Practical Pencil & Paper Encryption (computerizable)

Bruce Schneier <schneier@chinet.chinet.com> in Message-ID: <CEtKr4.7B7@chinet.chinet.com> Date: Wed, 13 Oct 1993 05:04:13 GMT Subject: Pencil and paper encryption algorithm proposed a pencil-and-paper encryption algorithm that could be used without computers, but was still secure against computer-aided attacks. I answered with what I felt were several practical usage problems with his proposed methodology that made it infeasible to reliably encrypt and decrypt messages in a finite time. During a much needed vacation from the practical realities of work and life, I have attempted to come up with a simplified message encryption algorithm that meets Bruce's criteria and is practical in use. I took as design constraints that an inexpensive (< $30) pocket calculator was acceptable for performing any necessary calculations, but that something as big and complex as an HP-48 or an Apple Newton was unacceptable. I also changed the requirement from "secure against computer-aided attacks" to "highly resistant against computer aided attacks". My first attempt used a simple, multiple memory, non-programmable Radio Shack checkbook pocket calculator. While the methodology met the "resistance" criterion, it failed the practical test of error- free calculation in a finite time. It turned out to be possible to get reliable encryption and decryption by applying the result cross-checking techniques used in hand pencil-and-paper calculation, however the time required for error-free encryption was exorbitant. By relaxing the design constraints to allow limited programmability in the pocket calculator, I was able to adequately address the problem of speed of error-free encryption calculations. The constraint that I adopted was that the calculator's program steps must be simple and compact enough for the user to be able to memorize and to be able to re-enter the program into the calculator each time that it was used to encrypt or decrypt a message. I believe that this satisfies the reasonable requirement that there be no incriminating evidence left lying around in the calculator between encryption sessions. The following encryption procedure was tested using an $18 Radio Shack Model EC-4021 programmable scientific calculator. The algorithms were modified as necessary to conform to the practical limitations of the calculator keypad and limited programming capabilities. With only moderate training time (a couple of hours) I was able to reliably encrypt and decrypt messages at a rate of 8-10 characters per minute. The primary speed limitation was the actual tran- scription on the results by pencil onto paper. I would appreciate any and all comments, criticisms, error corrections and suggestions for improvements. Richard Robertson richardr@netcom.com ------------------------------------------------------------ A "Pencil and Paper" Encryption Algorithm for Pocket Calculators Copyright 1993 Richard L. Robertson Contents A: Encryption Confusion Generators B: Substitution Cipher Technique C: Transposition Cipher Technique D: Encryption Key Management E: Cryptographic Hardness F: Message Encryption Example G: Sample Message Key Generation A: Encryption Confusion Generators The core confusion generator chosen is a variation on the non- linear equation Logistic Difference Equation (LDE). This is selected for its adequate PRNG properties and its simplicity of calculation. The standard basic LDE can be written as X[n+1] = R * X[n] * (1 - X[n]) where R = 4, and 0 < X[n] < 1 While the output of the LDE has reasonable unpredictability, this basic formulation has limited cryptographic usefulness, partly because of limited sequence length and partly because the seed can be derived with sufficient information about successive values, even if "jitterized" (as described by Terry Ritter). By revising the constraints slightly to 3.99 < R < 4.0 the resulting output is "sub-chaotic" but still has very good PRNG properties. Another advantage of using R < 4.0 is that rounding errors in calculations do not cause any numerical values that result in the PRNG sequence degenerating from calculation errors. Extensive numerical trials on a 486 PC with 15-digit (decimal) floating point calculations have not uncovered any values of R or X[n] that result in short or degenerate PRNG sequences. The average length of a pseudo-random sequence from a (modified) LDE is a function of the number of digits of precision used in the calculations. For 9-digit fractional numbers, the expected length of a pseudo-random sequence is ~ 3 * 10^4 and there are ~ 3 * 10^4 independent sequences. The sequence length is adequate for pencil and paper encryption since messages would rarely exceed 200 characters. To develop a reasonably secure cryptographic methodology using the modified LDE as the confusion generator, proceed as follows: 1 - Select two non-linear (LDE) confusion generators G1 = R * X * (1 - X), and G2 = R'* Y* (1 - Y) where R' = 0.999 * R (used because of limitations in the number of memory registers in the pocket calculator) 2 - The cryptographic key (or seed) consists of the values R, X[0] and Y[0], where 0 < X[0] < 1 is a 9-digit key 0 < Y[0] < 1 is a 9-digit key 3.99 < R < 4.0 is a 7-digit key The total key length is 25 digits, giving a key space size of 10^25. The keys are short enough to be easily memorized. (If you are not convinced of this assertion, consider how many phone numbers, PIN numbers, bank account numbers, etc that the average person routinely commits to memory) 3 - Select a non-linear combiner for the output of two confusion generators. This is the first level of serious cryptographic strength. We will chose the function K = G1 <*> G2 where <*> is the floating point multiplication operator with rounding (see Knuth, Seminumerical Algorithms for details). At little inspection will show that it is not possible to recover the values G1 and G2 from a given K because K is not uniquely factorable. The rounding performed during the multiplication discards information necessary for factoring. In fact, for any 0 < K < 1, *all* values of G1 > K are valid factors of K. Rephrased, for any K {0 < K < 1} and for any p {1 > p > K, there exists at least one q {1 > q > K} such that K = p <*> q. Note: Because of rounding, numbers of the form K = (1/b)^n (where b is the base) are the only exceptions to this statement. For K = (1/b)^n, q = 1-(1/b)^n is not a factor of K. Recovering a sequence of G1 and G2 values from a sequence of K values, and from that recovering the cryptographic keys R, X[0] and Y[0], requires solving a series of simultaneous non- linear high-order polynomial equations. I am not aware of any practical way to do this in the literature. Brute force recovery of the sequence of n-digit G1 and G2 values requires checking a minimum of 10^(n*3) n-tuples {G1,G2,G'1,G'2,G''1,G''2} to determine which are possible solutions for the generator functions G1 and G2. 4 - Choose a domain transformation from quasi-continuous floating point to the finite to select digits from K to use for data encryption. This is the second level of serious cryptographic strength. Choose any algorithm for selecting a cipher value K' of either 1 or 2 digits from "around the middle" of the value K to use for performing the encryption. Because the confusion generators G1 and G2 are independent and have reasonably uniform digit distributions, the nonlinear combination K = G1 <*> G2 also has a reasonably uniform digit distribution. For any particular 1-digit value K', there are 10^8 possible values of K that could have generated it. For any particular 2-digit value K', there are 10^7 possible corresponding values for K. 5a - Use the sequence {K'} as the key for a Vigenere cipher 5b - Use the sequence {K'} to control a pseudo-random transposition cipher. 5c - Combine (5a) and (5b). Use (5a) to "bit-level" the message text, then use (5b) to superencipher the output of (5a). This would require two complete encryption steps and is probably too labor and time intensive to be worth while for pencil and paper encryption. In summary, the steps for calculating the encryption sequence K' are as follows: X [n+1] = R * X[n] * (1 - X[n]) Y [n+1] = .999 * R * Y[n] * (1 - Y[n]) K [n+1] = X[n+1] * Y[n+1] K'[n+1] = 1 or 2 low-order digits of int (10^5 * K[n+1]) B: Substitution Cipher Technique In this system, the key consists of a series {K'} of 2-digit values that is as long as the message. These are added to the plaintext message characters modulo 100, considered the alphabet as numbered from Sp=00, A=01 to Z=26, etc. This is your basic Vigenere cipher with the cipher key as long as the message. Decryption performs the same series of steps on the ciphertext message characters except that subtraction modulo 100 is used. Given that the K' form an unpredictable sequence, this is equivalent to a one-time pad Vernam cipher where the one-time pad does not have to be transmitted to the receiver. The message recipient can regenerate the series {K'} from knowledge of the cipher key <R,X[0],Y[0]>. The only problems that need to be addressed are the resistance of the sequence {K'} to computer-assisted attack and how to manage the necessary set of secret keys {<R,X[0],Y[0]>}, since one key-tuple is consumed by each message. In summary, the steps for encrypting a message M are as follows: compute K[n] as described above C[n] = 2 low-order digits of int (10^5 * K[n]) + M[n] where M[n] is the nth plaintext character, and C[n] is the nth ciphertext character and the steps for decrypting a ciphertext C are as follows: compute K[n] as described above M[n] = 2 low-order digits of int (100001 - (10^5 * K[n]) + C[n]) where M[n] is the nth plaintext character, and C[n] is the nth ciphertext character C: Transposition Cipher Technique In this system, the key consists of a series {K'} of 1-digit values that is longer than the message. 1 - Write down the plaintext message into blocks of length 10 (because the calculator operates in decimal mode). Repeat the message at least once because the algorithm will encipher more characters than are in the message. The exact number of excess characters enciphered is random but bounded. If the message text is: "Now is the time for all good men to come to the aid of their party." then this is written in blocks of 10 as: 1234567890 |Now is the| | time for | |all good m| |en to come| | to the ai| |d of their| | party.Now| | is the ti| |me for all| Repeat the message text as required. 2 - Calculate the sequence of 1-digit numbers {K'} 3 - For each value K', select and output the next unused character in column K'. Mark the selected character as used. 4 - Repeat this process until all characters in the base message have been transmitted. Decryption proceeds as follows: 1 - Calculate the sequence of 1-digit numbers {K'} 2 - Get the next ciphertext character and place it in the next available column K' 3 - Repeat this process for all ciphertext characters. 4 - The row in which that last character is placed is the last row of the message. Discard any rows following that row because they are just random padding added by the encryption algorithm. Transposition ciphers are substantially harder to attack than substitution ciphers and normally require a lot of hand work. Normally they are attacked by anagramming when there is some knowledge of the expected message contents. I would assert, based on a moderate literature search, that this pseudo-random transposition has no known effective methods for attack because there are no fixed column boundaries and character positions are pseudo-random. If the cryptographic key <R,X[0],Y[0]> is changed with each message there should be no way short of brute force anagramming or a brute force key space search to break this cipher because the cryptographic cipher values are never exposed for cryptanalysis. D: Key Management To make the subsitution cipher encryption useful the key must be changed with each message because it is a one-time pad method. The encryption method has already addressed and eliminated the need for the sender to transmit a copy of the OTP to the receiver by having the receiver independently recreated the OTP used to encrypt the message. While having a separate, unique encryption key for each message is less important for the transposition cipher, it does strengthen the cipher against any attack if the key can be easily changed for each message. In order to not have to transmit each key used to generate the OTP for each message to the receiver, a technique must be developed that provides a similar facility. If this can be accomplished, then the only secret that the sender and receiver must share is a single, small master key. Sharing a small amount of secret information is a fairly easy problem to solve in practice. Inspection of the method for generating the encryption confus*ion sequence shows a way to accomplish the desired key management. Consider the sequence of values {K[i]}. It is obvious from the earlier discussion that there are only two ways to be able to predict subsequent values K[n+1] from the series of values {K[1] ... K[n]}: - obtain the generating seeds for G1 and G2 by brute force examining sets of possible values {G1[i],G2[i]} obtained by factoring {K[i]}. This would require examining at least ~ 10^24 (2^80) possible sets {G1[i],G2[i]} and as such is not feasible with current computing technology. - obtain the generating seeds for G1 and G2 by solving a set of simultaneous high-order nonlinear system of equations. This is an extremely hard problem that is not (as far as my literature search has taken me) amenable to solution at this time. In order to make the problem slightly harder for the crypt- analyst, the key generation algorithm chosen will not use the sequence {K[i]} directly so as not to expose the actual values K[n], but will use K[n] as a starting point for another nonlinear combiner. Again, the algorithms have been adjusted to compensate for the limitations of the pocket calculator. To generate a cryptographically (reasonably) secure sequence of encryption keys using the modified LDE as the confusion generator, proceed as follows: 1 - Select two non-linear (LDE) confusion generators G1 = R * X * (1 - X), and G2 = R'* Y* (1 - Y) where R' = 0.999 * R (used because of limitations in the number of memory registers in the pocket calculator) 2 - The master cryptographic key (or seed) consists of the values R, X[0] and Y[0], where 0 < X[0] < 1 is a 9-digit key 0 < Y[0] < 1 is a 9-digit key 3.99 < R < 4.0 is a 7-digit key The total key length is 25 digits, giving a key space size of 10^25. The keys are short enough to be easily memorized. (If you are not convinced of this assertion, consider how many phone numbers, PIN numbers, bank account numbers, etc that the average person routinely commits to memory) 3 - Select a non-linear combiner for the output of two confusion generators. This is the first level of serious cryptographic strength. We will chose the function K = G1 <*> G2 where <*> is the floating point multiplication operator with rounding (see Knuth, Seminumerical Algorithms for details). 4 - To generate the Nth message key iterate the basic sequence generator N times. Then use the values K[N] ... to alter the generator parameters R, X and Y as follows: R <- 3.99 + (K[n]/100) X <- K'[n+1] where K'[i] <> K[i] because the generating parameters are different Y <- K'[n+2] R <- 3,99 + (K'(n+3)/100) 5 - The final resulting values <R,X,Y> become the cryptographic key for the Nth message being encrypted or decrypted and are used as described above for message encryption and decryption. Only the value N must be transmitted with the message, not the values of the message key <R,X,Y>, because the receiver can recreate the message key from N and the master key shared by the sender and receiver. The only additional requirement for security is that no key be reused. This is easy to implement by having the sender number the messages as they are encrypted. The receiver verifies that a message is valid by rejected any message where the message number N is less than the message number of the last message received. This will prevent replay attacks in the event that an opponent obtains a message key. In summary, the steps for calculating the encryption key <R,X,Y> for the Nth message are as follows: Repeat N times: X [i+1] = R * X[i] * (1 - X[i]) Y [i+1] = .999 * R * Y[i] * (1 - Y[i]) K [i+1] = X[i+1] * Y[i+1] {end repeat} R <- 3.99 + (K[N]/100) calculate K[N+1] X <- K'[N+1] calculate K'[N+2] Y <- K'[N+2] calculate K'[N+3] R <- 3.99 + (K'[N+3]/100) The message encryption key conists of the values <R,X,Y> at the conclusion of this calculation. E: Cryptographic Hardness Key space searches: The key space size is ~ 10^25 (~ 2^80), which is too large for brute force search with currently available computing resources. Because the key values are random 9-digit numbers there is no possible dictionary attack. Known Plaintext: A known plaintext attack will immediately give the cipher sequence {K'}. However, an absolute minimum of 3 sequential values of the sequence {K} are needed to derive the encryption key <R,X[0],Y[0]>. For the 2-digit sequence {K'} used in the substitution cipher, this requires checking the validity of the encryption keys derived from the (at least) 10^21 (2^70) possible triples {K1,K2,K3}. This is well beyond current computational capabilities. Since each key <R,X[0],Y[0]> is used only once, possession of the key for one message does not give the opponent any direct value in a known plaintext attack. To determine the key for subsequent messages, at least 3 successive keys must be accumulated in order for the cryptanalyst to attack the key management. Chosen Plaintext: No advantage over known plaintext. Key Management: Same problems (or worse) for the cryptanalyst as aKnown Plaintext attack. Differential Cryptanalysis: I don't see that this is applicable because the key changes with each message. F: Message Encryption Example: Sample message to be enciphered "Now is the time for all good men to come to the aid of their party." Message buffer is padded with repeats of the message, but it would be better to pad with randomly chosen text. The encryption calculations were performed on a Radio Shack Model EC-4021 programmable scientific calculator. Image of Message Text Buffer ========================================= : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 : ========================================= 0 | N | O | W | | I | S | | T | H | E | +---+---+---+---+---+---+---+---+---+---+ 1 | | T | I | M | E | | F | O | R | | +---+---+---+---+---+---+---+---+---+---+ 2 | A | L | L | | G | O | O | D | | M | +---+---+---+---+---+---+---+---+---+---+ 3 | E | N | | T | O | | C | O | M | E | +---+---+---+---+---+---+---+---+---+---+ 4 | | T | O | | T | H | E | | A | I | +---+---+---+---+---+---+---+---+---+---+ 5 | D | | O | F | | T | H | E | I | R | +---+---+---+---+---+---+---+---+---+---+ | | P | A | R | T | Y | . | N | O | W | <- Message ends at ========================================= this line 7 | | I | S | | T | H | E | | T | I | +---+---+---+---+---+---+---+---+---+---+ Buffer is loaded with 8 | M | E | | F | O | R | | A | L | L | repeated copies of the +---+---+---+---+---+---+---+---+---+---+ message text 9 | | G | O | O | D | | M | E | N | | +---+---+---+---+---+---+---+---+---+---+ 10 | T | O | | C | O | M | E | | T | O | +---+---+---+---+---+---+---+---+---+---+ 11 | | T | H | E | | A | I | D | | O | +---+---+---+---+---+---+---+---+---+---+ 12 | F | | T | H | E | I | R | | P | A | +---+---+---+---+---+---+---+---+---+---+ 13 | R | T | Y | . | N | O | W | | I | S | +---+---+---+---+---+---+---+---+---+---+ 14 | | T | H | E | | T | I | M | E | | +---+---+---+---+---+---+---+---+---+---+ 15 | F | O | R | | A | L | L | | G | O | +---+---+---+---+---+---+---+---+---+---+ 16 | O | D | | M | E | N | | T | O | | +---+---+---+---+---+---+---+---+---+---+ 17 | C | O | M | E | | T | O | | T | H | +---+---+---+---+---+---+---+---+---+---+ 18 | E | | A | I | D | | O | F | | T | +---+---+---+---+---+---+---+---+---+---+ 19 | H | E | I | R | | P | A | R | T | Y | +---+---+---+---+---+---+---+---+---+---+ ============================================================ Substitution Encipherment of Sample Text The Message Encryption Key X[0] = 0.123456789 register K1 R = 3.995678901 register K2 Y[0] = 0.234567891 register M Calculator set to No Rounding (2nd Fn - Tab - .) ie, show all decimal digits Substitution Cipher Character Translation Table Sp 00 J 10 T 20 A 01 K 11 U 21 B 02 L 12 V 22 C 03 M 13 W 23 D 04 N 14 X 24 E 05 O 15 Y 25 F 06 P 16 Z 26 G 07 Q 17 . 27 H 08 R 18 I 09 S 19 Plain Text converted to decimal representation ========================================= : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 : ========================================= 0 | 14| 15| 23| 00| 09| 19| 00| 20| 08| 05| +---+---+---+---+---+---+---+---+---+---+ 1 | 00| 20| 09| 13| 05| 00| 06| 15| 18| 00| +---+---+---+---+---+---+---+---+---+---+ 2 | 01| 12| 12| 00| 07| 15| 15| 04| 00| 13| +---+---+---+---+---+---+---+---+---+---+ 3 | 05| 14| 00| 20| 15| 00| 03| 15| 13| 05| +---+---+---+---+---+---+---+---+---+---+ 4 | 00| 20| 15| 00| 20| 08| 05| 00| 01| 09| +---+---+---+---+---+---+---+---+---+---+ 5 | 04| 00| 15| 06| 00| 20| 08| 05| 09| 18| +---+---+---+---+---+---+---+---+---+---+ 6 | 00| 16| 01| 18| 20| 25| 27| * | <- * := EOM +---+---+---+---+---+---+---+---+ Cipher Text in decimal representation ========================================= : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 : ========================================= 0 | 03| 96| 69| 02| 83| 49| 28| 31| 22| 13| +---+---+---+---+---+---+---+---+---+---+ 1 | 21| 63| 92| 03| 90| 45| 72| 08| 26| 34| +---+---+---+---+---+---+---+---+---+---+ 2 | 15| 65| 62| 01| 34| 84| 50| 12| 62| 83| +---+---+---+---+---+---+---+---+---+---+ 3 | 07| 41| 71| 33| 72| 64| 38| 96| 73| 25| +---+---+---+---+---+---+---+---+---+---+ 4 | 16| 96| 06| 57| 93| 39| 8 | 47| 60| 96| +---+---+---+---+---+---+---+---+---+---+ 5 | 29| 49| 88| 37| 39| 37| 61| 24| 68| 38| +---+---+---+---+---+---+---+---+---+---+ 6 | 60| 90| 25| 96| 67| 84| 65| * | <- * := EOM +---+---+---+---+---+---+---+---+ ============================================================ Transposition Encrypted Message Text The Message Encryption Key X[0] = 0.123456789 register K R = 3.995678901 register K2 Y[0] = 0.234567891 register M Set calculator rounding to 0 decimal digits (2nd Fn - Tab - 0) ie, show only integer portion of answer Encrypted message in blocks of 10 letters |HO T NR IT||AM ES OWOT| | FE D EMLD||IF LOG M | |HC ORN AE||OIOTOE MEI| |TFTN TA LO||TE APH. DR| |OSC ITW IE||Y|* <-* := EOM ========================================= : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 : ========================================= 0 | H | O | | T | | N | R | | I | T | +---+---+---+---+---+---+---+---+---+---+ 1 | A | M | | E | S | | O | W | O | T | +---+---+---+---+---+---+---+---+---+---+ 2 | | F | E | | D | | E | M | L | D | +---+---+---+---+---+---+---+---+---+---+ 3 | I | F | | L | O | G | | | M | | +---+---+---+---+---+---+---+---+---+---+ 4 | H | C | | O | R | N | | | A | E | +---+---+---+---+---+---+---+---+---+---+ 5 | O | I | O | T | O | E | | M | E | I | +---+---+---+---+---+---+---+---+---+---+ 6 | T | F | T | N | | T | A | | L | O | +---+---+---+---+---+---+---+---+---+---+ 7 | T | E | | A | P | H | . | | D | R | +---+---+---+---+---+---+---+---+---+---+ 8 | O | S | C | | I | T | W | | I | E | +---+---+---+---+---+---+---+---+---+---+ 9 | Y | * | <- * := EOM +---+---+ ============================================================ Decrypted Transposition Message ========================================= : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 : ========================================= 0 | N | O | W | | I | S | | T | H | E | +---+---+---+---+---+---+---+---+---+---+ 1 | | T | I | M | E | | F | O | R | | +---+---+---+---+---+---+---+---+---+---+ 2 | A | L | L | | G | O | O | D | | M | +---+---+---+---+---+---+---+---+---+---+ 3 | E | N | | T | O | | C | O | M | E | +---+---+---+---+---+---+---+---+---+---+ 4 | | T | O | | T | H | E | | A | I | +---+---+---+---+---+---+---+---+---+---+ 5 | D | | O | F | | T | H | E | I | R | +---+---+---+---+---+---+---+---+---+---+ 6 | | P | A | R | T | Y*| . | N | O | W | * := Last char +---+---+---+---+---+---+---+---+---+---+ received 7 | | I | S | | | | T | I | +---+---+---+---+ +---+---+---+ all partially 8 | M | E | | F | | A | L | filled rows +---+---+ +---+ +---+---+ after the row 9 | | | O | | E | with the last +---+ +---+ +---+ char received 10 | T | | C | | | are discarded +---+ +---+ +---+ 11 | | | D | +---+ +---+ 12 | | +---+ The actual shape of any particular received message block will vary randomly with the key and the length of the message transmitted. ============================================================ Transposition column selection table The Message Encryption Key X[0] = 0.123456789 register K1 R = 3.995678901 register K2 Y[0] = 0.234567891 register M Set calculator rounding to 0 decimal digits (2nd Fn - Tab - 0) ie, show only integer portion of answer ========================================= : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 : ========================================= 0 | 9 | 2 | 7 | 2 | 4 | 1 | 9 | 1 | 5 | 8 | +---+---+---+---+---+---+---+---+---+---+ 1 | 1 | 4 | 4 | 1 | 6 | 6 | 6 | 3 | 8 | 4 | +---+---+---+---+---+---+---+---+---+---+ 2 | 4 | 4 | 0 | 1 | 8 | 9 | 5 | 9 | 2 | 1 | +---+---+---+---+---+---+---+---+---+---+ 3 | 3 | 7 | 1 | 3 | 7 | 5 | 6 | 1 | 1 | 0 | +---+---+---+---+---+---+---+---+---+---+ 4 | 6 | 7 | 1 | 8 | 4 | 2 | 3 | 8 | 9 | 8 | +---+---+---+---+---+---+---+---+---+---+ 5 | 5 | 9 | 3 | 2 | 9 | 7 | 4 | 0 | 0 | 0 | +---+---+---+---+---+---+---+---+---+---+ 6 | 1 | 4 | 5 | 8 | 8 | 9 | 8 | 2 | 9 | 3 | +---+---+---+---+---+---+---+---+---+---+ 7 | 6 | 8 | 5 | 3 | 2 | 7 | 7 | 8 | 8 | 0 | +---+---+---+---+---+---+---+---+---+---+ 8 | 4 | 3 | 4 | 1 | 2 | 5 | 0 | 8 | 0 | 2 | +---+---+---+---+---+---+---+---+---+---+ 9 | 6 | 7 | 2 | 1 | 1 | 2 | 6 | 4 | 1 | 3 | +---+---+---+---+---+---+---+---+---+---+ 10 | 2 | 6 | 6 | 1 | 8 | 9 | 5 | 1 | 2 | 8 | +---+---+---+---+---+---+---+---+---+---+ G: Sample Message Key Generation The Master Encryption Key X[0] = 0.567890123 register K1 R = 3.998901234 register K2 Y[0] = 0.345678912 register M Calculator set to No Rounding (2nd Fn - Tab - .) ie, show all decimal digits Calculate the Message Encryption Key for the 5th message Repeat calculation of K[i] 5 times K[1] = 0.886684581 K[2] = 0.025546435 K[3] = 0.246545962 K[4] = 0.268216342 K[5] = 0.589846665 R <- 3.99 + (K[5]/100) = 3.995898467 K'[6] = 0.337260078 X <- K'[6] = 0.337260078 K'[7] = 0.83623299 Y <- K'[7] = 0.83623299 K'[8] = 0.208478335 R <- 3.99 + (K'[8]/100) = 3.992084783 The resulting Message Encryption Key for message #5 is: X[0] = 0.381353099 register K1 R = 3.992084783 register K2 Y[0] = 0.546680583 register M