Explain Blowfish Algorithm

Blowfish Algorithm

 Blowfish was developed by Bruce Schneier. It is very strong symmetric key

cryptographic algorithm.

Features of Blowfish:
 Fast: Blowfish encryption state on 32 bit microprocessors.
 Compact: Blowfish can execute in less than 5KB memory
 Simple: Blowfish uses only primitive operations such as addition, XOR and table
lookup making its design and manipulation simple
 Secure: Blowfish has a variable key length up to a maximum of 448 long, making it
both flexible and secure
Operations: (Blowfish encrypts 64-bit block with a variable-length key)
1) Sub-key Generation: This process covert the key up to 448 bit long to sub-keys
totaling 7168 bits
2) Data Encryption : This process involves the iteration of a simple function 16 times.
Each round contains a key-dependent permutation and key and data substitution
 Blowfish is a very fast algorithm which takes 64 bit input as plaintext and generates
64 bit output ciphertext
 It uses the concept of P-array which uses 32 bit sub-keys and there are 18 P-
arrays P1 to P18P1 to P18
 Blowfish Algorithm runs 16 times i.e. 16 rounds
Processes:

1. Sub-key Generation:

 Key Size is variable but blowfish algorithm generates very large sub-keys . The key
size is in the range of 32 bits to 448 bits or 14 words.
 Concept of P-array consists of 18, 32 bit sub-keys
 There are 4 S-boxes containing 256 entries of 32 bits
 P-array is initialized first then four s boxes with fixed string
 Then P-arryas are XORed with sub-keys i.e .from P1 to P18P1 to P18 . Once the sub
keys are generated the encryption process begins.

1. Data encryption and decryption:

 We use the P -arrays and S boxes during this process

1
Blowfish Encryption:

2
Advantages of Blowfish

One of the fastest and most compact block ciphers in public use, Blowfish uses a symmetric
encryption key to turn data into ciphertext. Almost three decades after it was first developed,
Blowfish is still widely used because it offers the following advantages:

 much faster and more efficient than DES and IDEA algorithms;

 unpatented and can be freely used by anyone even without a license;

 despite the complex initialization phase before encryption, the data encryption process is
efficient on large microprocessors;

3
 provides extensive security for software and applications developed in Java;

 provides secure access for backup tools; and

 supports secure user authentication for remote access.

Disadvantages of Blowfish

There are some downsides to using Blowfish for encryption, including the following:

 Speed is affected when changing keys.

 The key schedule takes a long time.

 The small 64-bit block size makes the algorithm vulnerable to birthday attacks, a class
of brute-force attacks.

 Each new key requires preprocessing equivalent to 4 KB of text, which affects its speed,
making it unusable for some applications.

Applications of Blowfish

Blowfish is suitable for a wide range of applications, including the following:

 bulk encryption

 random bit generation

 packet encryption

 password hashing and management

 mobile processors

 email, file or disk encryption

 data backup

 Secure Shell
Rivest Cipher 5 (RC5)

4
This section gives the detail explanation of cryptographic algorithms developed by Ronald
Rivest, one of the inventors of the RSA public key cryptography algorithm and co-founders
of RSA security. Ronald developed three Symmetric key

It was one of the popular and fastest symmetric key algorithms invented in the year
1987[5,6]. The algorithm uses a variable sized key from 1 to 256 bits is used to initialize a
256-byte state vector S. The same algorithm is used for both encryption and decryption. For
encryption and decryption, a byte k is generated from S by selecting one of the 255 entries.
As each value of k is generated, the entries in S are once again permuted. The principle of
RC4 algorithm is divided into two stages.

1. Key-Scheduling algorithm (KSA)

2. Pseudo Random Generation Algorithm (PRGA).

S [ i ] + S [ j ] mod 256

S[i]+S[j]

S[i]

S[i]

0 1 mod 256 i j 254

5
 255

Figure 8. An overview of RC4 [5]

1. Key-Scheduling Algorithm (KSA)

The main function of the Key-Scheduling Algorithm is to complete initialization of RC4

Key. The algorithm first initializes the S table with the identity permutation. Once the S
array is initialized, shuffling of the array is performed using the key to make it a
permutation array. For this operation, S array is processed for 256 iterations [5,6]. The
pseudo-code for the key scheduling algorithm is given below

1. for i from 0 to 255 S [ i ] : = i

2. endfor j : = 0
3. for i from 0 to 255
4. j : = ( j + S [ i ] + key [ i mod key length ] ) mod 256
5. swap values of S [ i ] and S [ j ] endfor
Finally the S array is generated and it is used in the PGRA to generate the key stream.

2. Pseudo-Random Generation Algorithm (PRGA)

The PGRA is used to generate the keystream of the size of the message to encrypt and it has
the capacity to generate the keystream of any size [5,6]. To Perform the PRGA operation,
firstly, assign (or initialize) any two index to 0 and then the generation of keystream starts
one byte at a time until it reaches the size of the message. For computing the each new byte
the following steps are used.

1. Compute new value of i and j i : = (i + 1) mod 256

2. j : = (j + S [ i ] ) mod 256

3. To have a dynamic state swapping process is performed between S [ i ] and S [ j ]

4. Retrieve the next byte of the keystream from the S array at the index

5. Keystream Byte

6. The pseudo-code for the pseudo-random generation algorithm is given below

7. i : = 0 j : = 0

8. while Generating Output : i : = (i + 1) mod 256

9. j : = (j + S [ i ] ) mod 256

10. swap values of S [ i ] and S [ j ]

11. K : = S [ (S [ i ] + S [ j ] ) mod 256 ]

12. output K

6
 13. endwhile

Steps for RC4 Algorithm

The steps for RC4 encryption algorithm is as follows [5,6]:

Step 1 : Get the data to be encrypted and the selected key.
Step 2 : Create two string arrays.
Step 3 : Initiate one array with numbers from 0 to 255.
Step 4 : Fill the other array with the selected key.
Step 5 : Randomize the first array depending on the array of the key.
Step 6 : Randomize the first array within itself to generate the final key stream.
Step 7 : XOR the final key stream with the data to be encrypted to give cipher text.

RC4's Success:

 Random nature of S-Box changes which makes it

difficult to locate a value in its table. Through the use of a 256 byte internal key,an S-box
RC4 can be in 256!*2562 possible states, which represents quite a large making an attack
on its table structure very difficult.

1. Speed: It uses a few simple loops and swapping of bytes making it extremely fast.

2. Simplicity

3. Efficient implementations in both software and hardware

4. Very easy to develop.

RC4s Weakness:

1. Short key length means that the pseudorandom generator will repeat, which permits
passive monitoring to gather data that can be statistically analyzed.

2. Weak keys

3. The most important weakness of RC4 comes from the insufficient key schedule; the
first bytes of output reveal information about the key. This can be corrected by simply
discarding some initial portion of the output stream.

4. This is known as RC4-dropN, where N is multiple of 256, such as 768 or 1024.

Rivest Cipher5 (RC5)

RC5 is a symmetric block cipher algorithm published in the year 1994 [7, 8]. This
algorithm is designed to be suitable for both hardware and software. This algorithm
provides block size of RC5 is variable and can be 32, 64, or 128 bits. The key size is also
variable and can be between 0 and 2048 bits. Although 12 rounds is the standard number
for 64 bit RC5, the number of rounds is also variable and can be between 1 and 255. It is

7
 a parameterised algorithm and particularly the RC5 algorithm is designated as RC5-
w/r/b and the detail of the parameter are shown in the table 2.

Table 2 RC5 Parameters

Parameter Definition Allowable Values

Word Size in bit,
w 16, 32, 64 , 128
RC5 encrypt 2-word blocks
r Number of rounds 0,1,…..255
b Number of bytes in the secret key K 0, …… 255

RC5 algorithm consists of three components, namely, (1) Key Expansion, (2) Encryption
Algorithm, and (3) Decryption Algorithm. This algorithm uses the three primitive
operations shown in table 3.

Table 3.

S. Primitive
Details
No Operations
Two's complement addition of words, denoted by "+". This is
modulo-2w addition. The inverse operation subtraction of words
1. Addition denoted

by "-".

RC5 Primitive Operations

Bit-wise
Bit-wise exclusive-OR of
2.
exclusive-
words
OR
3. Left Circular A left-rotation (or "left-spin")

Rotation of words: the rotation of

word x left by y bits is

denoted x <<< y. The

8
 inverse is the right circular

rotation of word x by y bits is

denoted by x>>>y.

Key Expansion

The key expansion routine expands the users secret key K to fill the expanded key
array S. The key expansion algorithm uses two magic constants. The key
expansion algorithm performs a complex set of operations on the secret key to
produce the total subkeys represented as t. Each subkey is one word in length. Two
subkeys are used in each round and two subkeys are used on an addtional operation
that is not part of any round, so t=2r+2.

Techniques used to generate Subkeys

 The subkeys are stored in a t word array labelled

S[0],S[1],,S[t+1].

 The parameters r and w as inputs.

 Then the b byte key, K[0,,b-1] is converted into a c-

word array L[0,,c-1].

 On a little-endian machine , this is accomplished by

zeroing out the array L and copying the string K directly into the memory positions
represented by L.

 If b is not an integer multiple of w, then a portion of L

at the right end remains zero.

 Finally a mixing operation is performed that applies the

contents of L to the initialized value of S to produce a final value fro the array S.

Encryption Algorithm

In the encryption algorithm, RC5 input block consist of two w-bit registers A and B and
the output is also placed in the same register. The variables LEi and REi refer the left
and right half of the data after round i has completed. The algorithm is follows:

LE0 = A+S[0]; RE0 = B+S[1];

for i= 1 to r do

LEi=((LEi-1 XOR REi-1)<<<REi-1)+S[2*i]; REi=((REi-1 XOR LEi)<<<LEi)

+S[2*i+1];

9
 The cipher text result contains the two variables LEr and REr each of the r rounds
consists of a substitution using both words of data. A permutation is computed using
both words of data and a substitution that depends on the key. One round of RC5 is
equivalent to two rounds of DES.

Decryption Algorithm

The decryption routine can easily derive from the encryption routine of RC5.The encryption
algorithm a 2w bits of cipher text as output. Those bits are initially assigned to the two one-
word variables LDr and RDr. The variables LDi and RDi refer to the left and right half of
the data before round i has begun, where the rounds are numbered from r down to 1.

for i = r down to 1 do
RDi-1=((RDi-S[2*i+1]>>>LDi)XORLDi);
LDi-1=((LDi-S[2*i]>>>RDi) XOR RDi-);
B = RD0-S[1];
A = LD0-S[0];
Rivest Cipher6 (RC6)

RC6 is a symmetric key block cipher derived from RC5. It was designed in the year 1998
by Ron Rivest in collaboration with his associates from RSA Laboratories [9,10]. RC6
includes many new features, which are not available in RC5. RC6 algorithm has a
modified Feistel structure and presented symbolically as RC6-w/r/b and the derails of
w/r/b are given in table4.

Paramete
Definition
r
w represent 32 bits as the size of word
It denotes number of round for encryption. If the size of block is 128 bits, then
r
r, the number, is 20
b 16, 24 and 32 byte key
Table 4 RC6 Parameters

 a>>>b rotate the w-bit word a to the right by the amount given
by the least significant lg w bits of b

Key Schedule

10
The key schedule of RC6-w/r/b is similar to the key schedule of RC5-w/r/b. The user
supplies a key of b bytes. From this key, 2r + 4 words (w bits each) are derived and
stored in the array S [0, 2r + 3]. This array is used in both encryption and decryption

Encryption

The encryption process in RC6 is relatively simple. RC6 consist of four w-bit
registers (A, B, C, D) which is used to store the initial input plain text and the final
output cipher text is also stored in the same register. The first byte of plaintext or
cipher text is placed in the least significant byte of A; the last byte of plaintext or
cipher text is placed into the most significant byte of D. The pseudo-code for the
encryption is given below.

Input : Plain text stored in four w-bit input registers A, B, C, D

Number of r rounds
w-bit round keys S[0,,2r + 3] Output : Cipher Text stored in A, B, C, D Procedure : B
= B + S[0];
D = D + S[1];
for i = 1 to r do
{
4.3.1 Structure of the RC6 Algorithm
Decryption

t = (B (2B + 1)) log w; u = (D (2D + 1)) log w; A = ((A t) u) + S[2i];

C = ((C u) t) + S[2i+1]; (A, B, C, D) = (B, C, D, A);
A = A + S[2r+2]; C = C + S[2r+3];

RC6 algorithm contains four components they are

2. Basic Operation, (2) Key Schedule, (3) Encryption and (4) Decryption

Basic Operation

For all variants, RC6- w/r/b operates on units of four w-bit words using the
following six basic operations. The base-two logarithm of w will be denoted
by lg w.

 a + b integer addition modulo 2w

 a – b integer subtraction modulo 2w

 a Ã…b bitwise exclusive-or of w-bit words

 a X b integer multiplication modulo 2w

 a<<<b rotate the w-bit word a to the left by the amount given by the
least significant lg w bits of b

11
 Decryption operation performs in a similar way as encryption. The main difference is
that the cipher text is given as input and produce output as plain text. The pseudo-
code for the decryption is shown below.

C = C + S[2r+3]; A = A + S[2r+2];
for i = r downto 1 do
{
(A, B, C, D) = (D, A, B, C);
u = (D (2D + 1)) log w; t = (B (2B + 1)) log w;
C = ((C – S[2i+1]) t) u;
A = ((A – S[2i]) u) t;
}
D = D – S[1];
B = B – S[0];
Table 5.

Comparisons of RC4, RC5 And RC6 Algorithm

Algorithm RC4 RC5 RC6

Symmetric Cipher Stream
Block Cipher Block Cipher
Type Cipher
32, 64 or 128 bits
Block Size ——-
(64 suggested)
1-255
Rounds 256 (12 suggested 20
originally)
40 0 to 2040 bits 128, 192,
Key Size
2,048 bits (128 suggested) or 256 bits
Ron Rivest, Matt Robshaw, Ray
Designer Ron Rivest Ron Rivest Sidney,
Yiqun Lisa
Published Year 1994 1994 1998

12