Title: Blowfish Algorithm
1Blowfish Algorithm
2The Blowfish Encryption Algorithm
- Blowfish is a keyed, symmetric block cipher,
designed in 1993 by Bruce Schneier and included
in a large number of cipher suites and encryption
products. (Wikipedia) - Blowfish is a symmetric block cipher that can be
used as a drop-in replacement for DES or IDEA.
(Bruce Schneier)
3The Blowfish Encryption Algorithm (cont.)
- Blowfish was designed in 1993 by Bruce Schneier
as a fast, free alternative to existing
encryption algorithms. - It takes a variable-length key, from 32 bits to
448 bits, making it ideal for both domestic and
exportable use.
4(No Transcript)
5The Blowfish Algorithm
- There are two parts to this algorithm
- A part that handles the expansion of the key.
- A part that handles the encryption of the data.
- The expansion of the key break the original key
into a set of subkeys. Specifically, a key of no
more than 448 bits is separated into 4168 bytes.
There is a P-array and four 32-bit S-boxes. The
P-array contains 18 32-bit subkeys, while each
S-box contains 256 entries. - The encryption of the data 64-bit input is
denoted with an x, while the P-array is denoted
with a Pi (where i is the iteration).
6The Blowfish Algorithm Key Expansion (cont)
- Blowfish has a 64-bit block size and a key length
of anywhere from 32 bits to 448 bits (32-448 bits
in steps of 8 bits default 128 bits). - It is a 16-round Feistel cipher and uses large
key-dependent S-boxes. It is similar in structure
to CAST-128, which uses fixed S-boxes.
7Blowfish Algorithm
- The algorithm consists of two parts
- A key - expansion part.
- A data - encryption part.
8Blowfish Algorithm
- Key expansion converts a key of at most 448 bits
into several subkey arrays totaling 4168 bytes. - Data encryption occurs via a 16-round Feistel
network. Each round consists of a key-dependent
permutation, and a key- and data-dependent
substitution.
9Subkey
- The P-array consists of 18 32-bit subkeys P1,
P2,..., P18. - There are four 32-bit S-boxes with 256 entries
each S1,0, S1,1,..., S1,255 S2,0, S2,1,..,,
S2,255 S3,0, S3,1,..., S3,255 S4,0, S4,1,..,,
S4,255.
10Encryption Algorithm
- The input is a 64-bit data element, x.
- Divide x into two 32-bit halves xL, xR
- For i 1 to 16
- xL xL XOR Pi
- xR F(xL) XOR xR
- Swap xL and xR
- Swap xL and xR (Undo the last swap.)
11Encryption Algorithm
- xR xR XOR P17
- xL xL XOR P18
- Recombine xL and xR
- Function F
- Divide xL into four eight-bit quarters a, b, c,
and d - F(xL) ((S1,a S2,b mod 232) XOR S3,c) S4,
d mod 232
12Encryption Algorithm
Begin
X/2 xL and xR
For i 1 to 16
xL xL XOR Pi xR F(xL) XOR xR
swap xL and xR
Yes
I lt 16
No
swap xL and xR
xL xL XOR P17 xR xR XOR P18
End
Recombine xL and xR
13Encryption Algorithm
Begin
xL/4 a, b, c, d where a, b, c, d are 8 bit
quarters
F(xL) ((S1, a S2, b mod 232) XOR S3, c)
S4, d mod 223
End
14Decryption Algorithm
- Decryption is exactly the same as encryption,
except that P1, P2,..., P18 are used in the
reverse order.
15The Blowfish Algorithm Key Expansion (cont)
- Initialize the P-array and S-boxes
- XOR P-array with the key bits. For example, P1
XOR (first 32 bits of key), P2 XOR (second 32
bits of key), ... - Use the above method to encrypt the all-zero
string - This new output is now P1 and P2
- Encrypt the new P1 and P2 with the modified
subkeys - This new output is now P3 and P4
- Repeat 521 times in order to calculate new
subkeys for the P-array and the four S-boxes
16The Blowfish Algorithm
17The Blowfish Algorithm Encryption (cont)
Diagram of Blowfish's F function
18The Blowfish Algorithm Encryption (cont)
- The diagram to the right shows Blowfish's
F-function. The function splits the 32-bit input
into four eight-bit quarters, and uses the
quarters as input to the S-boxes. The outputs are
added modulo 232 and XORed to produce the final
32-bit output. - Since Blowfish is a Feistel network, it can be
inverted simply by XORing P17 and P18 to the
ciphertext block, then using the P-entries in
reverse order.
19The Function F
20The Blowfish Algorithm (cont)
- Blowfish's key schedule starts by initializing
the P-array and S-boxes with values derived from
the hexadecimal digits of pi, which contain no
obvious pattern. - The secret key is then XORed with the P-entries
in order (cycling the key if necessary). A 64-bit
all-zero block is then encrypted with the
algorithm as it stands. - The resultant ciphertext replaces P1 and P2. The
ciphertext is then encrypted again with the new
subkeys, and P3 and P4 are replaced by the new
ciphertext. This continues, replacing the entire
P-array and all the S-box entries. - In all, the Blowfish encryption algorithm will
run 521 times to generate all the subkeys - about
4KB of data is processed.
21Cryptanalysis of Blowfish
- There is no effective cryptanalysis of Blowfish
known publicly as of 2005, although the 64-bit
block size is now considered too short, because
encrypting more than 232 data blocks can begin to
leak information about the plaintext due to a
birthday attack. - Despite this, Blowfish seems thus far to be
secure. While the short block size does not pose
any serious concerns for routine consumer
applications like e-mail, Blowfish may not be
suitable in situations where large plaintexts
must be encrypted, as in data archival.
22Cryptanalysis of Blowfis (Cont)
- In 1996, Serge Vaudenay found a known-plaintext
attack requiring 28r 1 known plaintexts to
break, where r is the number of rounds. Moreover,
he also found a class of weak keys that can be
detected and broken by the same attack with only
24r 1 known plaintexts. - This attack cannot be used against the full
16-round Blowfish
23Blowfish in practice
- Blowfish is one of the fastest block ciphers in
widespread use, except when changing keys. - Each new key requires pre-processing equivalent
to encrypting about 4 kilobytes of text, which is
very slow compared to other block ciphers. - This prevents its use in certain applications,
but is not a problem in others. In one
application, it is actually a benefit the
password-hashing method used in OpenBSD uses an
algorithm derived from Blowfish that makes use of
the slow key schedule the idea is that the extra
computational effort required gives protection
against dictionary attacks.
24Blowfish in practice (Cont)
- In some implementations, Blowfish has a
relatively large memory footprint of just over 4
kilobytes of RAM. This is not a problem even for
older smaller desktop and laptop computers, but
it does prevent use in the smallest embedded
systems such as early smartcards. - Blowfish is not subject to any patents and is
therefore freely available for anyone to use.
This has contributed to its popularity in
cryptographic software.
25Products that Use Blowfish
- Blowfish Advanced CS by Markus Hahn File
encryption and wipe utility for all Win32
systems. File browser, job automation, auto
password confirmation, secure key setup with
SHA-1, and data compression with LZSS. Uses
Blowfish, Twofish, and Yarrow. Open source. - 96Crypt by fever.link A file and folder
encryption/decryption program. - Access Manager by Citi-Software Ltd A password
manager for Windows. Free for personal use.
26Products that Use Blowfish (cont)
- AEdit A free Windows word processor
incorporating text encryption. - Coolfish An encrypting text editor for Windows.
- Foopchat Encrypted chat and advanced file
sharing using a client/server architecture. - JFile by Land-J Technologies A database program
for the PalmOS platform. - Freedom by Zero-Knowledge Privacy for web
browsing, e-mail, chat, telnet, and newsgroups. -
- More http//www.schneier.com/blowfish-products.ht
ml