Blowfish Algorithm

1
Blowfish Algorithm
2
The Blowfish Encryption Algorithm

• Blowfish is a keyed, symmetric block cipher,
  designed in 1993 by Bruce Schneier and included
  in a large number of cipher suites and encryption
  products. (Wikipedia)
• Blowfish is a symmetric block cipher that can be
  used as a drop-in replacement for DES or IDEA.
  (Bruce Schneier)

3
The Blowfish Encryption Algorithm (cont.)

• Blowfish was designed in 1993 by Bruce Schneier
  as a fast, free alternative to existing
  encryption algorithms.
• It takes a variable-length key, from 32 bits to
  448 bits, making it ideal for both domestic and
  exportable use.

4
(No Transcript)
5
The Blowfish Algorithm

• There are two parts to this algorithm
• A part that handles the expansion of the key.
• A part that handles the encryption of the data.
• The expansion of the key break the original key
  into a set of subkeys. Specifically, a key of no
  more than 448 bits is separated into 4168 bytes.
  There is a P-array and four 32-bit S-boxes. The
  P-array contains 18 32-bit subkeys, while each
  S-box contains 256 entries.
• The encryption of the data 64-bit input is
  denoted with an x, while the P-array is denoted
  with a Pi (where i is the iteration).

6
The Blowfish Algorithm Key Expansion (cont)

• Blowfish has a 64-bit block size and a key length
  of anywhere from 32 bits to 448 bits (32-448 bits
  in steps of 8 bits default 128 bits).
• It is a 16-round Feistel cipher and uses large
  key-dependent S-boxes. It is similar in structure
  to CAST-128, which uses fixed S-boxes.

7
Blowfish Algorithm

• The algorithm consists of two parts
• A key - expansion part.
• A data - encryption part.

8
Blowfish Algorithm

• Key expansion converts a key of at most 448 bits
  into several subkey arrays totaling 4168 bytes.
• Data encryption occurs via a 16-round Feistel
  network. Each round consists of a key-dependent
  permutation, and a key- and data-dependent
  substitution.

9
Subkey

• The P-array consists of 18 32-bit subkeys P1,
  P2,..., P18.
• There are four 32-bit S-boxes with 256 entries
  each S1,0, S1,1,..., S1,255 S2,0, S2,1,..,,
  S2,255 S3,0, S3,1,..., S3,255 S4,0, S4,1,..,,
  S4,255.

10
Encryption Algorithm

• The input is a 64-bit data element, x.
• Divide x into two 32-bit halves xL, xR
• For i 1 to 16
• xL xL XOR Pi
• xR F(xL) XOR xR
• Swap xL and xR
• Swap xL and xR (Undo the last swap.)

11
Encryption Algorithm

• xR xR XOR P17
• xL xL XOR P18
• Recombine xL and xR
• Function F
• Divide xL into four eight-bit quarters a, b, c,
  and d
• F(xL) ((S1,a S2,b mod 232) XOR S3,c) S4,
  d mod 232

12
Encryption Algorithm
Begin
X/2 xL and xR
For i 1 to 16
xL xL XOR Pi xR F(xL) XOR xR
swap xL and xR
Yes
I lt 16
No
swap xL and xR
xL xL XOR P17 xR xR XOR P18
End
Recombine xL and xR
13
Encryption Algorithm
Begin
xL/4 a, b, c, d where a, b, c, d are 8 bit
quarters
F(xL) ((S1, a S2, b mod 232) XOR S3, c)
S4, d mod 223
End
14
Decryption Algorithm

• Decryption is exactly the same as encryption,
  except that P1, P2,..., P18 are used in the
  reverse order.

15
The Blowfish Algorithm Key Expansion (cont)

• Initialize the P-array and S-boxes
• XOR P-array with the key bits. For example, P1
  XOR (first 32 bits of key), P2 XOR (second 32
  bits of key), ...
• Use the above method to encrypt the all-zero
  string
• This new output is now P1 and P2
• Encrypt the new P1 and P2 with the modified
  subkeys
• This new output is now P3 and P4
• Repeat 521 times in order to calculate new
  subkeys for the P-array and the four S-boxes

16
The Blowfish Algorithm
17
The Blowfish Algorithm Encryption (cont)
Diagram of Blowfish's F function
18
The Blowfish Algorithm Encryption (cont)

• The diagram to the right shows Blowfish's
  F-function. The function splits the 32-bit input
  into four eight-bit quarters, and uses the
  quarters as input to the S-boxes. The outputs are
  added modulo 232 and XORed to produce the final
  32-bit output.
• Since Blowfish is a Feistel network, it can be
  inverted simply by XORing P17 and P18 to the
  ciphertext block, then using the P-entries in
  reverse order.

19
The Function F
20
The Blowfish Algorithm (cont)

• Blowfish's key schedule starts by initializing
  the P-array and S-boxes with values derived from
  the hexadecimal digits of pi, which contain no
  obvious pattern.
• The secret key is then XORed with the P-entries
  in order (cycling the key if necessary). A 64-bit
  all-zero block is then encrypted with the
  algorithm as it stands.
• The resultant ciphertext replaces P1 and P2. The
  ciphertext is then encrypted again with the new
  subkeys, and P3 and P4 are replaced by the new
  ciphertext. This continues, replacing the entire
  P-array and all the S-box entries.
• In all, the Blowfish encryption algorithm will
  run 521 times to generate all the subkeys - about
  4KB of data is processed.

21
Cryptanalysis of Blowfish

• There is no effective cryptanalysis of Blowfish
  known publicly as of 2005, although the 64-bit
  block size is now considered too short, because
  encrypting more than 232 data blocks can begin to
  leak information about the plaintext due to a
  birthday attack.
• Despite this, Blowfish seems thus far to be
  secure. While the short block size does not pose
  any serious concerns for routine consumer
  applications like e-mail, Blowfish may not be
  suitable in situations where large plaintexts
  must be encrypted, as in data archival.

22
Cryptanalysis of Blowfis (Cont)

• In 1996, Serge Vaudenay found a known-plaintext
  attack requiring 28r 1 known plaintexts to
  break, where r is the number of rounds. Moreover,
  he also found a class of weak keys that can be
  detected and broken by the same attack with only
  24r 1 known plaintexts.
• This attack cannot be used against the full
  16-round Blowfish

23
Blowfish in practice

• Blowfish is one of the fastest block ciphers in
  widespread use, except when changing keys.
• Each new key requires pre-processing equivalent
  to encrypting about 4 kilobytes of text, which is
  very slow compared to other block ciphers.
• This prevents its use in certain applications,
  but is not a problem in others. In one
  application, it is actually a benefit the
  password-hashing method used in OpenBSD uses an
  algorithm derived from Blowfish that makes use of
  the slow key schedule the idea is that the extra
  computational effort required gives protection
  against dictionary attacks.

24
Blowfish in practice (Cont)

• In some implementations, Blowfish has a
  relatively large memory footprint of just over 4
  kilobytes of RAM. This is not a problem even for
  older smaller desktop and laptop computers, but
  it does prevent use in the smallest embedded
  systems such as early smartcards.
• Blowfish is not subject to any patents and is
  therefore freely available for anyone to use.
  This has contributed to its popularity in
  cryptographic software.

25
Products that Use Blowfish

• Blowfish Advanced CS by Markus Hahn File
  encryption and wipe utility for all Win32
  systems. File browser, job automation, auto
  password confirmation, secure key setup with
  SHA-1, and data compression with LZSS. Uses
  Blowfish, Twofish, and Yarrow. Open source.
• 96Crypt by fever.link A file and folder
  encryption/decryption program.
• Access Manager by Citi-Software Ltd A password
  manager for Windows. Free for personal use.

26
Products that Use Blowfish (cont)

• AEdit A free Windows word processor
  incorporating text encryption.
• Coolfish An encrypting text editor for Windows.
• Foopchat Encrypted chat and advanced file
  sharing using a client/server architecture.
• JFile by Land-J Technologies A database program
  for the PalmOS platform.
• Freedom by Zero-Knowledge Privacy for web
  browsing, e-mail, chat, telnet, and newsgroups.
• More http//www.schneier.com/blowfish-products.ht
  ml