In the first instance, a pair of public-private keys are created during the form definition. Let $X_f$ and $Y_f$ denote the private and public keys, respectively. The relationship between $X_f$ and $Y_f$ is shown below:

Y_f = g^{X_f} \mod \; p \qquad (1)

When a complete form instance is to be encrypted on the android device, the CCA Mobile app generates a private key X_m and public key Y_m. Y_m and X_m are related using the equation shown below:

Y_m = g^{X_m} \mod \; p \qquad (2)

The CCA Mobile app computes an encryption key, K_m, using the following equation:

K_m = Y_f^{X_m} \mod \; p \qquad (3)

To decrypt D_x, the CCA Desktop app extracts Y_m from Equation (6) and computes the cryptographic key, K_f, using the Equation (8):

K_f = Y_m^{X_f} \mod \; p \qquad (8)

The first 128-bits of K_f are extracted to get K_{f-128}. Remember that D_x is the encrypted version of D. The relationship between D and D_x during decryption is thus:

D = E^{-1} [K_{f-128},D_x,IV] \qquad (9)