half key is what she uses to encrypt the message of the first place, but to sign it, she picks another random k for her signature half key. So maybe she picks k equal to 47, and she computes A to power k mod 211, which works out to be 157. And since this is her half signature, she sends this number to Bob as well, but she does keep the random value k secret. Now that's only half her signature, for the rest of it she needs to find S2. Now remember S2 is going to be an exponent mod n, and so we need to be working mod phi of n. So let's compute that. So our modulus is 211, which happens to be prime, so phi of n is 210. She'll also need the inverse of the exponent that gave her the signature half key, so she needs to find the inverse of 47 mod 210, which works out to be 143. And finally she'll compute her S2, which is k inverse times m minus x S1. Since substituting in those values, we find that S2 is equal to 85, and this is her other half signature, so she sends that information to Bob as well. It's important to remember that the initial encryption half key and these two half signatures are the only thing that Bob has in his possession besides the public base and modulus. Now in order to verify Alice's signature, Bob evaluates v, that's p to S1, S1 to S2 mod n. Now Bob also computes a to power m, and he also gets 14, which means that the message m was in fact assigned by Alice during the session that used the cryptographic half key p equal to 110. So what if Bob tried to use the same signature for a different document, say m equals 108? So the important thing to remember is that the value of v doesn't depend on the actual message value, but w is going to be recomputed as 148, and the signature doesn't match the document, and so this document 108 was not signed by Alice, at least not during the session.