Difference between revisions of "Cryptographic algorithm Blowfish"

From CryptoWiki
Jump to: navigation, search
(Method of calculating the subkeys)
 
(2 intermediate revisions by one user not shown)
Line 17: Line 17:
  
 
[[File:blow2.png]]
 
[[File:blow2.png]]
 
  
 
== Method of calculating the subkeys ==
 
== Method of calculating the subkeys ==
 
The exact method used to calculate these subkeys will be described later in this section.
 
  
 
Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.
 
Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.
 +
 +
Figure 1. Blowfish.
 +
 +
[[File:blow10.png]]
 +
 +
To encrypt:
 +
Divide x into two 32-bit halves: [[File:blow4.png]],  [[File:blow5.png]].
 +
 +
For i = 1 to 16:
 +
 +
[[File:blow6.png]]
 +
 +
Swap [[File:blow4.png]] and [[File:blow5.png]](Undo the last swap.)
 +
 +
[[File:blow7.png]]
 +
 +
Recombine [[File:blow4.png]] and [[File:blow5.png]]
 +
 +
Function F is as follows (see Figure 2):
 +
 +
Figure 2. Function F.
 +
 +
[[File:blow11.png]]
 +
 +
Divide [[File:blow4.png]] into four eight-bit quarters: a, b, c and d
 +
 +
[[File:blow9.png]]
 +
 +
Decryption is exactly the same as encryption, except that P1, P2, … , P18 are used in the reverse order.
 +
 +
The subkeys are calculated using the Blowfish algorithm. The exact method follows.
 +
 +
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of p.
 +
 +
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (up to P18). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.
 +
 +
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps 1 and 2.
 +
 +
4. Replace P1 and P2 with the output of step 3.
 +
5. Encrypt the output of step 3 using the Blowfish algorithm with the modified subkeys.
 +
6. Replace P3 and P4 with the output of step 5.
 +
 +
7. Continue the process, replacing all elements of the P-array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.
 +
 +
In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys - there’s no need to execute this derivation process multiple times.
 +
 +
 +
Blowfish has established itself as a reliable algorithm implemented in many programs that do not require frequent changes of key and requires a high speed encryption / decryption.
  
 
== Bibliography ==  
 
== Bibliography ==  
  
 
* Bruce Schneier. Applied Cryptography. Protocols, Algorithms and Source Code in C.
 
* Bruce Schneier. Applied Cryptography. Protocols, Algorithms and Source Code in C.

Latest revision as of 16:18, 6 December 2013

Blowfish – a cryptographic algorithm developed in 1993 by Bruce Schneier.

Description of Blowfish

Blowfish is a 64-bit block cipher with a variable-length key. The algorithm consists of two parts: key expansion and data encryption.

Key expansion converts a key of up to 448 bits into several subkey arrays totaling 4168 bytes.

Data encryption consists of a simple function iterated 16 times. Each round consists of a keydependent permutation, and a key- and data-dependent substitution. All operations are additions and XORs on 32-bit words. The only additional operations are four indexed array data lookups per round.

Blowfish uses a large number of subkeys. These keys must be precomputed before any data encryption or decryption.

The P-array consists of 18 32-bit subkeys: P1, P2, … , P18.

Four 32-bit S-boxes have 256 entries each:

Blow1.png

Blow2.png

Method of calculating the subkeys

Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.

Figure 1. Blowfish.

Blow10.png

To encrypt: Divide x into two 32-bit halves: Blow4.png, Blow5.png.

For i = 1 to 16:

Blow6.png

Swap Blow4.png and Blow5.png(Undo the last swap.)

Blow7.png

Recombine Blow4.png and Blow5.png

Function F is as follows (see Figure 2):

Figure 2. Function F.

Blow11.png

Divide Blow4.png into four eight-bit quarters: a, b, c and d

Blow9.png

Decryption is exactly the same as encryption, except that P1, P2, … , P18 are used in the reverse order.

The subkeys are calculated using the Blowfish algorithm. The exact method follows.

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of p.

2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (up to P18). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.

3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps 1 and 2.

4. Replace P1 and P2 with the output of step 3. 5. Encrypt the output of step 3 using the Blowfish algorithm with the modified subkeys. 6. Replace P3 and P4 with the output of step 5.

7. Continue the process, replacing all elements of the P-array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.

In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys - there’s no need to execute this derivation process multiple times.


Blowfish has established itself as a reliable algorithm implemented in many programs that do not require frequent changes of key and requires a high speed encryption / decryption.

Bibliography

  • Bruce Schneier. Applied Cryptography. Protocols, Algorithms and Source Code in C.