# Blowfish A widely used block cipher Blowfish Designed

Blowfish A widely used block cipher Blowfish Designed by Bruce Schneier (1993) A variant of it (Twofish) was an AES finalist candidate 64-bit block size, 16-round Feistel network structure. Variable key size: 32-448 bits Key-dependent S-Boxes Blowfish Feistel Structure QuickTime and a

TIFF (Uncompressed) decompressor are needed to see this picture. Unlike a regular Feistel network, both sides are modified in each round: On 1st round, R1= L0 P1; L1= R0 F(L0 P1) http://en.wikipedia.org/wiki/Blowfish_(cipher) Blowfish round function

QuickTime and a TIFF (Uncompressed) decompressor are needed to see this picture. Four 8-to-32 bits SBoxes are used. indicates XOR indicates addition mod 232 Mixing XOR and addition mod 232 complicates cryptanalysis http://en.wikipedia.org/wiki/Blowfish_(cipher)

Key schedule In Blowfish, the key schedule has two components Initialization of the S-boxes Initialization of the P-array (proper key schedule of a Feistel network) The entries of the P-array and S-boxes are first filled with the fractional part of the expansion of in hexadecimal. Key schedule (2) P1 = 243F6A88, P2 = 85A308D3, ..., S(4:254) =578FDFE3, S(4:255) =3AC372E6

The key K is XORED with the P-array, cycling over the key as needed. A 64-bit block of 0s is encrypted with the Blowfish algorithm and P1, P2 are replaced with the result, which is then encrypted again and substitutes P3, P4. This continues until all P-array and all S-Boxes entries are replaced. Key schedule algorithm Initialize P, S With ( frac() )16. XOR P, S with cyclically extended key. For (P, S) = (P1,P2, ..., S(4:254) , S(4:255)) Do Replace P1 , P2 Replace P3 , P4 ...

Replace P17 , P18 Replace S(1:0) , S(1:1) by Enc(P;S; 0) by Enc(P;S; P1||P2) by Enc(P;S; P15||P16) by Enc(P;S; P17||P18) ... Replace S(4:254), S(4:255) by Enc(P;S;S(4:252)||S(4:253)) Notes The S-boxes are read as simple lookup tables. For instance, if S2 is given the 8-bit input which is the binary expansion of the integer 127, then S(2:127) is

returned. 521 applications of Blowfish are required to install a new key: There are 18 P-array entries and 4x256 S-Box entries = total of 1042 entries. Each application of Blowfish replaces two of these entries. Blowfish facts Low key-agility and/or high memory demands makes Blowfish impractical in constrained environments. Small (64-bit) blocksize makes it insecure for

applications that encrypt large amounts of data with the same key (such as data archival, file system encryption, etc.) Implemented in SSL and other security suites. Blowfishs speed makes it an good choice for applications that encrypt intermediate amounts of data, such as typical of network communications (e-mail, file transfers).

No attacks on Blowfish are known that work on the full 16-round official version (certain attacks recover some information from versions with up to 14-rounds).

