Blowfish Algorithm with Examples

Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative

to DES Encryption Technique. It is significantly faster than DES and provides a good
encryption rate with no effective cryptanalysis technique found to date. It is one of the first,
secure block cyphers not subject to any patents and hence freely available for anyone to
use.

1. blockSize: 64-bits
2. keySize: 32-bits to 448-bits variable size
3. number of subkeys: 18 [P-array]
4. number of rounds: 16
5. number of subsitution boxes: 4 [each having 512 entries of 32-bits each]

Blowfish Encryption Algorithm

The entire encryption process can be elaborated as:
Lets see each steps one by one:

Step1: Generation of subkeys:

 18 subkeys{P[0]…P[17]} are needed in both encryption aswell as decryption process
and the same subkeys are used for both the processes.
 These 18 subkeys are stored in a P-array with each array element being a 32-bit
entry.
 It is initialised with the digits of pi(?).
 The hexadecimal representation of each of the subkeys is given by:
 P[0] = "243f6a88"
 P[1] = "85a308d3"
 .
 .


 P[17] = "8979fb1b"
Now each of the subkey is changed with respect to the input key as:
 P[0] = P[0] xor 1st 32-bits of input key

 P[1] = P[1] xor 2nd 32-bits of input key

 .

 .

 .

 P[i] = P[i] xor (i+1)th 32-bits of input key

 (roll over to 1st 32-bits depending on the key length)

 .

 .

 .

 P[17] = P[17] xor 18th 32-bits of input key

 (roll over to 1st 32-bits depending on key length)

The resultant P-array holds 18 subkeys that is used during the entire encryption
process

Step2: initialise Substitution Boxes:

 4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption aswell as
decryption process with each S-box having 256 entries{S[i][0]…S[i][255], 0&lei&le4}
where each entry is 32-bit.
 It is initialised with the digits of pi(?) after initialising the P-array. You may find the s-
boxes in here!
Step3: Encryption:
 The encryption function consists of two parts:
 a. Rounds: The encryption consists of 16 rounds with each round(Ri) taking inputs
the plainText(P.T.) from previous round and corresponding subkey(Pi). The
description of each round is as follows:

The description of the function” F ” is as follows:

 a. Here the function “add” is addition modulo 2^32.

b. Post-processing: The output after the 16 rounds is processed as follows:

Example: Output:
subkey 1: 8e846390
subkey 2: a295c40e
subkey 3: b9a28336
subkey 4: 2446bf99
subkey 5: 0eb2313a
subkey 6: 0ea9fd0d
subkey 7: a295f380
subkey 8: cb78a054
subkey 9: ef9328fe
subkey 10: 1fe6dfaa
subkey 11: 14ef6fd7
subkey 12: 13dfc0b1
subkey 13: 6a1720af
subkey 14: ee4a9c00
subkey 15: 953fdcad
subkey 16: 9271c5ca
subkey 17: 38addcc1
subkey 18: ae4f37c6
-----Encryption-----
round 0: 77b3ba639cb0353b
round 1: 0cc7d63fd5267e6d
round 2: c799728ab5655509
round 3: 69612395e3dfcd13
round 4: f3f5b74b67d312af
round 5: 52023d4efd5c4a46
round 6: 5b785180f097cece
round 7: cc946d119000f1d4
round 8: 6af47a4b230745ef
round 9: 9fb82cc57512a5e1
round 10: 1106c1ab8b574312
round 11: 7d7a616502d9011a
round 12: 81e9ce71176d41ca
round 13: 9727e50a6fa35271
round 14: eb761e34021839a7
round 15: 0599d9367907dbfe
Cipher Text: d748ec383d3405f7
Decryption
The decryption process is similar to that of encryption and the sub-keys are used in reverse
{P[17]–P[0]}. The entire decryption process can be elaborated as:

Let’s see each step one by one:

Step1: Generation of subkeys:
 18 subkeys{P[0]…P[17]} are needed in decryption process.
 These 18 subkeys are stored in a P-array with each array element being a 32-bit
entry.
 It is initialised with the digits of pi(?).
 The hexadecimal representation of each of the subkeys is given by:
 P[0] = "243f6a88"

 P[1] = "85a308d3"
  .

 .

 .

 P[17] = "8979fb1b"

Note: See encryption for the initial values of P-array.

 Now each of the subkeys is changed with respect to the input key as:
 P[0] = P[0] xor 1st 32-bits of input key
 P[1] = P[1] xor 2nd 32-bits of input key
 .
 .
 .
 P[i] = P[i] xor (i+1)th 32-bits of input key
 (roll over to 1st 32-bits depending on the key length)
 .
 .
 .
 P[17] = P[17] xor 18th 32-bits of input key
 (roll over to 1st 32-bits depending on key length)
The resultant P-array holds 18 subkeys that is used during the entire encryption
process

Step2: initialise Substitution Boxes:

 4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption aswell as
decryption process with each S-box having 256 entries{S[i][0]…S[i][255], 0&lei&le4}
where each entry is 32-bit.
 It is initialised with the digits of pi(?) after initialising the P-array. You may find the s-
boxes in here !
Step3: Decryption:
 The Decryption function also consists of two parts:
 a. Rounds: The decryption also consists of 16 rounds with each round(Ri)(as
explained above) taking inputs the cipherText(C.T.) from previous round and
corresponding subkey(P[17-i])(i.e for decryption the subkeys are used in
reverse).
Post-processing: The output after the 16 rounds is processed as follows:

Output:
subkey 1: 8e846390
subkey 2: a295c40e
subkey 3: b9a28336
subkey 4: 2446bf99
subkey 5: 0eb2313a
subkey 6: 0ea9fd0d
subkey 7: a295f380
subkey 8: cb78a054
subkey 9: ef9328fe
subkey 10: 1fe6dfaa
subkey 11: 14ef6fd7
subkey 12: 13dfc0b1
subkey 13: 6a1720af
subkey 14: ee4a9c00
subkey 15: 953fdcad
subkey 16: 9271c5ca
subkey 17: 38addcc1
subkey 18: ae4f37c6
-----Decryption-----
round 17: 3ab5e5667907dbfe
round 16: fdd297bb021839a7
round 15: 82529d676fa35271
round 14: ec939d1a176d41ca
round 13: e14063bd02d9011a
round 12: 66cd65508b574312
round 11: 37e82a387512a5e1
round 10: 8fe62e7e230745ef
round 9: 1f04e6309000f1d4
round 8: 3624ea12f097cece
round 7: c546e12ffd5c4a46
round 6: ed76301e67d312af
round 5: bbd76433e3dfcd13
round 4: f160c1f4b5655509
round 3: 2512b60dd5267e6d
round 2: 6f86e1389cb0353b
Plain Text: 123456abcd132536
Advantages of Blowfish

Blowfish is one of the fastest block ciphers currently in use. It encrypts data using a
symmetric encryption key to create ciphertext. Blowfish is still in high demand over thirty
years after it was created because it provides the following benefits −

1. Considerably less time-consuming and more effective than the DES and IDEA
algorithms.
2. Unpatented and open to be utilized by anybody, even without authorization.
3. Large microprocessors can handle the data encryption process efficiently, even with
its intricate initialization step prior to encryption.
4.
5. Offers a high level of security for Java-developed programmes and apps.
6. Allows for safe user authentication for remote access and secure access for backup
tools.

Disadvantages of Blowfish

There are a few disadvantages to using Blowfish for encryption, including the following −

1. Changing the key will change the speed.

2. It takes a long time to complete the primary routine.
3. Due to its short 64-bit block size, the technique is vulnerable to birthday attacks, a
kind of brute-force attack.

4. Preprocessing for each new key requires 4 KB of text, which slows it down and
makes it unusable for various purposes.

Applications of Blowfish Algorithm:

1. Bulk Encryption.
2. Packet Encryption(ATM Packets)
3. Password Hashing
4. Mobile processors
5. Email
6. File or disc encryption
7. Packet encryption
8. Random bit creation
9. Password hashing
10. Data backup
11. Protect Shell