Blowfish Encryption

Blowfish

"Paranoia is very useful in this work. ...If your cryptographic system can survive the paranoia model, it has at least a fighting chance of surviving in the real world." - Niels Ferguson & Bruce Schneier.

Blowfish Encryption

Blowfish takes 64 bit plaintext blocks as input and creates as output 64 bit ciphertext. The key size for Blowfish can range from 32 bits all the way up to 448 bits which implies flexibility in its security strength. The input block is split in half L0 and R0 each consisting of 32 bits. Blowfish can essentially be described by the following algorithm:

j = 1
loop from j to 16
	Rj = Lj-1 XoR Pj
 	Lj = F(Rj) XoR Rj-1
end loop
L17 = R16 XoR P18
R17 = L16 XoR P17

Where P is the sub-keys and F is the complex function. L17 and R17 contain the ciphertext. Notice that there are 16 iterations hence 16 rounds of XoR'ing and operations of F. The following is a diagram of a Blowfish round:

Figure 1.

The complex function F is shown below:

Figure 2.

Blowfish Decryption

Decryption for Blowfish is relatively straight forward. Ironically, decryption works in the same algorithmic direction as encryption beginning with the ciphertext as input. However, as expected, the sub-keys are used in reverse order. So the decryption Blowfish algorithm is as follows:

j = 1
loop from j to 16 
	Rj = Lj-1 XoR P19-j 
	Lj = F(Rj)XoR Rj-1  
end loop 
L17 = R16 XoR P1 
R17 = L16 XoR P2

Sub-Keys, SBoxes and P-Array

Generating the sub-keys and the SBoxes can be described in 3 steps below. Considering that the key can be 32 to 448 bits there can exist 1 to 14 32 bit words. This key is then used to make 4 SBoxes and 18 32 bit sub-keys. The SBoxes have an 8 x 32 structure which totals 256 32 bit elements. The P-Array stores the sub-keys.

Step 1: The P-Array becomes initialized in an orderly fashion by using bits from the constant pi. For instance, P1 is assigned the leftmost 32 bits of pi and so forth. Next the 4 SBoxes becomes initialized.

Step 2: An XoR is conducted with the array elements of the key and the sub-keys P-Array elements and then reassigned into the P-Array elements. For instance, Pi = Pi XoR Kj...

Step 3: There should now be a 64 bit block (of all zeros for the first case). Take this block and encrypt it using the Blowfish process. Pi and Pi+1 will then be replaced with this result and then increment i. Continue this step until all P-Array elements have been replaced and then in order all 4 SBoxes have been replaced likewise.

Benefits of Blowfish

Blowfish has been known to be very fast and compact only requiring 5K of RAM. Variability exists in key length and Blowfish is relatively simple to implement. Blowfish provides a litter stronger cryptographic process by performing operations on both halves of its input word per round which is different than the classical Feistal process. Finally, Blowfish provides a very strong avalanche affect in that every left-side input bit affects every right-side input bit per round.

Links

http://www.counterpane.com/blowfish.html
http://www.counterpane.com/bfsverlag.html
http://www.counterpane.com/bfdobsoyl.html