Blowfish (cipher)
From Academic Kids

Blowfish  
 
General  
Designer(s)  Bruce Schneier  
First published  1993  
Derived from    
Cipher(s) based on this design    
Algorithm detail  
Block size(s)  64 bits  
Key size(s)  32448 bits in steps of 8 bits; default 128 bits  
Structure  Feistel network  
Number of rounds  16  
Best cryptanalysis  
Four rounds of Blowfish are susceptible to a secondorder differential attack (Rijmen, 1997); for a class of weak keys, 14 rounds of Blowfish can be distinguished from a random permutation (Vaudenay, 1996). 
In cryptography, Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. While no effective cryptanalysis of Blowfish has been found to date, more attention is now given to block ciphers with a larger block size, such as AES or Twofish.
Schneier designed Blowfish as a generalpurpose algorithm, intended as a replacement for the aging DES and free of the problems associated with other algorithms. At the time, many other designs were proprietary, encumbered by patents or kept as government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."
Notable features of the design include keydependent Sboxes and a highlycomplex key schedule.
Contents 
The algorithm
Blowfish has a 64bit block size and a key length of anywhere from 32 bits to 448 bits. It is a 16round Feistel cipher and uses large keydependent Sboxes. It is similar in structure to CAST128, which uses fixed Sboxes.
The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18entry Parray and four 256entry Sboxes. The Sboxes accept 8bit input and produce 32bit output. One entry of the Parray is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused Pentries.
The diagram to the right shows Blowfish's Ffunction. The function splits the 32bit input into four eightbit quarters, and uses the quarters as input to the Sboxes. The outputs are added modulo 2^{32} and XORed to produce the final 32bit output.
Since Blowfish is a Feistel network, it can be inverted simply by XORing P_{17} and P_{18} to the ciphertext block, then using the Pentries in reverse order.
Blowfish's key schedule starts by initializing the Parray and Sboxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern. The secret key is then XORed with the Pentries in order (cycling the key if necessary). A 64bit allzero block is then encrypted with the algorithm as it stands. The resultant ciphertext replaces P_{1} and P_{2}. The ciphertext is then encrypted again with the new subkeys, and P_{3} and P_{4} are replaced by the new ciphertext. This continues, replacing the entire Parray and all the Sbox entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys  about 4KB of data is processed.
Cryptanalysis of Blowfish
There is no effective cryptanalysis of Blowfish known publicly as of 2004, although the 64bit block size is now considered too short, because encrypting more than 2^{32} data blocks can begin to leak information about the plaintext due to a birthday attack. Despite this, Blowfish seems thus far to be secure. While the short block size does not pose any serious concerns for routine consumer applications like email, Blowfish may not be suitable in situations where large plaintexts must be encrypted, as in data archival.
In 1996, Serge Vaudenay found a knownplaintext attack requiring 2^{8r + 1} known plaintexts to break, where r is the number of rounds. Moreover, he also found a class of weak keys that can be detected and broken by the same attack with only 2^{4r + 1} known plaintexts. This attack cannot be used against the full 16round Blowfish; Vaudenay used a reducedround variant of Blowfish. Vincent Rijmen, in his Ph.D. thesis, introduced a secondorder differential attack that can break four rounds and no more. There remains no known way to break the full 16 rounds, apart from a bruteforce search.
In 2005, Dieter Schmidt investigated the Blowfish key schedule and noted that the subkeys for the third and fourth round are independent of the first 64 bits of the user key [1] (http://eprint.iacr.org/2005/063).
Blowfish in practice
Blowfish is one of the faster block ciphers in widespread use, except when changing keys. Each new key requires preprocessing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others. In one application, it is actually a benefit: the passwordhashing method used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks.
In some implementations, Blowfish has a relatively large memory footprint of just over 4 kilobytes of RAM. This is not a problem even for older smaller desktop and laptop computers, but it does prevent use in the smallest embedded systems such as early smartcards.
Blowfish is not subject to any patents and is therefore freely available for anyone to use. This has contributed to its popularity in cryptographic software.
See also
References
 V. Rijmen, "Cryptanalysis and design of iterated block ciphers", Doctoral dissertation, October 1997.
 Bruce Schneier, Description of a New VariableLength Key, 64bit Block Cipher (Blowfish). Fast Software Encryption 1993: 191204 [2] (http://www.schneier.com/paperblowfishfse.html).
 Bruce Schneier, The Blowfish Encryption Algorithm  One Year Later, Dr. Dobb's Journal, 20(9), p. 137, September 1995 [3] (http://www.schneier.com/paperblowfishoneyear.html).
 S. Vaudenay, "On the weak keys of Blowfish," Fast Software Encryption (FSE'96), LNCS 1039, D. Gollmann, Ed., SpringerVerlag, 1996, pp. 2732.
External links
 Official Blowfish website (http://www.schneier.com/blowfish.html)
 List of Blowfish users (http://www.schneier.com/blowfishproducts.html)
 SCAN's entry for Blowfish (http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#Blowfish)
 Blowfish JavaScript implementation (http://aam.ugpl.de/node/1060)
 Blowfish PHP implementation (http://phpeinfach.de/sonstiges_generator_blowfish.php)
Block ciphers edit (https://academickids.com:443/encyclopedia/index.php?title=Template:Block_ciphers&action=edit) 
Algorithms: 3Way  AES  Akelarre  Blowfish  Camellia  CAST128  CAST256  CMEA  DEAL  DES  DESX  FEAL  FOX  FROG  GDES  GOST  ICE  IDEA  Iraqi  KASUMI  KHAZAD  Khufu and Khafre  LOKI89/91  LOKI97  Lucifer  MacGuffin  Madryga  MAGENTA  MARS  MISTY1  MMB  NewDES  RC2  RC5  RC6  REDOC  Red Pike  S1  SAFER  SEED  Serpent  SHACAL  SHARK  Skipjack  Square  TEA  Triple DES  Twofish  XTEA 
Design: Feistel network  Key schedule  Product cipher  Sbox  SPN Attacks: Brute force  Linear / Differential cryptanalysis  Mod n  XSL Standardisation: AES process  CRYPTREC  NESSIE Misc: Avalanche effect  Block size  IV  Key size  Modes of operation  Pilingup lemma  Weak key 