What is Blowfish Encryption?
Blowfish is an another algorithm designed by Bruce Schneier in 1993 to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. It’s definitely one of the more flexible encryption methods available.
It is known for both its tremendous speed and overall effectiveness as many claim that it has never been defeated. Meanwhile, vendors have taken full advantage of its free availability in the public domain.
Structure of blowfish algorithm
Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits. It is a 16-round Feistel cipher and uses large key-dependent S-boxes. It is similar in structure to CAST-128, which uses fixed S-boxes.
Here is the visual representation of this encryption algorithm.
The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-array and four 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.
The diagram to the right shows Blowfish’s F-function. The function splits the 32-bit input into four eight-bit quarters, and uses the quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output.
Since Blowfish is a Feistel network, it can be inverted simply by XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order.
How it works?
This algorithm is divided into two parts.
2. Data Encryption
It will converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. These keys are generated earlier to any data encryption or decryption.
The p-array consists of 18, 32-bit subkeys:
Four 32-bit S-Boxes consists of 256 entries each:
S1,0, S1,1,………. S1,255
S2,0, S2,1,……….. S2,255
S3,0, S3,1,……….. S3,255
The subkeys are calculated using the Blowfish algorithm:
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344, etc.
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits. (For every short key, there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.
6. Replace P3 and P4 with the output of step (5).
7. Continue the process, replacing all entries of the P array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.
In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys rather than execute this derivation process multiple times.
It is having a function to iterate 16 times of network. Each round consists of key-dependent permutation and a key and data-dependent substitution. All operations are XORs and additions on 32-bit words. The only additional operations are four indexed array data lookup tables for each round.
Divide x into two 32-bit halves: xL, xR
For i = 1to 16:
xL = XL XOR Pi
xR = F(XL) XOR xR
Swap XL and xR
Swap XL and xR (Undo the last swap.)
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR
Practical Examples of Blowfish Algorithm
In this example, it doesn’t matter if someone is eavesdropping on the entire conversation. Without the private RSA keys, which never go over the airwaves, the eavesdropper can’t obtain the Blowfish keys and, therefore, can’t decrypt the messages passed between the two machines.
Here is the example,
Let’s say an embedded system wants to establish a secure data-exchange session with a laptop, perhaps over a wireless medium. At the start of the session, both the embedded system and laptop compute a private Blowfish key and public and private RSA keys. The embedded system and laptop exchange the public RSA keys and use them to encrypt and exchange their private Blowfish keys. The two machines then encrypt the remainder of their communications using Blowfish. When the communications session is over, all the keys are discarded.
Blowfish Algorithm for Password Encryption example
This configuration is compatible with BSD systems that use the Blowfish algorithm.
In this example, the identifier for the Blowfish algorithm, 2a, is specified as the value for the CRYPT_DEFAULT variable. The policy.conf entries that control password encryption would look like the following:
1. E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
2. T.W. Cusick and M.C. Wood, “The REDOC-II Cryptosystem,” Advances in Cryptology–CRYPTO ’90 Proceedings, Springer- Verlag, 1991, pp. 545-563.
3. J. Deamen, R. Govaerts, and J. Vandewalle, “Block Ciphers Based on Modular Arithmetic,” Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, Rome, Italy, 15-16 Feb 1993, pp. 80-89.
4. J.-H. Evertse, “Linear Structures in Blockciphers,” Advances in Cryptology–EUROCRPYT ’87, Springer-Verlag, 1988, pp. 249- 266.
5. H. Feistel, “Cryptography and Computer Privacy,” Scientific American, v. 228, n. 5, May 73, pp. 15-23.
Message: I hope that you have enjoyed ‘Blowfish Encryption Algorithm: [Explanation with Examples]‘ article. However, if you want me to deliver more items, then please share my post. You can use Social Sharing Widget provided at the end of every post. After all, Sharing is Caring!