When an adversary attempts to create someone's GPG signature of a
certain message, there are at least two ways to do so:
1. Computing the private key from the public key of the target and
then using the private key to sign the message;
2. Enumerating the possible signature of that certain message and
using the target's public key to verify if one of the signatures is
If other conditions are same and the adversary only needs to get the
target's signature of one certain message, will the second approach
easier than the first approach in terms of computing complexity?
I'm really looking forward to the answer and/or further discussion!