# The DSA (Dual System Algorithm) Cryptosystem

**Author**: Katsuma Onishi

## 1. Abstract

After taking a university course in [cryptography](https://academiccalendars.romcmaster.ca/preview_course_nopop.php?catoid=53&coid=264981) at McMaster University, I was inspired to create my own cryptosystem to challenge myself and understand the difficulty of creating a secure cryptosystem. This project explores the idea of incorporating two important concepts we learnt in lectures, the [CRT](https://en.wikipedia.org/wiki/Chinese_remainder_theorem) (Chinese Remainder Theorem), and [RSA](https://en.wikipedia.org/wiki/RSA_cryptosystem) (Rivest-Shamir-Adleman) encryption system. The CRT a concept in number theory that helps solve systems of congruences, which are multiple equations involving modular arithmetic. RSA is one of the oldest and widely known asymmetric cryptosystem based on principles from modular arithmetic and number theory, which relies on the difficulty of factoring large prime numbers. I will dive deeper into these concepts in the theoretical background section.

## 2. Introduction

My goal for this project is to integrate these two concepts to build a cryptosystem that demonstrates how modular arithmetic and number theory can be used for encryption and decryption. This system is an asymmetric cryptosystem, meaning it uses a pair of different keys; a public key to encrypt messages, and a private key to decrypt the message. The public key can be shared publicly while the private key must be kept secret.

It's important to note that this cryptosystem is **NOT** secure,, so it is not recommended to encrypt highly important information with it, but it is a fun way to showcase how to encode and decode messages using different fundamental cryptography methods.

## 3. Theoretical Background

This section is intended for those who are unfamiliar with modular arithmetic and why it is important in cryptography. I will provide a brief overview of the key mathematical concepts used for this project, including modular arithmetic, the Chinese Remainder Theorem, and RSA cryptosystem.

### Modular Arithmetic

Modular arithmetic is a system of arithmetic for integers, which focuses on the remainder after being divided by a certian value called the **modulus**. Converting military 24 hour time into conventional 12 hour time uses the concept of modular arithmetic, where the modulus is 12. For example, 17:00 in military time is converted into 5:00. We are taking $17\equiv 5 \mod 12$, where we take 17 divided by 12, and getting a remainder of 5. 

Using modular arithmetic allows operations like modular exponents and modular inverses, which is capable of scrambling up big numbers easily but difficult to unscramble without knowing the numbers used to scramble. This concept is what makes modular arithmetic the backbone of cryptography.

More about Modular Arithmetic can be read [here](https://en.wikipedia.org/wiki/Modular_arithmetic).

### CRT - Chinese Remainder Theorem

As mentioned before, CRT is a concept from number theory that helps solve system of congruences. These set of equations can look something like:

$x \equiv a_1 \mod m_1$
$x \equiv a_2 \mod m_2$

where $m_1$ and $m_2$ are co-prime, the CRT says that there is a unique solution for $x \mod (m_1 \times m_2)$.

CRT is an important concept in cryptography since it is often used to speed up computations for decryption. Instead of working work large numbers, we can break up the problem using CRT to work with smaller numbers, which take less computational power to compute. 

More about CRT can be read [here](https://en.wikipedia.org/wiki/Chinese_remainder_theorem).


### RSA - Rivest-Shamir-Adleman

RSA is one of the earliest and well known asymmetric cryptosystem, that relies on the difficulty of factoring a product of two large prime numbers. In an RSA system, a public key is used to encrypt a message and a private key is used to decrypt the message. 

More about RSA can be read [here](https://en.wikipedia.org/wiki/RSA_cryptosystem).

 ## 4. DSA Encryption Process

 ### 4.1 Public key generation steps

DSA follows a similar process to RSA when encrypting a message, where we first generate public keys:

* Generate two large prime numbers p and q 
* Convert plain text into an integer which is represented by M, this will be the secretmessage being sent. The integer M must be less than p*q for this system to work. If bigger messages need to be sent, they can be done so in multiple blocks. 
* Calculate ϕ(n) = (p - 1) * (q - 1). 
* Choose e, which represents the public exponent such that e is coprime with ϕ(n) i.e. gcd(𝑒,(𝑝 − 1)(𝑞 −1)) = 1 to ensure that a modular inverse of e exists. Choosing a large e may be more secure, however it can make the encryption computation much slower, and choosing a small e may be vulnerable to attacks. 

The set of public keys are (p, q, e)

### 4.2 Encrytion steps

Now that we have a set of public keys, we can use them to encrypt our private message M

* Compute $C_1 \equiv \mod M^e \mod p$, which encrypts our message M with modulo p
* Compute $C_2 \equiv \mod M^e \mod q$, which encrypts our message M with modulo q

We should now have our original message M, a pair of large prime numbers p and q, n which is the product of our primes, a public exponent e, and a pair of cipher text $C_1$ and $C_2$.

## 5. DSA Decrption Process

Here is where our integration of the CRT comes into play.

### 5.1 Private key generation steps

* Compute $d_p \equiv e^{-1} \mod (p-1)$, the modular inverse of e modulo p-1
* Compute $d_q \equiv e^{-1} \mod (q-1)$, the modular inverse of e modulo q-1

We now have a set of private keys $d_p$ and $d_q$ used to decrypt our cipher text $C_1$ and $C_2$

### 5.2 Decryption steps

* Compute $M_p \equiv C_1^{d_p} \mod p$
* Compute $M_q \equiv C_2^{d_q} \mod q$
* Combine $M_p$ and $M_q$ into the original message M to obtain a system of congruences;
$M \equiv M_p \mod p$
$M \equiv M_q \mod q$
* Use the CRT to solve the system of congruences to obtain M

After these decryption steps, we should end up with the original message M.

# 6. Security

As stated in the introduction this cryptosystem is not secure. Although there is a private key, all the information needed to calculate it is contained in the public key. Before we showcase how easily this system breaks down, we will talk about some potential security benefits. These benefits can be valuable especially when the attacker does not know the encryption and decryption algorithm. First, frequency analysis is not effective in trying to decode messages in this system. This is due to modular exponentiation to scramble the cipher takes unlike classical cyphers which can use letter frequencies to analyze systems 
and figure out certain letters. The system is also non-linear due to modular exponentiation which means that if a plaintext-cyphertext is known by an attacker it cannot easily be solved like other classical cyphers. Lastly, even if an attacker knows the encryption and decryption algorithm, if p and q are large enough the attacker would still need access to a device capable to compute large modular inverses as it is not feasible to solve on their own. So clearly a system like this is still more secure than a simple shift cypher but now we will show why it is still completely insecure.

If the attacker knows the encryption and decryption algorithm and have access to a computer powerful enough to compute large modular inverses, then they can easily break down the cryptosystem. The key is that unlike RSA where p*q=N is the public key, here p and q are both in the public key which completely breaks the security of the system. 

## 6.1 Attack example

For example, let's say there is a public key (p, q, e) which are published, and an attacker interceps a message that is encoded with the public key ($C_1$, $C_2$) then the attacker has all the information they need. They can find the private keys $d_p \equiv e^{-1} \mod (p-1)$ $d_q \equiv e^{e-1} \mod (q-1)$ using p, q and e already known to the public to find $M_p \equiv C_1^{d_p} \mod p$ and $M_q \equiv C_2^{d_q} \mod q$. Once they find these values, they can set up the system of equations $M \equiv M_p \mod p$ and $M \equiv M_q \mod q$, where they can use the CRT to solve the system for M to obtain the original message. The key is the attacker knowing the decrpyiton algorithm which makes the rest of the attack easy as all the information needed is already known publicly.


# 7. Simple example with code

For this example, we will encrypt a smaller message using smaller prime numbers to show more clearly how the encryption process works. Larger prime numbers should be used for 
better security as well as so that larger messages can be sent. 

## 7.1 Public key generation

For this example, lets pretend we are sending over a 3-digit pin code to our friend. In this example our message is already an integer but if we wanted to send English text, we could do so by converting words into integers using [ASCII](https://en.wikipedia.org/wiki/ASCII) or by encoding the English letters corresponding to the number of the alphabet (i.e. A=1, B=2, C=3 etc.). Suppose the password we want to send our friend is 701. We can choose p and q to be prime numbers now, but we must ensure $701 \lt p \cdot q$. 

Let p = 23, q = 31 ($701 \lt 23 \cdot 31 = 713$) and choose an $e$ such that $\gcd (e, (p-1)(q-1)) = 1$. $(p-1)\cdot(q-1) = 22 \cdot 30 = 660$, let e = 29 because $\gcd (29,  660) = 1$

In [None]:
import math

# Key's used for this example
p = 23
q = 31
e = 29

# Original message to be encrypted
M = 701

n = p * q
phi_n = (p-1) * (q-1)

print("DSA simple example using fixed values\n")

# Keys used for example
print("7.1 Public key generation")
print(f"Fixed primes: p = {p}, q = {q}")
print(f"Modulus n = p*q = {n}")
print(f"φ(n) = (p-1)(q-1) = {phi_n}")
print(f"Public exponent e = {e} (gcd(e,φ(n)) = {math.gcd(e, phi_n)})")
print(f"Message M = {M}\n")
print(f"Public keys: (p, q, e) = ({p}, {q}, {e})")

DSA Cryptosystem Demonstration

Fixed primes: p = 23, q = 31
Modulus n = p*q = 713
φ(n) = (p-1)(q-1) = 660
Public exponent e = 29 (gcd(e,φ(n)) = 1)
Message M = 701

Public keys (p, q, e) = (23, 31, 29)


## 7.2 Encryption process

Now that we have the public keys (p, q, e) = (23, 31, 29) we can start the encryption process.

In [None]:
print("\n\n7.2 Encryption process\n")

# Encryption calculations
print(f"Compute C1 ≡ M^e mod p ≡ {M}^{e} mod {p}:")
C1 = pow(M, e, p)
print(f"C1 = {C1} (since {M}^{e} mod {p} = {C1})")

print(f"\nCompute C2 ≡ M^e mod q ≡ {M}^{e} mod {q}:")
C2 = pow(M, e, q)
print(f"C2 = {C2} (since {M}^{e} mod {q} = {C2})")

print(f"\nCiphertexts: (C1, C2) = ({C1}, {C2})")



7.2 Encryption process

Compute C1 ≡ M^e mod p ≡ 701^29 mod 23:
C1 = 7 (since 701^29 mod 23 = 7)

Compute C2 ≡ M^e mod q ≡ 701^29 mod 31:
C2 = 18 (since 701^29 mod 31 = 18)

Ciphertexts: (C1, C2) = (7, 18)



## 7.3 Private key generation

To decrypt our cipher texts, we must first compute our private keys $d_p$ and $d_q$.

In [None]:
print("\n\n7.3 Private key generation\n")

# Modular inverse calculations
dp = pow(e, -1, p-1)
dq = pow(e, -1, q-1)

print(f"dp ≡ e⁻¹ mod (p-1) -> {dp} ≡ {e}⁻¹ mod {p-1}")
print(f"dq ≡ e⁻¹ mod (q-1) -> {dq} ≡ {e}⁻¹ mod {q-1}")
print(f"\nPrivate keys: (dp, dq) = ({dp}, {dq})")



7.3 Private key generation

dp ≡ e⁻¹ mod (p-1) → 19 ≡ 29⁻¹ mod 22
dq ≡ e⁻¹ mod (q-1) → 29 ≡ 29⁻¹ mod 30

Private key: (dp, dq) = (19, 29)



## 7.4 Decryption process

Now that we have our private keys (dp, dq) = (19, 29), we can start the decryption process using CRT.

In [None]:
print("\n\n7.4 Decryption process\n")

# Decryption process calculations
print(f"Compute Mp ≡ C1^dp mod p ≡ {C1}^{dp} mod {p}:")
Mp = pow(C1, dp, p)
print(f"Mp = {Mp}")

print(f"\nCompute Mq ≡ C2^dq mod q ≡ {C2}^{dq} mod {q}:")
Mq = pow(C2, dq, q)
print(f"Mq = {Mq}\n")

print("Apply Chinese Remainder Theorem to solve:")
print(f"M ≡ {Mp} mod {p}")
print(f"M ≡ {Mq} mod {q}")

# CHinese Remainder Theorem function
def crt(a, p, b, q):
    inv_q = pow(q, -1, p)
    inv_p = pow(p, -1, q)
    x = (a * q * inv_q + b * p * inv_p) % (p*q)
    return x

decrypted_M = crt(Mp, p, Mq, q)
print(f"\nCRT Solution: M = {decrypted_M}")



7.4 Decryption process

Compute Mp ≡ C1^dp mod p ≡ 7^19 mod 23:
Mp = 11

Compute Mq ≡ C2^dq mod q ≡ 18^29 mod 31:
Mq = 19

Apply Chinese Remainder Theorem to solve:
M ≡ 11 mod 23
M ≡ 19 mod 31

CRT Solution: M = 701


To confirm that our code for DSA worked, the original message M and our decrypted message should match.

In [None]:
print("\nVerification\n")
print(f"Original message M: {M}")
print(f"Decrypted message: {decrypted_M}\n")

if M == decrypted_M:
    print(f"Decryption successful! M = {M} = Decrpyted message = {decrypted_M}")
else:
    print(f"Decryption failed... M = {M} ≠ Decrypted message = {decrypted_M}")



Verification

Original message M: 701
Decrypted message: 701

Decryption successful! M = 701 = Decrpyted message = 701


# 8. Conclusion

This project deepened my understanding of the world of cryptography and the measures that go behind creating a secure and reliable cryptosystems. Hands on experience with cryptographic system allowed me to turn my theoretical knowledge learnt in my lectures into practical understanding. Throughb building, testing and analyzing this system I gained crucial insights into the careful balance between mathematical theory and practical security considerations that proper cryptosystems require.

# 9. References

## 9.1 Academic references

[MATH 3CY3](https://academiccalendars.romcmaster.ca/preview_course_nopop.php?catoid=53&coid=264981)

## 9.2 Textbook references

[An Introduction to Mathematical Cryptography](https://link.springer.com/book/10.1007/978-0-387-77993-5)

## 9.2 Online resources

* [CRT](https://en.wikipedia.org/wiki/Chinese_remainder_theorem)
* [RSA](https://en.wikipedia.org/wiki/RSA_cryptosystem)
* [Modular Arithmetic](https://en.wikipedia.org/wiki/Modular_arithmetic).
* [ASCII](https://en.wikipedia.org/wiki/ASCII)

## 9.3 Python libraries used

* [math](https://docs.python.org/3/library/math.html)


