Blowfish Algorithm in Cryptography

Blowfish is a symmetric, 64-bit block cipher with changeable length. As a "general-purpose algorithm," it was created by Bruce Schneier in 1993 as a quick, cost-free replacement for the venerable Data Encryption Standard (DES) and International Data Encryption Algorithm (IDEA) encryption techniques.

Blowfish is unpatented, substantially quicker than DES and IDEA, and freely accessible for all purposes. However, because of its short block size, which is seen as unsafe, it couldn't totally replace DES.

The security issue was addressed by Twofish, its successor, who used a higher block size of 128 bits. Even Nevertheless, many cipher suites and encryption solutions on the market today use the Blowfish algorithm since complete Blowfish encryption has never been cracked.

Identifying blowfish

Blowfish features a 64-bit block size with keys that can be 32 bits long or 448 bits long. It features 16 iterations that resemble Feistel and each one operates on a 64-bit block that is partitioned into two 32-bit words. Blowfish uses a single encryption key to encode and decode data.

The two primary parts of the blowfish algorithm are as follows:

Data Encryption: A 16-round Feistel network is used to encrypt data, with each round including a key-dependent permutation and a key- and data-dependent replacement. The replacement approach is used in conjunction with large, key-dependent S-boxes to encrypt data in Blowfish. All encryption processes include add on 32-bit words and XORs, a sort of logic gate.

Key expansion and Sub keys: Maximum size 448-bit keys are expanded into several sub key arrays totaling 4,168 bytes throughout the key expansion procedure. The Blowfish algorithm, which makes extensive use of sub keys, depends on them. Before any encryption or decryption can occur, these sub keys are pre-calculated.

The P-array in Blowfish is made up of four 32-bit S-boxes with 256 entries each, along with 18 32-bit sub keys. Following is the calculation for the sub keys:

  1. A predetermined string of pi's hexadecimal digits is used as the initialization value for the P-array and S-boxes.
  2. Now, the first P-array element (P1) is XORed with the first 32 bits of the key, followed by P2 with the second 32 bits, and so on, until all P-array elements have been XORed with the key bits.
  3. The procedure is applied on all-zero strings in the manner shown in the preceding phases.
  4. Replace the P1 and P2 arrays with the results of step 3 above.
  5. Blowfish is used to encrypt this output while using changed sub keys.
  6. The P-array's P3 and P4 are modified by the output of step 5.
  7. The four S-boxes and all the P-arrays are updated when this operation is completed.

To produce all the sub keys and processes, Blowfish executes 521 times in total, using around 4 kilobytes (KB) of data.

Example of the Blowfish encryption and decryption technique

Assume Blowfish will be used to encrypt the message "Hi world". The procedures are as follows:

  1. The first input string "Hi world" consists of seven characters plus a space, for a total of eight bytes or 64 bits.
  2. It divides the input into 32 bits. Key expansion produces a value termed P1, which is then XORed with the remaining 32 bits, "Hi w," to produce the desired result. (Note: P stands for a prime number, which can only be divided by itself and by one other.)
  3. The 32 bits are then divided into 4 bytes each and delivered to the four S-boxes after P1 has gone via a transformational F-function (F In).
  4. The first two values from the first two S-boxes are combined, and then the third value from the third S-box is XORed with them.
  5. To create 32 bits as the output, this result is added to the fourth S-box's output.
  6. To create output F1', the output of F In is XORed with the right 32 bits of the input message, "orld".
  7. The left half of the message is then replaced by F1', and the right half by P1'.
  8. For a total of 16 rounds, the identical procedure is performed for each new member of the P-array.
  9. The outputs P16' and F16' are finally XORed with the P-array's final two entries, P17 and P18, after 16 cycles. After that, they are merged once again to create the 64-bit cipher text of the input message.

IMAGE

Benefits of Blowfish

Blowfish is one of the quickest and smallest block ciphers currently in use, converting data into cipher text using a symmetric encryption key. Blowfish is still commonly used over three decades after it was initially created because it provides the following benefits:

  • The data encryption process is efficient on large microprocessors
  • Despite the complex initialization phase before encryption and is much faster and more effective than DES and IDEA algorithms.
  • It also provides extensive security for Java-based software and applications, secure access for backup tools.
  • And supports secure user authentication for remote access.

Drawbacks of blowfish

Using Blowfish for encryption has various drawbacks, such as the following:

  • Changes in key speed slow things down.
  • It takes time to complete the main timetable.
  • The technique is susceptible to birthday assaults, a type of brute-force attack, because to the short 64-bit block size.
  • Each new key needs to be preprocessed, taking up 4 KB of text, which slows it down and renders it useless for some applications.

Uses of blowfish

Blowfish is appropriate for a variety of uses, such as the following:

  • Mobile processors
  • Email
  • File or disc encryption
  • Packet encryption
  • Random bit creation
  • Password hashing
  • Data backup
  • Protect Shell

Many well-known products, including CryptoDisk, PasswordWallet, Access Manager, Symantec NetBackup, and SplashID, employ Blowfish. Blowfish is also widely used by e-commerce companies and social media platforms to secure user data.

A Java program that demonstrates Blowfish encryption below:

Output:

subkey 1: 8e846390
subkey 2: a295c40e
subkey 3: b9a28336
subkey 4: 2446bf99
subkey 5: 0eb2313a
subkey 6: 0ea9fd0d
subkey 7: a295f380
subkey 8: cb78a054
subkey 9: ef9328fe
subkey 10: 1fe6dfaa
subkey 11: 14ef6fd7
subkey 12: 13dfc0b1
subkey 13: 6a1720af
subkey 14: ee4a9c00
subkey 15: 953fdcad
subkey 16: 9271c5ca
subkey 17: 38addcc1
subkey 18: ae4f37c6
-----Encryption-----
round 0: 77b3ba639cb0353b
round 1: 0cc7d63fd5267e6d
round 2: c799728ab5655509
round 3: 69612395e3dfcd13
round 4: f3f5b74b67d312af
round 5: 52023d4efd5c4a46
round 6: 5b785180f097cece
round 7: cc946d119000f1d4
round 8: 6af47a4b230745ef
round 9: 9fb82cc57512a5e1
round 10: 1106c1ab8b574312
round 11: 7d7a616502d9011a
round 12: 81e9ce71176d41ca
round 13: 9727e50a6fa35271
round 14: eb761e34021839a7
round 15: 0599d9367907dbfe
Cipher Text: d748ec383d3405f7

Here is a Java program that shows how to decode data:

Output:

subkey 1: 8e846390
subkey 2: a295c40e
subkey 3: b9a28336
subkey 4: 2446bf99
subkey 5: 0eb2313a
subkey 6: 0ea9fd0d
subkey 7: a295f380
subkey 8: cb78a054
subkey 9: ef9328fe
subkey 10: 1fe6dfaa
subkey 11: 14ef6fd7
subkey 12: 13dfc0b1
subkey 13: 6a1720af
subkey 14: ee4a9c00
subkey 15: 953fdcad
subkey 16: 9271c5ca
subkey 17: 38addcc1
subkey 18: ae4f37c6
-----Decryption-----
round 17: 3ab5e5667907dbfe
round 16: fdd297bb021839a7
round 15: 82529d676fa35271
round 14: ec939d1a176d41ca
round 13: e14063bd02d9011a
round 12: 66cd65508b574312
round 11: 37e82a387512a5e1
round 10: 8fe62e7e230745ef
round 9: 1f04e6309000f1d4
round 8: 3624ea12f097cece
round 7: c546e12ffd5c4a46
round 6: ed76301e67d312af
round 5: bbd76433e3dfcd13
round 4: f160c1f4b5655509
round 3: 2512b60dd5267e6d
round 2: 6f86e1389cb0353b
Plain Text: 123456abcd132536

Benefits and Drawbacks of the Blowfish Algorithm

  • Blowfish is a quick block cypher, barring key changes. Pre-processing needed for each new key is equal to 4KB of text.
  • Compared to DES Encryption, it is significantly quicker and superior.
  • Due to its usage of a 64-bit block size, blowfish is susceptible to birthday attacks.
  • Blowingfish with fewer rounds has been shown to be vulnerable to well-known plain text assaults (2nd order differential attacks - 4 rounds).

Uses for the Blowfish Algorithm

  • Bulk Encryption
  • Password hash
  • Packet Encryption (ATM packets)





Latest Courses