Blowfish Algorithm with Examples

Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative to the DES Encryption Technique. It is significantly faster than DES and provides a good encryption rate with no effective cryptanalysis technique found to date. It is one of the first secure block ciphers not subject to any patents and hence freely available for anyone to use. It is a symmetric block cipher algorithm.

• blockSize: 64-bits
• keySize: 32-bits to 448-bits variable size
• Number of subkeys: 18 [P-array]
• Number of rounds: 16
• number of substitution boxes: 4 [each having 512 entries of 32 bits each]

Blowfish Encryption Algorithm

The entire encryption process can be elaborated as: 

👁 Image

Lets see each step one by one:

Step 1: Generation of subkeys 

• 18 subkeys{P[0]...P[17]} are needed in both encryption as well as decryption process and the same subkeys are used for both the processes.
• These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
• It is initialized with the digits of pi(?).
• The hexadecimal representation of each of the subkeys is given by:

P[0] = "243f6a88"
P[1] = "85a308d3"
.
.
.
P[17] = "8979fb1b"

👁 Image

Now each of the subkey is changed with respect to the input key as:

P[0] = P[0] xor 1st 32-bits of input key
P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)

The resultant P-array holds 18 subkeys that is used during the entire encryption process

Step 2: Initialize Substitution Boxes 

• After expanding the P-array, The S-boxes are initialized with digits of pi.
• 4 Substitution boxes(S-boxes) are needed{S[0]...S[4]} in both encryption aswell as decryption process with each S-box having 256 entries{S[i][0]...S[i][255], 0&lei&le4} where each entry is 32-bit.
• It is initialized with the digits of Љ ( pi ) after initializing the P-array.

Step 3: Encryption 

• The encryption function consists of two parts: 
  a. Rounds: The encryption consists of 16 rounds with each round(Ri) taking inputs the plainText(P.T.) from previous round and corresponding subkey(Pi). The description of each round is as follows:

👁 Image

The description of the function " F " is as follows: 

👁 Image

Here, the function "add" is addition modulo 2^32. 

b. Post-processing: The output after the 16 rounds is processed as follows: 

👁 blowfish

Below is a Java Program to demonstrate Blowfish encryption: 

Output:

Description

The decryption process is similar to that of encryption and the subkeys are used in reverse{P[17] - P[0]}. The entire decryption process can be elaborated as: 

👁 Image

Lets see each step one by one: 

Step 1: Generation of subkeys

• 18 subkeys{P[0]...P[17]} are needed in decryption process.
• These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
• It is initialized with the digits of pi(?).
• The hexadecimal representation of each of the subkeys is given by:

P[0] = "243f6a88"
P[1] = "85a308d3"
.
.
.
P[17] = "8979fb1b"

Note: See encryption for the initial values of P-array.

Now each of the subkeys is changed with respect to the input key as:

P[0] = P[0] xor 1st 32-bits of input key
P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)

The resultant P-array holds 18 subkeys that is used during the entire encryption process

Step 2: Initialize Substitution Boxes

• 4 Substitution boxes(S-boxes) are needed{S[0]...S[4]} in both encryption aswell as decryption process with each S-box having 256 entries{S[i][0]...S[i][255], 0&lei&le4} where each entry is 32-bit.
• It is initialized with the digits of pi(?) after initializing the P-array.

Step 3: Decryption

• The Decryption function also consists of two parts: 
  
  1. Rounds: The decryption also consists of 16 rounds with each round(Ri)(as explained above) taking inputs the cipherText(C.T.) from previous round and corresponding subkey(P[17-i])(i.e for decryption the subkeys are used in reverse).
  2. Post-processing: The output after the 16 rounds is processed as follows:

👁 Image

Below is a Java program to demonstrate decryption.

Output:

Advantages

• Blowfish is a fast block cipher except when changing keys. Each new key requires a pre-processing equivalent to 4KB of text.
• It is faster and much better than DES Encryption.

Disadvantages

• Blowfish uses a 64-bit block size which makes it vulnerable to birthday attacks.
• A reduced round variant of blowfish is known to be susceptible to known plain text attacks(2nd order differential attacks - 4 rounds). 
  

Application of Blowfish Algorithm

• Bulk Encryption.
• Packet Encryption(ATM Packets)
• Password Hashing