## Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

1 of 7

ßIowfish Encryption AIqorithm

The data transformation process for PocketBrief uses the Blowfish Algorithm for

Encryption and Decryption, respectively. The details and working of the algorithm are

given below.

Blowfish is a symmetric block cipher that can be effectively used for encryption and

safeguarding of data. It takes a variable-length key, from 32 bits to 448 bits, making it

ideal for securing data. Blowfish was designed in 1993 by Bruce Schneier as a fast, free

alternative to existing encryption algorithms. Blowfish is unpatented and license-free,

and is available free for all uses.

Blowfish Algorithm is a Feistel Network, iterating a simple encryption function 16

times. The block size is 64 bits, and the key can be any length up to 448 bits. Although

there is a complex initialization phase required before any encryption can take place, the

actual encryption of data is very efficient on large microprocessors.

Blowfish is a variable-length key block cipher. It is suitable for applications where the

key does not change often, like a communications link or an automatic file encryptor. It is

significantly faster than most encryption algorithms when implemented on 32-bit

microprocessors with large data caches.

Feistel Networks

A Feistel network is a general method of transforming any function (usually called an F-

function) into a permutation. It was invented by Horst Feistel and has been used in many

block cipher designs. The working of a Feistal Network is given below:

Split each block into halves

Right half becomes new left half

New right half is the final result when the left half is XOR’d with the result of

applying f to the right half and the key.

Note that previous rounds can be derived even if the function f is not invertible.

PocketBrief

2 of 7

PocketBrief

3 of 7

The Blowfish Algorithm:

Manipulates data in large blocks

Has a 64-bit block size.

Has a scalable key, from 32 bits to at least 256 bits.

Uses simple operations that are efficient on microprocessors.

e.g., exclusive-or, addition, table lookup, modular- multiplication. It does not

use variable-length shifts or bit-wise permutations, or conditional jumps.

Employs precomputable subkeys.

On large-memory systems, these subkeys can be precomputed for faster

operation. Not precomputing the subkeys will result in slower operation, but it

should still be possible to encrypt data without any precomputations.

Consists of a variable number of iterations.

For applications with a small key size, the trade-off between the complexity of

a brute-force attack and a differential attack make a large number of iterations

superfluous. Hence, it should be possible to reduce the number of iterations

with no loss of security (beyond that of the reduced key size).

Uses subkeys that are a one-way hash of the key.

This allows the use of long passphrases for the key without compromising

security.

Has no linear structures that reduce the complexity of exhaustive search.

Uses a design that is simple to understand. This facilitates analysis and increase

the confidence in the algorithm. In practice, this means that the algorithm will be

a Feistel iterated block cipher.

DESCRIPTION OF THE ALGORITHM

Blowfish is a variable-length key, 64-bit block cipher. The algorithm consists of two

parts: a key-expansion part and a data- encryption part. Key expansion converts a key of

at most 448 bits into several subkey arrays totaling 4168 bytes.

Data encryption occurs via a 16-round Feistel network. Each round consists of a key-

dependent permutation, and a key- and data-dependent substitution. All operations are

XORs and additions on 32-bit words. The only additional operations are four indexed

array data lookups per round.

Subkeys

PocketBrief

4 of 7

Blowfish uses a large number of subkeys. These keys must be precomputed before any

data encryption or decryption.

The P-array consists of 18 32-bit subkeys:

P1, P2,..., P18.

There are four 32-bit S-boxes with 256 entries each:

S1,0, S1,1,..., S1,255;

S2,0, S2,1,..,, S2,255;

S3,0, S3,1,..., S3,255;

S4,0, S4,1,..,, S4,255.

Encryption

Blowfish has 16 rounds.

The input is a 64-bit data element, x.

Divide x into two 32-bit halves: xL, xR.

Then, for i = 1 to 16:

xL = xL XOR Pi

xR = F(xL) XOR xR

Swap xL and xR

After the sixteenth round, swap xL and xR again to undo the last swap.

Then, xR = xR XOR P17 and xL = xL XOR P18.

Finally, recombine xL and xR to get the ciphertext.

PocketBrief

5 of 7

Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the

reverse order.

Implementations of Blowfish that require the fastest speeds should unroll the loop and

ensure that all subkeys are stored in cache.

Generating the Subkeys

The subkeys are calculated using the Blowfish algorithm:

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string.

This string consists of the hexadecimal digits of pi (less the initial 3): P1 =

0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344, etc.

2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the

key, and so on for all bits of the key (possibly up to P14). Repeatedly cycle

through the key bits until the entire P-array has been XORed with key bits. (For

every short key, there is at least one equivalent longer key; for example, if A is a

64-bit key, then AA, AAA, etc., are equivalent keys.)

3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys

described in steps (1) and (2).

4. Replace P1 and P2 with the output of step (3).

5. Encrypt the output of step (3) using the Blowfish algorithm with the modified

subkeys.

6. Replace P3 and P4 with the output of step (5).

7. Continue the process, replacing all entries of the P array, and then all four S-boxes

in order, with the output of the continuously changing Blowfish algorithm.

In total, 521 iterations are required to generate all required subkeys. Applications can

store the subkeys rather than execute this derivation process multiple times.

DESIGN DECISIONS

A 64-bit block size yields a 32-bit word size, and maintains block-size compatibility with

existing algorithms. Blowfish is easy to scale up to a 128-bit block, and down to smaller

block sizes.

The fundamental operations were chosen with speed in mind. XOR, ADD, and MOV

from a cache are efficient on both Intel and Motorola architectures. All subkeys fit in the

cache of a 80486, 68040, Pentium, and PowerPC.

The Feistel Network that makes up the body of Blowfish is designed to be as simple as

possible, while still retaining the desirable cryptographic properties of the structure.

In algorithm design, there are two basic ways to ensure that the key is long enough to

ensure a particular security level. One is to carefully design the algorithm so that the

PocketBrief

6 of 7

entire entropy of the key is preserved, so there is no better way to cryptanalyze the

algorithm other than brute force. The other is to design the algorithm with so many key

bits that attacks that reduce the effective key length by several bits are irrelevant. Since

Blowfish is designed for large microprocessors with large amounts of memory, the latter

has been chosen. But it works equally well on Handheld systems with a decent

microprocessor.

The subkey generation process is designed to preserve the entire entropy of the key and

to distribute that entropy uniformly throughout the subkeys. It is also designed to

distribute the set of allowed subkeys randomly throughout the domain of possible

subkeys. The digits of pi were chosen as the initial subkey table for two reasons: because

it is a random sequence not related to the algorithm, and because it could either be stored

as part of the algorithm or derived when needed. But if the initial string is non-random in

any way (for example, ASCII text with the high bit of every byte a 0), this non-

randomness will propagate throughout the algorithm.

In the subkey generation process, the subkeys change slightly with every pair of subkeys

generated. This is primarily to protect against any attacked of the subkey generation

process that exploit the fixed and known subkeys. It also reduces storage requirements.

The 448 limit on the key size ensures that the every bit of every subkey depends on every

bit of the key.

The key bits are repeatedly XORed with the digits of pi in the initial P-array to prevent

the following potential attack: Assume that the key bits are not repeated, but instead

padded with zeros to extend it to the length of the P-array. An attacker might find two

keys that differ only in the 64-bit value XORed with P1 and P2 that, using the initial

known subkeys, produce the same encrypted value. If so, he can find two keys that

produce all the same subkeys. This is a highly tempting attack for a malicious key

generator. To prevent this same type of attack, the initial plaintext value in the subkey-

generation process is fixed.

The subkey-generation algorithm does not assume that the key bits are random. Even

highly correlated key bits, such as an alphanumeric ASCII string with the bit of every

byte set to 0, will produce random subkeys. However, to produce subkeys with the same

entropy, a longer alphanumeric key is required.

The time-consuming subkey-generation process adds considerable complexity for a

brute-force attack. The subkeys are too long to be stored on a massive tape, so they would

have to be generated by a brute-force cracking machine as required. A total of 522

iterations of the encryption algorithm are required to test a single key, effectively adding

29 steps to any brute-force attack.

The most efficient way to break Blowfish is through exhaustive search of the keyspace.

PocketBrief

7 of 7

References

B. Schneier, Applied Cryptography,

John Wiley & Sons, New York, 1994.

B. Schneier, Description of a New Variable-Length Key, 64-Bit

Block Cipher (Blowfish)

Fast Software Encryption, Cambridge Security Workshop Proceedings

(December 1993), Springer-Verlag, 1994, pp. 191-204.

PocketBrief 2 of 7 .

64-bit block cipher. The algorithm consists of two parts: a key-expansion part and a data.g. Employs precomputable subkeys. table lookup.and data-dependent substitution. and a key. the trade-off between the complexity of a brute-force attack and a differential attack make a large number of iterations superfluous. from 32 bits to at least 256 bits. but it should still be possible to encrypt data without any precomputations. Data encryption occurs via a 16-round Feistel network. Uses a design that is simple to understand. The only additional operations are four indexed array data lookups per round.PocketBrief The Blowfish Algorithm: Manipulates data in large blocks Has a 64-bit block size. it should be possible to reduce the number of iterations with no loss of security (beyond that of the reduced key size). All operations are XORs and additions on 32-bit words. modular.encryption part. In practice. Has no linear structures that reduce the complexity of exhaustive search. Uses simple operations that are efficient on microprocessors. This allows the use of long passphrases for the key without compromising security. Has a scalable key. It does not use variable-length shifts or bit-wise permutations. DESCRIPTION OF THE ALGORITHM Blowfish is a variable-length key. addition. Consists of a variable number of iterations. or conditional jumps. For applications with a small key size. Uses subkeys that are a one-way hash of the key. Key expansion converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. Hence. these subkeys can be precomputed for faster operation. This facilitates analysis and increase the confidence in the algorithm. Each round consists of a keydependent permutation. Not precomputing the subkeys will result in slower operation.multiplication.. On large-memory systems. exclusive-or. Subkeys 3 of 7 . e. this means that the algorithm will be a Feistel iterated block cipher.

255. P2.PocketBrief Blowfish uses a large number of subkeys... consists of 18 32-bit subkeys: Encryption Blowfish has 16 rounds...1..0. S1. 4 of 7 .1.255. S4.. S3.255.. Then. The input is a 64-bit data element. P18.0. S2. S2. S4.. S1..1... S2... Divide x into two 32-bit halves: xL.0. for i = 1 to 16: xL = xL XOR Pi xR = F(xL) XOR xR Swap xL and xR After the sixteenth round. xR = xR XOR P17 and xL = xL XOR P18. Finally. recombine xL and xR to get the ciphertext...... xR.. x.. S3. S3. The P-array P1.1.0. There are four 32-bit S-boxes with 256 entries each: S1.255. S4. swap xL and xR again to undo the last swap. These keys must be precomputed before any data encryption or decryption. Then.

Implementations of Blowfish that require the fastest speeds should unroll the loop and ensure that all subkeys are stored in cache. etc... (For every short key. All subkeys fit in the cache of a 80486. with the output of the continuously changing Blowfish algorithm. in order. there are two basic ways to ensure that the key is long enough to ensure a particular security level.. except that P1. In total. XOR P2 with the second 32-bits of the key. P2 = 0x85a308d3. are equivalent keys. etc. XOR P1 with the first 32 bits of the key. for example. Encrypt the all-zero string with the Blowfish algorithm. The Feistel Network that makes up the body of Blowfish is designed to be as simple as possible. there is at least one equivalent longer key. This string consists of the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88. then AA. XOR. 4. In algorithm design. Replace P1 and P2 with the output of step (3)..) 3. with a fixed string. if A is a 64-bit key. The fundamental operations were chosen with speed in mind. Continue the process. P2. replacing all entries of the P array. 521 iterations are required to generate all required subkeys. and PowerPC.PocketBrief Decryption is exactly the same as encryption. Blowfish is easy to scale up to a 128-bit block. DESIGN DECISIONS A 64-bit block size yields a 32-bit word size. P3 = 0x13198a2e. and maintains block-size compatibility with existing algorithms. 2. and then all four S-boxes in order. Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits. P4 = 0x03707344.. 7. and down to smaller block sizes. while still retaining the desirable cryptographic properties of the structure. 68040. Replace P3 and P4 with the output of step (5). P18 are used in the reverse order. AAA. Initialize first the P-array and then the four S-boxes. ADD. One is to carefully design the algorithm so that the 5 of 7 . Applications can store the subkeys rather than execute this derivation process multiple times. using the subkeys described in steps (1) and (2). 5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys. Pentium. 6. Generating the Subkeys The subkeys are calculated using the Blowfish algorithm: 1. and MOV from a cache are efficient on both Intel and Motorola architectures. and so on for all bits of the key (possibly up to P14).

The digits of pi were chosen as the initial subkey table for two reasons: because it is a random sequence not related to the algorithm. It is also designed to distribute the set of allowed subkeys randomly throughout the domain of possible subkeys. But if the initial string is non-random in any way (for example. produce the same encrypted value. will produce random subkeys. he can find two keys that produce all the same subkeys. To prevent this same type of attack. The subkey-generation algorithm does not assume that the key bits are random. This is a highly tempting attack for a malicious key generator. A total of 522 iterations of the encryption algorithm are required to test a single key. The 448 limit on the key size ensures that the every bit of every subkey depends on every bit of the key. However. Since Blowfish is designed for large microprocessors with large amounts of memory. Even highly correlated key bits. the subkeys change slightly with every pair of subkeys generated. The time-consuming subkey-generation process adds considerable complexity for a brute-force attack. the latter has been chosen. The most efficient way to break Blowfish is through exhaustive search of the keyspace. 6 of 7 .PocketBrief entire entropy of the key is preserved. The other is to design the algorithm with so many key bits that attacks that reduce the effective key length by several bits are irrelevant. The subkey generation process is designed to preserve the entire entropy of the key and to distribute that entropy uniformly throughout the subkeys. this nonrandomness will propagate throughout the algorithm. This is primarily to protect against any attacked of the subkey generation process that exploit the fixed and known subkeys. and because it could either be stored as part of the algorithm or derived when needed. to produce subkeys with the same entropy. such as an alphanumeric ASCII string with the bit of every byte set to 0. the initial plaintext value in the subkeygeneration process is fixed. so there is no better way to cryptanalyze the algorithm other than brute force. effectively adding 29 steps to any brute-force attack. ASCII text with the high bit of every byte a 0). If so. In the subkey generation process. The subkeys are too long to be stored on a massive tape. a longer alphanumeric key is required. The key bits are repeatedly XORed with the digits of pi in the initial P-array to prevent the following potential attack: Assume that the key bits are not repeated. but instead padded with zeros to extend it to the length of the P-array. But it works equally well on Handheld systems with a decent microprocessor. using the initial known subkeys. An attacker might find two keys that differ only in the 64-bit value XORed with P1 and P2 that. It also reduces storage requirements. so they would have to be generated by a brute-force cracking machine as required.

Cambridge Security Workshop Proceedings (December 1993). 191-204. 7 of 7 . Description of a New Variable-Length Key. B.PocketBrief References B. pp. 64-Bit Block Cipher (Blowfish) Fast Software Encryption. New York. Schneier. 1994. John Wiley & Sons. Schneier. Springer-Verlag. Applied Cryptography. 1994.

- documnentaionaessaikumar
- Encryption SaowaphakSaow Aphak
- Data Hiding System Using Cryptography & Steganography: A Comprehensive Modern InvestigationIRJET Journal
- BlowfishBridget Smith
- ask.pdfashwiniborse318
- Encryption Algorithmsremer666
- CURS 3. DES and Security of Block Ciphersfx_ww2001
- Cryptoapi-3760105
- Encryption of Text in Image over a Networkeditor3854
- A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Cloud StorageATS
- An efficient chaos-based chaotic maps using block encryption ciphers methodseventhsensegroup
- Cryptanalysis of a Public Key CryptosystemDexter Kamal
- INFORMATION SECURITY USING MODULATION TECHNIQUEIAEME Publication
- Blowfish Whyramachandra
- Security Enhanced Key Predistribution Scheme Using Transversal Designs and Reed Muller Codes for Wireless Sensor NetworksAIRCC - IJNSA
- Multi-Owner Data Sharingsuresh
- Term PaperRaul Aswal
- A Double Layer Encryption Algorithm based on DNA and RSA for Security on CloudIRJET Journal
- RSA and IDEA Security Algorithmszahra.shuaibi
- PythonCiorcian Ciorci
- IAETSD a Novel Approach to Provide the Security for Distributed Adaptive Networks Using RSA Algorithmiaetsdiaetsd
- 1Farman Ullah
- Different Attacks on Selective Encryption in RSA based Singular Cubic Curve with AVK and Their Possible SolutionsIDES
- samh gobranshark
- Surreptitiously Weakening Cryptographic SystemsAndy Greenberg
- 328abalis
- A Secure Erasure Code-Based Cloud Storage System With Secure Data Forwardingieeexploreprojects
- Ns w Sample Examलबेन्द्र कडेल
- Encryptionrajashekarpula
- private key hacking.pdfrqi11

- Privacy Preserving Authentication Scheme for VANET's Using HMAC AlgorithmInternational Journal for Scientific Research and Development
- Network Security & Cryptography MCQ'SGuruKPO
- A Novel Image Transmission Technique via MIS using an Advanced AES Algorithm with Chaotic map for Enhanced SecurityInternational Journal for Scientific Research and Development
- As 2805.6.1.1-2009 Electronic Funds Transfer - Requirements for Interfaces Key Management - PrinciplesSAI Global - APAC
- As 2805.5.1-1992 Electronic Funds Transfer - Requirements for Interfaces Ciphers - Data Encipherment AlgorithSAI Global - APAC
- Surreptitiously Weakening Cryptographic SystemsAndy Greenberg
- Computationally Efficient ID-Based Blind Signature Scheme in E-VotingInternational Journal for Scientific Research and Development
- A Survey On Achieving Cloud Data Sharing Using Key Aggregate Searchable EncryptionInternational Journal for Scientific Research and Development
- A Study on Statistical Analysis and Security Evaluation Parameters in Image EncryptionInternational Journal for Scientific Research and Development
- A Robust Cryptographic System using Neighborhood-Generated KeysWhite Globe Publications (IJORCS)
- lavabit-aclu-amicus-13-1024.pdfAndrew Blake
- Review on variants of Security aware AODVInternational Journal for Scientific Research and Development
- Attribute-Based Encryption for Access of Secured Data in Cloud StorageInternational Journal for Scientific Research and Development
- The Security and Efficiency in Attribute-Based Data SharingInternational Journal for Scientific Research and Development
- An Efficient Approach for Securing Broker-Less Publish-Subscribe System Using Identity-Based Encryption SchemeInternational Journal for Scientific Research and Development
- WP2016 3-1 4 Blockchain SecurityCoinDesk
- As 2805.6.5.2-2000 Electronic Funds Transfer - Requirements for Interfaces Key Management - TCU InitializatioSAI Global - APAC
- Enhancement of DES Algorithm with Multi State LogicWhite Globe Publications (IJORCS)
- A Study of SAAS Model for Security SystemInternational Journal for Scientific Research and Development
- An Enhanced Image Cryptographic Method Based On AES Rijndael AlgorithmInternational Journal for Scientific Research and Development
- New Security Primitive Using CAPTCHA as Graphical Password against SpywareInternational Journal for Scientific Research and Development
- Ensuring Higher Security In Distributed Accountability For Data Sharing on The CloudInternational Journal for Scientific Research and Development
- Trapdoor Reduction on Sharing Group Data in Cloud using Aggregation Key SchemeInternational Journal for Scientific Research and Development
- DIFFIE-HELLMAN KEY EXCHANGE TECHNIQUE AND VIDEO STEGANOGRAPHY BASED ON LSBInternational Journal for Scientific Research and Development
- A Symmetric Key Generation for File Encryption and Protection using/by USB Storage DeviceInternational Journal for Scientific Research and Development
- As 2805.6.1.4-2009 Electronic Funds Transfer - Requirements for Interfaces Key Management - Asymmetric CryptoSAI Global - APAC
- Development and Analysis of High Data Rate Quality based Secured AODV-RC4 and AODV-RSA WSNsInternational Journal for Scientific Research and Development
- A Survey and Analysis Performance of Generating Key in CryptographyInternational Journal for Scientific Research and Development
- As NZS ISO IEC 11770.3-2008 Information Technology - Security Techniques - Key Management Mechanisms Using AsSAI Global - APAC
- Study of Symmetric Key Network Security AlgorithmsInternational Journal for Scientific Research and Development

- Traffic Simulation Datasramachandra
- Traffic Simulation Dataramachandra
- Web Caching Algramachandra
- Special Publication 800-58ramachandra
- UDP Applicationsramachandra
- Traffic Dataramachandra
- UML Basicsramachandra
- Background Voice Over Internet Protocol (VoIP) is a Technology Forramachandra
- Title of Dissertation:ramachandra
- Uds10 Uds100 User Guideramachandra
- The OSI Layersramachandra
- Web Caching Architramachandra
- TINY Algorithmramachandra
- Web Cachingramachandra
- Wake on LAN White Paperramachandra
- Planning, Development and Supportramachandra
- TCP-OSI Layers Dataramachandra
- Cryptanalysis of Microsoft’s Point-To-Point Tunneling Protocol (PPTP)ramachandra
- Page Replacement Algs Datagoodramachandra
- OT dataramachandra
- Password Authenticationramachandra
- Path Findramachandra
- Sh a 256ramachandra
- Sample Data of Int for Proramachandra
- Search Algorithmsramachandra
- SITE Commands on FTP Serverramachandra
- Sh a 1ramachandra
- Tea Tiny Algorithmramachandra
- Serial-spec in Javaramachandra
- Sdlc in Breiframachandra

Sign up to vote on this title

UsefulNot usefulClose Dialog## Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

Loading