Scribd
Upload
12 views19 pages

Overview of the Blowfish Algorithm

Blowfish

Uploaded by

ιηρ
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views19 pages

Overview of the Blowfish Algorithm

Blowfish

Uploaded by

ιηρ
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

THE BLOWFISH ALGORITHM

• Keyed, symmetric block cipher


• Designed in 1993 .
• Can be used as a drop-in
replacement for DES.
THE BLOWFISH ENCRYPTION ALGORITHM

• As a fast, free alternative to


existing encryption algorithms.
• Variable-length key.
• From 32 bits to 448 bits.
• 16 rounds
• Analyzed considerably
• Gained acceptance as a strong encryption
algorithm.
• Blowfish is unpatented and license-free,
and is available free for all uses.
• More attention is now given to block
ciphers with a larger block size, such as
AES or Twofish.
• Many other designs were proprietary.
• Encumbered by patents or kept as
government secrets.
• “Blowfish is unpatented, and will remain so
in all countries. The algorithm is hereby
placed in the public domain, and can be
freely used by anyone”.
BRUCE SCHNEIER
 Bruce Schneier (born January
15, 1963)
 American cryptographer,
computer security specialist,
and writer.
 Authored several books on
computer security and
cryptography
 Founder and chief technology
officer of Counterpane Internet
Security.
THE ORIGINAL BLOWFISH

 Original Blowfish paper was presented at


the First Fast Software Encryption
workshop in Cambridge, UK in April 1994
in the issue of Dr. Dobb's Journal.
 One year later in September 1995 this was
puiblished in the issue of Dr. Dobb's
Journal.
THE BLOWFISH ALGORITHM
• Two parts:
– Expansion of the key.
– Encryption of the data.
• Expansion of the key:
– Break the original key into a set of subkeys.
– Key of no more than 448 bits is separated into
4168 bytes.
– P-array and four 32-bit S-boxes.
– P-array contains 18 32-bit subkeys.
– Each S-box contains 256 entries.
KEY EXPANSION
1) Keys are stored in an array
k1,k2,... k14 (each 32 bits i.e. 448/32=14)
2) Intialize P-array P1 to P18
(hexadecimal values of subkeys P1= 243F6A88, P2= 85A308D3, ...)
3) Intialize S-boxes (256 entries S0-S255) with hexadecimal values
4) XOR operations
P1=P1 XOR k1
P2= P2 XOR k2
.
.
.
P14= P14 XOR k14
P15= P15 XOR k1
P16= P16 XOR k2
P17= P17 XOR k3
P18= P18 XOR k14
 Each line - 32 bits.
 Algorithm keeps two sub-key
arrays:
 The 18-entry P-array
 Four 256-entry S-boxes.
 S-boxes accept 8-bit input
 Produce 32-bit output.
 One entry of P-array is used
every round.
 After final round, each half of data
block is XORed with one of the
two remaining unused P-entries.
THE BLOWFISH ALGORITHM:
ENCRYPTION
1. Divide 64 bit plaintext into two parts- Left and Right
2. Iteration for i=1 to 16
i. Li= Li XOR Pi
ii. Ri= F(Li) XOR Ri
iii. swap Li Ri
3. last swap
4. R=R XOR P17
L=L XOR P18
5. Concatenate L and R to get 64 bit ciphertext
The Blowfish Algorithm
Diagram of Blowfish's F function
• Blowfish's F-function.

• Splits the 32-bit input into four eight-bit quarters,


and uses the quarters as input to the S-boxes.

• Outputs are added modulo 232 and XORed to


produce the final 32-bit output.

• Blowfish is a Feistel network, it can be inverted


simply by XORing P17 and P18 to the ciphertext
block, then using the P-entries in reverse order.
The Function F
THE BLOWFISH ALGORITHM
(CONT)
 Key schedule
 Initialize the P-array and S-boxes with values derived from the
hexadecimal digits of pi, which contain no obvious pattern.
 Secret key
 XORed with the P-entries in order. A 64-bit all-zero block is then
encrypted with the algorithm as it stands.
 Resultant ciphertext
 Replaces P1 and P2.
 Encrypted again with the new subkeys
 P3 and P4 are replaced by the new ciphertext.
 Continues, replacing the entire P-array and all the S-box entries.
 Algorithm will run 521 times to generate all the subkeys -
4KB of data is processed.
CRYPTANALYSIS OF
BLOWFISH
• 64-bit block size now too short
– birthday attack.
• Seems to be secure.
– Short block size does not pose any
serious concerns for e-mail.
– May not be suitable in situations where
large plaintexts must be encrypted.
CRYPTANALYSIS OF
BLOWFISH (CONT)
• 1996, Serge Vaudenay found a known-
plaintext attack requiring 28r + 1 known
plaintexts to break.
– r is the number of rounds.
– Found a class of weak keys that can be
detected and broken by the same attack with
only 24r + 1 known plaintexts.
• This attack cannot be used against the full
16-round Blowfish
BLOWFISH IN PRACTICE

• One of the fastest block ciphers in


widespread use.
• Each new key requires pre-processing
equivalent to encrypting about 4 kilobytes
of text.
• This prevents its use in certain
applications, but is not a problem in
others.
PRODUCTS THAT USE
BLOWFISH
 Carbonite: Online back-up service.
 AEdit: A free Windows word processor
incorporating text encryption.
 Coolfish: An encrypting text editor for Windows.
 Foopchat: Encrypted chat and advanced file
sharing using a client/server architecture.
 JFile by Land-J Technologies: A database
program for the PalmOS platform.
 Freedom by Zero-Knowledge: Privacy for web
browsing, e-mail, chat, telnet, and newsgroups.

You might also like