Difference between revisions of "Cryptographic algorithm Blowfish"

From CryptoWiki
Jump to: navigation, search
(Method of calculating the subkeys)
(Method of calculating the subkeys)
 
Line 52: Line 52:
  
 
The subkeys are calculated using the Blowfish algorithm. The exact method follows.
 
The subkeys are calculated using the Blowfish algorithm. The exact method follows.
 +
 
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of p.
 
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of p.
 +
 
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (up to P18). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.
 
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (up to P18). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).
+
 
4. Replace P1 and P2 with the output of step (3).
+
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps 1 and 2.
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.
+
 
6. Replace P3 and P4 with the output of step (5).
+
4. Replace P1 and P2 with the output of step 3.
 +
5. Encrypt the output of step 3 using the Blowfish algorithm with the modified subkeys.
 +
6. Replace P3 and P4 with the output of step 5.
 +
 
 
7. Continue the process, replacing all elements of the P-array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.
 
7. Continue the process, replacing all elements of the P-array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.
  
 
In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys - there’s no need to execute this derivation process multiple times.
 
In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys - there’s no need to execute this derivation process multiple times.
 +
  
 
Blowfish has established itself as a reliable algorithm implemented in many programs that do not require frequent changes of key and requires a high speed encryption / decryption.
 
Blowfish has established itself as a reliable algorithm implemented in many programs that do not require frequent changes of key and requires a high speed encryption / decryption.

Latest revision as of 16:18, 6 December 2013

Blowfish – a cryptographic algorithm developed in 1993 by Bruce Schneier.

Description of Blowfish

Blowfish is a 64-bit block cipher with a variable-length key. The algorithm consists of two parts: key expansion and data encryption.

Key expansion converts a key of up to 448 bits into several subkey arrays totaling 4168 bytes.

Data encryption consists of a simple function iterated 16 times. Each round consists of a keydependent permutation, and a key- and data-dependent substitution. All operations are additions and XORs on 32-bit words. The only additional operations are four indexed array data lookups per round.

Blowfish uses a large number of subkeys. These keys must be precomputed before any data encryption or decryption.

The P-array consists of 18 32-bit subkeys: P1, P2, … , P18.

Four 32-bit S-boxes have 256 entries each:

Blow1.png

Blow2.png

Method of calculating the subkeys

Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.

Figure 1. Blowfish.

Blow10.png

To encrypt: Divide x into two 32-bit halves: Blow4.png, Blow5.png.

For i = 1 to 16:

Blow6.png

Swap Blow4.png and Blow5.png(Undo the last swap.)

Blow7.png

Recombine Blow4.png and Blow5.png

Function F is as follows (see Figure 2):

Figure 2. Function F.

Blow11.png

Divide Blow4.png into four eight-bit quarters: a, b, c and d

Blow9.png

Decryption is exactly the same as encryption, except that P1, P2, … , P18 are used in the reverse order.

The subkeys are calculated using the Blowfish algorithm. The exact method follows.

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of p.

2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (up to P18). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.

3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps 1 and 2.

4. Replace P1 and P2 with the output of step 3. 5. Encrypt the output of step 3 using the Blowfish algorithm with the modified subkeys. 6. Replace P3 and P4 with the output of step 5.

7. Continue the process, replacing all elements of the P-array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.

In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys - there’s no need to execute this derivation process multiple times.


Blowfish has established itself as a reliable algorithm implemented in many programs that do not require frequent changes of key and requires a high speed encryption / decryption.

Bibliography

  • Bruce Schneier. Applied Cryptography. Protocols, Algorithms and Source Code in C.