Blowfish Algorithm

Blowfish symmetric block cipher algorithm encrypts block data of 64-bits at a time. The algorithm follows fiestal network and is divided into 3 main parts:
1. Key-expansion
2. Data Encryption
3. Data Decryption

1.Key Expansion
Prior to any data encryption and decryption, these keys should be computed before-hand.
The p-array consists of 18, 32-bit sub-keys:
P1, P2,., P18
Four 32-bit S-Boxes consist of 256 entries each:
S1, 0, S1, 1,. S1, 255
S2, 0, S2, 1,.. S2, 255
S3, 0, S3, 1,.. S3, 255
S4, 0, S4, 1 …………..S4, 255

Generating the Sub-keys:
The sub-keys are calculated and generated using the Blowfish algorithm:

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344, etc

2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (possibly up to
P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits. (For every short key, there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)

3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).

4. Replace P1 and P2 with the output of step (3).

5. Encrypt the output of step (3) using the Blowfish algorithm with the modified sub-keys.

6. Replace P3 and P4 with the output of step (5).

7. Continue the process, replacing all entries of the P array, and then all  four S-boxes in order, with the output of the continuously changing Blowfish algorithm.
In total, 521 iterations are required to generate all required sub-keys. Applications can store the sub-keys rather than execute this derivation process multiple times.

2.Data Encryption
It is having a function to iterate 16 times of network. Each round consists of key-dependent permutation and a key and data-dependent substitution. All operations are XORs and additions on 32-bit words. The only additional operations are four indexed array data lookup tables for each round.

Algorithm: Blowfish Encryption
Divide x into two 32-bit halves: xL, xR
For i = 1to 16:
xL = XL XOR Pi
xR = F(XL) XOR xR
Swap XL and xR
Swap XL and xR (Undo the last swap.)
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR

3.Data Decryption
Decryption is exactly the same as encryption, except that P1, P2 ….. P18  are used in the reverse order.


Leave a comment