| • Science | • People | • Locations | • Timeline |
| Contents | ||
| Blowfish | |
|---|---|
| The round function (Feistel function) of Blowfish | |
| General | |
| Designer(s) | Bruce Schneier |
| First published | 1993 |
| Derived from | - |
| Cipher(s) based on this design | - |
| Algorithm detail | |
| Block size(s) | 64 bits |
| Key size(s) | 32-448 bits in steps of 8 bits; default 128 bits |
| Structure | Feistel network |
| Number of rounds | 16 |
| Best cryptanalysis | |
| Four rounds can be broken using a second-order differential attack (Rijmen, 1997); for a class of weak keys, 14 rounds of Blowfish can be distinguished from a random permutation (Vaudenay, 1996). | |
In cryptography, Blowfish is a symmetric key, secret key, block cipher designed in 1993 by Bruce Schneier and is included in a large number of cipher-suites and encryption products.
Schneier intended it as a general-purpose algorithm to replace the aging DES that had none of the problems associated with other algorithms available at the time. Blowfish is unencumbered by patents (as opposed to Khufu, REDOC II and IDEA), non-proprietary (as opposed to RC2 and RC4), and open to the public (unlike the then-secret Skipjack cipher).
Blowfish has a 64-bit block sizeIn modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size . Both the input ( plaintext) and output ( c and a key length of anywhere from 32 bits to 448 bits. It is a 16-round Feistel cipherIn cryptography, a Feistel cipher is a block cipher with a particular structure, named after IBM cryptographer Horst Feistel; it is also commonly known as a Feistel network . A large proportion of block ciphers use the scheme, including the Data Encryptio and uses large key-dependent S-boxesIn cryptography, a substitution box (or S-box is a basic component of symmetric key algorithms. In block ciphers, they are typically used to obscure the relationship between the plaintext and the ciphertext — Shannon's property of confusion. In many cases. It is similar in structure to CAST-128Three rounds of the CAST-128 block cipher. In cryptography, CAST-128 (alternatively CAST5 is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Canadian government use, which uses fixed S-boxes.
The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-array and four 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.
The diagram to the right shows Blowfish's F-function. The function splits the 32-bit input into four eight-bit quarters, and uses the quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output.
Since Blowfish is a Feistel network, it can be inverted simply by XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order.
Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern. The secret key is then XORed with the P-entries in order (cycling the key if necessary). A 64-bit all-zero block is then encrypted with the algorithm as it stands. The resultant ciphertext replaces P1 and P2. The ciphertext is then encrypted again with the new subkeys, and P3 and P4 are replaced by the new ciphertext. This continues, replacing the entire P-array and all the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys - about 4KB of data is processed.