Blowfish Algorithm

Dr. Renu Mary Daniel

Assistant Professor
Department of Cyber-Security
IIIT Kottayam
 Blowfish
• Symmetric-key block cipher.
• Designed in 1993 by American Cryptographer Bruce Schneier.
• Based on Feistel Network.
• Block size of plaintext and ciphertext is 64 bits.
• 16 rounds
30 years
• Key size can vary from 32 bits to 448 bits.
• Highly secure against Bruteforce attacks.
• S-Box values depend on the key.
• Simple operations in round functions: XOR, addition modulo .
• No P-Boxes.
• Efficient implementation in software.
• No effective cryptanalysis of it has been found to date for smaller files.
 Design Objectives
• In the original Feistel network, only one half of the input block is modified,
the other half just gets passed over to the next round – Potential
vulnerability.
• The key size of DES – 56 bits is a concern.
• Algorithm should not use bit-wise permutations or conditional jumps.
• Make the key size variable, without causing any change to the way the
algorithm works or without increasing the number of rounds.
• Make the S-Box values unpredictable for each encryption, by basing its
value on the key.
• This ensures that the S-box values are different for each key, which significantly
enhances security by preventing attacks that rely on the knowledge of fixed S-boxes.
 1010 (4 bits) 1011 (4 bits)

1011 P1 0001 1110

Feistel Structure
F
0101
Variant- dummy
0101 0001

0101 P2 1111
0000 16 rounds
F
1110
F = simple 1’s
complement
1110 0000

0000 1110

0000 P3 1111
P4
Ciphertext!!!
0000 0001
 0000 (4 bits) 0001
0000 P4 0000 1111
Feistel
F
1110
Structure
Variant
1110 0000

1111 P3 1110
0001 16 rounds
F
1110
F = simple 1’s
complement
1110 0001

0001 1110

1011 P2 0101
P1

1010 1011 Original Plaintext!!!

 Algorithm
• Key array:
• where each is a 32-bit value.
• This means that the key can be just (32 bits),… to anywhere upto totaling to
448 bits.
• P array:
• The P-array consists of 18 32-bit subkeys:
• , where each is a 32-bit value.
• S-Boxes:
• There are four 32-bit S-boxes with 256 entries each.
Bit 1 Bit 2 …. Bit 31 Bit 32 • 8 bit input  32 bit output
Row 1 1 0 … 1 1 • rows
Row 2 1 1 … 0 0 • If input is 0000 1001, then
9th row is selected and the
…. … … … … … corresponding 32 bits are
Row 255 1 1 … 1 0 chosen.
Row 256 0 1 … 0 1
 8-bit input

S-Boxes in Blowfish
S-Box

32-bit output

Sbox - 1 Sbox - 2 Sbox - 3 Sbox - 4

………….. ………….. ………….. …………..

• Each is a 32 bit value.

• and
 Encryption Algorithm
• Blowfish is a Feistel network consisting of 16 rounds.
• The input is a 64-bit data element, x.

• Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order.
 𝑋𝐿 𝑋𝑅
Blowfish - Feistel
Structure Variant
0

𝑃1
0

𝑋𝐿 1
𝑋𝑅 1

14 more
rounds
𝑋𝐿 𝑋𝑅
𝑃 16
15
15

𝑋𝐿 16
𝑋𝑅 16

𝑋𝐿 17 𝑋𝑋 𝑅𝑅
17

𝑃 18 𝑃 17
𝑋𝐿 18
𝑋𝑅 18
Round Function F Addition
modulo

Bitwise XOR
 Addition Modulo 32
• To ensure that the result after addition remains a 32-bit value.
• Example:
• Let's add two 4-bit binary numbers:
• A = 1101 (13 in decimal)
• B = 1011 (11 in decimal)
• Addition = 11000 (5 bits)
• Apply modulo 24:
• 11000 (binary) = 24 (decimal)
• 24 mod 16 = 8
• 8=1000 (binary-4 bits)
 Generating the Sub-Keys
• The P-array and S-boxes are initialized with a fixed string, which
consists of the hexadecimal digits of the mathematical constant π (pi),
specifically the digits of pi after the decimal point (excluding the initial
3).
• π (in hex) ≈ 3.243F6A8885A308D313198A2E03707344A4093822...
• This fixed string ensures that the P-array and S-boxes start with known
values, but they are later modified by the key to create unique
subkeys for encryption.
 P-array Initialization
• The P-array consists of 18 subkeys, each of which is a 32-bit value.
• The initial values come from the digits of pi in hexadecimal form.
• π (in hex) ≈ 3.243F6A8885A308D313198A2E03707344A4093822...
• P1 = 0x243f6a88 (8 x 4 bits= 32 bits)
• P2 = 0x85a308d3
• P3 = 0x13198a2e
• P4 = 0x03707344
• And so on… till P18
 S-Box Initialization
• The S-box values are also initialized using the hexadecimal digits of π.
• The S-boxes contain a total of 1024 entries.
• 256 32-bit entries per S-box, and there are 4 S-boxes.
• After P18, we move on to the S-boxes.
• The next chunk of hexadecimal digits in π (in hex) ≈
3.243F6A8885A308D313198A2E03707344A4093822... after the P-
array values would initialize the entries in each S-Box.
• So, 18 x 8 = 144 hex digits from Pi were used for P-array initialization.
 S-Box Initialization
• Thus, the first few entries of S1 would be initialized as say:
• S1[0] = 0xA4093822
• S1[1] = 0x299F31D0
• S1[2] = 0x082EFA98
• S1[3] = 0xEC4E6C89
• S1[4] = 0xC1002797
• ... and this process continues until all 1024 entries (256 per S-box) are
initialized.
 Sub-Key generation
• Re-calculate the values of the P-array :
• For a key array:

•…

•
•…
 Final P-array and S-Box generation
• After initializing the P-array and S-boxes with the digits of π and
XORing the P-array with the key, the algorithm needs to further mix
and modify these subkeys (P-array and S-boxes) based on the key
array to ensure a high level of security.
• To do this, Blowfish uses its Feistel structure to repeatedly encrypt a
string of all zeros (0x0000000000000000, which is 64 bits of zero)
using the current state of the P-array and S-boxes.
 Final P-array and S-Box generation
• Encrypt the all-zero string (0x0000000000000000) using the partially modified P-array and S-
boxes.
• The algorithm uses this initial P-array and S-boxes to perform the encryption.
• The encrypted output is a 64-bit (8-byte) value, which is split into two 32-bit parts.
• These two parts replace the values of P1 and P2.
• The first 32 bits of the encrypted result replace P1.
• The second 32 bits of the encrypted result replace P2.
• The encrypted output from the previous step (now stored in P1 and P2) is used as the input to
another Blowfish encryption.
• This time, the algorithm uses the newly modified P1 and P2, along with the rest of the P-array
and S-boxes.
• The result of this encryption replaces P3 and P4 in the P-array.
• Continue this process till the entire P-array and then the S-boxes are replaced.
 Final P-array and S-Box generation
• Encryption round 1 - (64 bits) for P1 and P2
•…
• Encryption round 9 – (64 bits) for P17 and P18.
• Encryption round 10 – (64 bits) for S1,0, S1,1 .
• There are 256 x 4 = 1024 32-bit entries.
• So for S-boxes we need 1024 /2 = 512 64-bit values
• Therefore a total of 512+9 = 521 encryption rounds are required to
generate the final P-array and S-boxes.
Two-Fish and AES
3 is the highest
rating.

• Twofish method: It used a 128-bit block size. While Twofish did well
for security, it possibly did too well and struggled against Rijndael