# Difference between revisions of "Cryptographic algorithm Blowfish"

Blowfish – a cryptographic algorithm developed in 1993 by Bruce Schneier.

## Description of Blowfish

Blowfish is a 64-bit block cipher with a variable-length key. The algorithm consists of two parts: key expansion and data encryption.

Key expansion converts a key of up to 448 bits into several subkey arrays totaling 4168 bytes.

Data encryption consists of a simple function iterated 16 times. Each round consists of a keydependent permutation, and a key- and data-dependent substitution. All operations are additions and XORs on 32-bit words. The only additional operations are four indexed array data lookups per round.

Blowfish uses a large number of subkeys. These keys must be precomputed before any data encryption or decryption.

The P-array consists of 18 32-bit subkeys: P1, P2, … , P18.

Four 32-bit S-boxes have 256 entries each:

## Method of calculating the subkeys

Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.

Figure 1. Blowfish.

To encrypt: Divide x into two 32-bit halves: , .

For i = 1 to 16:

Swap and (Undo the last swap.)

Recombine and

Function F is as follows (see Figure 2):

Figure 2. Function F.

Divide into four eight-bit quarters: a, b, c and d

Decryption is exactly the same as encryption, except that P1, P2, … , P18 are used in the reverse order.

The subkeys are calculated using the Blowfish algorithm. The exact method follows.

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of p.

2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (up to P18). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.

3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps 1 and 2.

4. Replace P1 and P2 with the output of step 3. 5. Encrypt the output of step 3 using the Blowfish algorithm with the modified subkeys. 6. Replace P3 and P4 with the output of step 5.

7. Continue the process, replacing all elements of the P-array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.

In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys - there’s no need to execute this derivation process multiple times.

Blowfish has established itself as a reliable algorithm implemented in many programs that do not require frequent changes of key and requires a high speed encryption / decryption.

## Bibliography

• Bruce Schneier. Applied Cryptography. Protocols, Algorithms and Source Code in C.