International Conference on Communication and Signal Processing, July 28 - 30, 2020, India
VLSI Implementation of Blowfish Algorithm
for Secure Image Data Transmission
Parvathy P and Remya Ajai A S

Abstract—Nowadays, almost every person in the world uses the
Internet to communicate to each other. For various applications,
different types of images are transmitted over the Internet. Such
photos normally contain either private or confidential data.
Ensuring the confidentiality, honesty, authentication and non-
repudiation of images during transmission is therefore a
prerequisite for image transmission. Blowfish is an open source
algorithm thus making it available for anyone to use this
algorithm for their desired purpose. Because of the fewer number
of rounds and the operations used in the rounds being less
complex, blowfish is considered relatively a fast block cipher after
the key schedule has been completed. In this project,
implementation of blowfish algorithm is done in MATLAB
version 2019a. Verilog implementation is also done.
Index Terms—Blowfish algorithm, Cryptography, MATLAB,
Verilog HDL
I. INTRODUCTION
C RYPTOGRAPHY is the study of techniques that ensures
security of data for different kinds of applications.
Cryptographic techniques prevent the third parties from
accessing any data that is meant to be private. Modern day
cryptographic techniques have two parts of implementation
named encryption and decryption. The encryption refers to the
application of certain mathematical functions on to the input
data which is to be secured and transform it into a new data
which is in no way like the input data at first sight; it is called
cyphertext [1-5]. After encrypting, this cypher text is given to
the decrypting function, which does similar steps done in
encryption to finally get the input data. For this purpose, there
will be user defined keys [6]. The key used for the encryption
and key used for decryption can be either same or different
based on what kind of encryption technology is used. Based
upon user defined keys used in the algorithms, the encryption
techniques can be classified into two. One method is the
symmetric key algorithm, which uses the same key for
encryption and decryption processes; while on the other hand,
in the case of asymmetric key algorithm, it uses different keys
at both ends [7-8].
Parvathy P is with Department of Electronics and Communication
Engineering, Amrita Vishwa Vidyapeetham, Amritapuri, India. (E-mail:
[email protected]
).
Remya Ajai A S is with Department of Electronics and Communication
Engineering, Amrita Vishwa Vidyapeetham, Amritapuri, India. (E-mail:
[email protected]
).
978-1-7281-4988-2/20/$31.00 ©2020 IEEE 0770
Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on October 30,2022 at 14:15:37 UTC from IEEE Xplore. Restrictions apply.
Blowfish belongs in the category of symmetric block-cipher
algorithms; and can be used in place of conventional
algorithms like DES or IDEA. The key used in the blowfish
algorithm can have a varying key-length with the minimum
limit of 32 bits to maximum limit of 448 bits. Blowfish was
developed in 1993 with the aid of Bruce Schneier Blowfish is
in public domain and license-free [9-13].
The main functions performed in the blowfish algorithm that
keeps on repeating on each round consists of the following:
1) Using the pre-initialized S-boxes and the appropriate
combination of the results from each of the S-boxes.
2) XOR operation performed on the right half of the input
which is 32-bit and the output of the function box, which is
also 32-bit.
3) Swapping of left and right sides of the output after
completing each round.
4) The left side of the input which is the output from the
previous round is xor-ed with the p-array element for the given
round.
The function of S-boxes is to perform an 8-bit to 32-bit
mapping. The S-boxes are pre-initialised with the hexadecimal
form of number pi.The input to the S-Box will be the result of
xor function performed between the input plain text and
corresponding p-array element of the round and the result will
be 32 bit which is split into four 8-bit numbers which are fed
to each of the s-boxes. the s-box will then give the output
which is the value stored at the position pointed to by its input.
For example, if the input to tone of the s-box have value of
00000001, the output from that s-box will be the element at the
position 00000001. Then after data has been fed to each of the
s-boxes; the outputs from each are combined through a
combination of addition and exclusive-or [14-15]. The
operation performed consists of simple xor operation and
modulo-2 addition. Outputs from the first two S-boxes are
added together using modulo 2 addition. The result is xor-ed to
the output of the s-box3 and the result of that is modulo 2
added with the output of the s-box4.
The rest of the paper is organized as follows. Section II
describes the related work of the research and system
architecture respectively. Section III explains about the
methodology. Section IV discuss about the simulation results.
At last Section V concludes the conclusion.
 II. RELATED WORKS
The authors of paper [1] suggests an efficient method for
ensuring security of the data in cloud servers. This paper gives
an analysis of the various existing cryptographic techniques
and the probabilities of attack that these techniques are not
immune to. According to the authors, symmetric key
cryptographic techniques are way more efficient than the
asymmetric key cryptography. From various symmetric key
cryptographic methodologies, the authors chose four most
popular algorithms and compared the performances of these
algorithms with that of the proposed blowfish algorithm. From
their study, they came across the conclusion that the DES
algorithm, which is considered to be the most primitive is
more prone to attacks because of the small key-length. It is
also found that the DES implementation is faster in hardware
but slower when done in the software as shown in Fig. 1. The
authors of paper [2] were primarily aiming to address a
solution to ensure the security of the data over the web. Here
also the authors came up with the idea of implementing
blowfish algorithm for the same purpose. Here in addition to
the already existing key used for the encryption and
decryption; they make use of an additional supplementary key
to ensure more security to the system. This key from the
encryptor side is send across the web to the decryptor via
email. Here they have implemented the algorithm using Java
language. The model was designed to process any type of
images (i.e .jpg, .gmp, .png, etc).
The authors of paper [3] brings up an idea of improvising
the blowfish algorithm in-order to let it be capable of
transmitting not only the plain-text but also the file contents.
The improvement helped to boost the efficiency of the
algorithm as a result of reduction in the number of rounds and
also by, in selected rounds, increasing the length of the block
of data with fixed length during both encryption and
decryption. The aim mentioned in paper [4] was to develop a
hardware implementation of the blowfish algorithm for the
secured transfer of data over Internet of Things. Based on the
comparison performed between multiple cryptographic
algorithms, they have finalized with the blowfish algorithm
which was visibly better in performance and security than any
of the other algorithms.
The main issue discussed in the paper [5] is the safety of
wireless transmissions. One of the potential solutions to this
security problem is the Blowfish cryptographic algorithm. The
Blowfish algorithm was developed and implemented using the
Xilinx ISE 14.5 development suite on the Virtex5 FPGA. In
paper [6], it is said that the said algorithms that are said to be
used to secure data in wireless networks against dangerous
attacks can also be used to secure data consuming resources
like encryption time, battery power, memory, C.P.U time etc.
The main concern in paper [7] was to provide protection for
software-level data transfers as well as for the hardware-level
data through modified Blowfish Encryption and Decryption
algorithms. Compared to ordinary Blowfish and Triple-DES
algorithms, it gives minimal delay, higher speed, high
0771
Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on October 30,2022 at 14:15:37 UTC from IEEE Xplore. Restrictions apply.
throughput] and selectivity in memory usage. The purpose of
paper [8] was to develop the most secure improved version of
blowfish algorithm (IMBFA); by introducing cell substitution
function using “Wave Dynamic Differential Logic” (WDDL)
in order to prevent the hacker from estimating or predicting the
key. In paper [9], the efficiency of the blowfish and modified
blowfish algorithm were evaluated using time, and avalanche.
After inspection, the modified blowfish algorithm is found to
be slower with time taken for key generation, encryption, and
decryption processes turned out to be an average of “26.99ms,
1651.83ms, and 2765.04ms”; while that for ordinary blowfish
algorithm, it was found to be “21.65ms, 1297.76ms, and
2176.59ms”.
The difference was because of the difference in block size.
The implementation of 128-bit block size improves protection
by reducing the chances of duplication of blocks that have
chances of leaking information. The paper [10] presents the
findings of a thorough analysis to re-search some of the most
widely used cryptographic encryption algorithms firstly to
recognize as many of their weaknesses and vulnerabilities as
possible, and secondly to identify the aspects of those
weaknesses that can be avoided by proper implementation. In
paper [11] authors cited that for most modern steganography
methods, information-hiding processes change almost all
components of the covers. Hiding of data all over the image
can cause the visual quality of image to be reduced and can
also lead to an increase in the chances for the loss of data
because of possible cyber-attacks. The authors propose a new
steganography method that is region-based [CR-BIS]; which
conceals data in the robust regions of the image.
In the project developed by authors of paper [12]; the
receiver and the sender, both uses two large, prime numbers
that are identical, and use parametric equations to swap the
values. Generated secret key using ASCII key matrix is used
for encryption and decryption. Playfair rules are applied to
encryption and decryption. It is a substitution cipher for
digraphs. Playfair draws on sets of letters for decryption and
encryption. In paper [13], the authors present a solution to
overcome the problems of physically unprotected devices from
which the hackers can get into the memory while the data
encryption is still being carried out. They demonstrated the
need of a white-box based cryptography. In paper [14], the
authors introduced a reconfigurable, high performance
hardware implementation for speech scrambling and
descrambling device which can be used in high-safety required
environments like in military. The scrambling algorithm was
developed based on the conventional DES algorithm with the
programming of a novel skew key. The listener will not be
able to understand the scrambled speech signal, but the audio
after recovery was found to be very clear.
II. SYSTEM ARCHITECTURE
In blowfish algorithm there are two major parts that serves
as the key elements of the method which are described and
shown in Fig. 2 as the following:.
 Fig. 1. Block diagram.
1. Key expansion
2. Data encryption
In blowfish algorithm, the concept that stands out to make it
more secured than any other algorithms is the usage of variable
length keys. Blowfish algorithm can utilize the keys of size
varying from 32 buts to 448 bits. These keys are store in arrays
K1, K2, . . ., Kn; where each K will be having an input of 32
bits. Blowfish algorithm utilizes the p-array which is of 18 in
numbers and each component stores values with 32 bits each.
Each of the p-array elements were pre-initialized with the
hexadecimal form of the number pi, omitting the 3 before the
decimal point. These p-array elements are then XOR-ed with
the key array one by one and the values are store inside the p- Fig. 2. Blowfish algorithm (Encryption).
array itself. This will used inside the algorithm. Apart from p-
array blowfish also utilizes the four s-boxes which has 256
entries each. Each entry will be pre- initialized with the
hexadecimal values of pi.
A. Steps in blowfish encryption algorithm
1. Generation of subkeys:
The p-array consists of 18 members each of 32 bits. Each of
the p-array elements are pre-initialized with the 32-bit
hexadecimal form of the number pi. The number is taken in a
manner in which the first 32 bits number right after the
decimal point is stored in the P[1]. The following 32 bits are
stored in P[2]. Like this up to P[18] numbers are stored. After
pre-initializing the p-array, the next step is to modify this array
elements according to the user input key. The first element of
p-array is xor-ed with the key’s first 32 bits. Then, the next 32
bits is xor -ed with the second p-array element. The step is
continued till all the p-array elements are replaced.
Fig. 3. Function box.
2. Initialise Substitution Boxes: a. Rounds: The encryption consists of sixteen rounds. Input to
Initialization of the s-box is like that of p-array members. each round will be the plaintext and the p-array element
There are four s-boxes used in the algorithm. Each s-box corresponding to that round.
composed of 256 elements, each of 32 bits in size. All these b. Post processing: The function consists as shown in Fig. 3
elements are recorded with the hexadecimal form of pi. of the usage of the four s-boxes with 256 entries each. The
input to the function box will be the output of the XOR
3. Encryption: operation of p-array and left half of the data. So, the input to
The main parts of the encryption process using blowfish function box will be 32 bits of data. These 32 bits is divided
algorithm are the following: into four 8 bits and is accordingly given to the four s-boxes.

0772

Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on October 30,2022 at 14:15:37 UTC from IEEE Xplore. Restrictions apply.
And the s-boxes uses these values as a look-up value to give
output corresponding to the values fed into it. Then the output
of the first two s-boxes of the function box are XOR-ed.
Further, this result and the output from s-box3 is then
performed modulo-2 addition. Then this will be further XOR-
ed with the output from the s-box4.

III. METHODOLOGY
The primary aim was to implement the blowfish algorithm
mathematically to get the desired results by giving a plain text
and image as inputs. After properly designing the blowfish
algorithm using MATLAB and verifying the results; the next
step was to implement it using Verilog and to verify the
outputs. For that first the Verilog implementation of blowfish
algorithm is done. The blowfish algorithm is implemented by
giving a plain-text as input give directly from the testbench.
After making the algorithm to work accordingly, the next step
was to give input as image. For this at first the required input
image is fed to the MATLAB and converted the image pixels Fig. 6. Input image to MATLAB.
into matrices. This data is made to be stored inside a file. Then
the file is opened in Verilog and algorithm is performed with
this data as input. Since blowfish works only for 64 buts data.
The algorithm was performed by dividing the data to 64 bits
blocks. After the encryption, the data is stored in another file
to which is opened and converted to image in MATLAB.
Similar process is done for the decrypted output also.

IV. SIMULATION RESULTS

At first the MATLAB implementation was done for the
algorithm. By giving a plain text as input and giving an image
as input as shown in Fig. 4.

Fig. 7. Encrypted Image.

Fig. 4. Encryption of plain text using MATLAB.
Fig. 5. Decryption of plain text using MATLAB.
Here while implementing, an additional key is given at the
input side. To decrypt the data, the user must give the same
key as given to encrypt the data as shown in Fig. 5, Fig. 6 and
Fig. 7. Otherwise the output will not be as expected.
The result was as expected, and the decrypted image turned
out to be exactly like the input image given to the MATLAB
and the decrypted image as shown in Fig. 8
A. Verilog implementation of the algorithm and results
The input image is given to MATLAB. And binarized
matrix of the image is then fed to the Verilog. After getting the
data from the MATLAB, this data is stored and given as input
to the Verilog simulator. This data is then processed by
splitting into multiple 64 bits blocks and carrying out the
encryption process each for each of the block. The output from
the Verilog, the encrypted data will be given to the MATLAB
further to get the encrypted image.

0773

Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on October 30,2022 at 14:15:37 UTC from IEEE Xplore. Restrictions apply.
 Fig. 12. Decrypted Image.

Fig. 8. Decrypted Image.
Fig. 9. Input image to MATLAB.
Fig. 10. Verilog Simulation result.
Fig. 11. Encrypted image.
Decrypted output from Verilog is again fed back to
MATLAB to get the image output shown Fig. 9, Fig. 10, Fig.
11 and Fig. 12
V. CONCLUSION
Blowfish algorithm is a symmetric key algorithm which has
16 rounds feistal structure. The main parts of a blowfish
algorithm are key expansion and data encryption. The
algorithm has an array of user defined keys which can be of
size varying from the minimum required as 32 bits to the
maximum limit of 448 bits. The input to the blowfish
algorithm will be a plain text of size 64-bit and output will be
64-bit cypher text; which is nothing but the encrypted data.
Here in this project, at first the blowfish algorithm is
implemented using MATLAB by giving a string and image as
two separate inputs. Then the same is performed using Verilog
HDL; and the results in both cases are verified.
REFERENCES
[1] D. R. S. P. R. Vasantha, “An advanced security analysis by using
blowfish algorithm," (IJSRCSEIT) 2017.
[2] K. K. M. Mekala, “Enhanced blowfish algorithm for image encryption
and decryption with supplementary key," July 2016.
[3] B. D. G. Godfrey L Dulla and R. P. Medina, “A unique message
encryption technique based on enhanced blowfish algorithm," 2019.
[4] N. M. Manju Suresh, \Hardware implementation of blowfish algorithm
for the secure data transmission in internet of things."
[5] B. P. M. C. Swagata Roy Chatterjee, Soham Majumder, “Fpga
implementation of pipelined blowfish algorithm," 2014.
[6] C. M. K. S. Gurjeevan Singh, et al, “Superiority of blowfish algorithm in
wireless networks," vol. Volume 44{No11, April 2012.
[7] P. B. V. Kumara Swamy, \Predominance of blowfish algorithm over
TDES for secure integrated circuits," vol. Vol.9, No.6, November 2017.
[8] P. B. Kumara swamy Varukthi, “Vlsi design ow for secure integrated
circuits based on des, TDES, AES and blowfish algorithms and their
performance," 2018.
[9] M.Rajalakshmi, H.S.RajyaSree, V.Nagarajan 2014, “VLSI
Implementation of RC4 Stream Cipher Using Hardware Pipelining” Int
J of Electronic Com Engg Advanced Research, 2(1), pp. 66-71
[10] R. P. M. Theda Flare et al Modified blowfish algorithm," Oct 2018.
[11] P. B. V. Kumara Swamy, “Predominance of blowfish over triple data
encryption standard symmetric key algorithm for secure integrated
circuits using verilog hdl," November 2017.
[12] R. K. K. Ramesh Yigereddy, “A survey on conventional encryption
algorithms of cryptography."
[13] K. B. J. Santhosh et al, “Symmetric key based encryption and
decryption using lissajous curve equations”, Int Jou of Elec and Comp
Eng , vol. 7, pp. 285-288, 2017.
[14] Saha and Srinivasan, C., “White-Box cryptography-based data
encryption-decryption scheme for IoT environment”, in 2019 5th Inter.
Conf. on Adv. Comp. and Com. Sys, ICACCS 2019, 2019, pp. 637-641.
[15] Ea John, Remya Ajai A S, and Poornachandran Pb, “Effective
implementation of des algorithm for voice scrambling”, Com. in Comp
and Info Sci, vol. 335 CCIS, pp. 75-84, 2012

0774

Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on October 30,2022 at 14:15:37 UTC from IEEE Xplore. Restrictions apply.