Keywords: blowfish encryption strengths, blowfish encryption weaknesses, advantages blowfish algorithm
Blowfish is a keyed (piece of information that determines the functional output of a cryptographic algorithm or cipher), symmetric cryptographic block cipher. It was designed by Bruce Schneier in 1993. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm.
Blowfish is license-free and is available free for all uses. It is also a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use.
Blowfish is also one of the fastest block ciphers in public use, making it ideal for a product that functions on a wide variety of processors found in mobile phones as well as in notebook and desktop computers. The first implementation of the Blowfish Algorithm in LabVIEW. With this set of subvi’s one can encrypt data in LabVIEW without the need of external software. This can be used to send data securely over Data socket as well as TCP and UDP communications along with protect remote control systems from unauthorized access, by encrypting the control communications. .( B. Schneier, Applied Cryptography, John Wiley & Sons, New York, 1994.)
3.2 Strategies and Mechanisms
Blowfish has a 64-bit block size and a key length of somewhere from 32 bits to 448 bits. The algorithm consists of two parts. One is a key-expansion part and one more is a data- encryption part. Key expansion converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. It is a 16-round Feistel cipher and uses large key-dependent S-boxes (basic component of symmetric key algorithms which performs substitution). Each round consists of a keydependent permutation, and a keydependent substitution. It is also similar in structure to CAST-128, which uses fixed S-boxes.
Blowfish is suitable for application where the key does not change frequently, like a communication link or an automatic file encryptor. It is significantly faster than most encryption algorithm when on 32-bit microprocessor with large data caches. (Fast Software Encryption, Cambridge Security Workshop Proceedings December 1993)
3.3 The Feistel structure of Blowfish
A Fiestel network is a general method of transforming any function (generally called F- function) into a permutation. It was inented by Horst Fiestel and has been used in many block chiper designed.
The diagram below shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-array and four 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.
The diagram to the right shows Blowfish’s F-function. The function splits the 32-bit input into four eight-bit quarters, and uses the quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output.
Since Blowfish is a Feistel network, it can be inverted simply by XO7Ring P17 and P18 to the cipher text block, then using the P-entries in reverse order. Blowfish’s algorithm initialize with the P-array and S-boxes. The secret key is then XORed with the P-entries in order and then use the same method to encrypt all the zero string. The consequential ciphertext replaces P1 and P2 then encrypt the new P1 and P2 with the modified subkeys. Now the output is P3 and P4. Altogether Blowfish algorithm will repeat 521 times in order to calculate new subkeys for the P-array and the four S-boxes. It is about 4KB data is processed.
The blowfish uses a large number of subkeys. These keys must be precomputed before any data encryption or decryption.
The P-array consists of 18 32-bit subkeys:
P1, P2, P3…, P18.
There are four 32-bit S-boxes with 256 entries each:
S1,0, S1,1,…, S1,255;
S2,0, S2,1,..,, S2,255;
S3,0, S3,1,…, S3,255;
S4,0, S4,1,..,, S4,255.
Figure 3: Feistel Network
(John Wiley & Sons, New York, 1994)
As what mentioned above, blowfish has 16 rounds. The method of calculating it:
The input is a 64-bit data element, x.
Divide x into two 32-bit half: xL, xR.
Then, for i = 1 to 16:
xL = xL XOR Pi
xR = F(xL) XOR xR
Swap xL and xR
After the sixteenth round, swap xL and xR again to undo the last swap.
Then, xR = xR XOR P17 and xL = xL XOR P18.
Finally, recombine xL and xR to get the ciphertext.
3.4 Key Expansion
Key expansion converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. The figure and the explanation of the Key Explanation of Blowfish are showed below
Explanation for the Key Explanation of Blowfish figure :
Expand key to 576-bit
XOR with P array
Store results of 2 in P array
datal = 0x00000000;
datar = 0x00000000;
for (i = 0; i
bf_P[i] = datal;
bf_P[i + 1] = datar;
for (i = 0; i
for (j = 0; j
bf_S[i][j] = datal;
bf_S[i][j + 1] = datar;
3.5 Application That Use Blowfish Method
Below are the applications that using Blowfish Encryption:
AEdit : A free Windows word processor incorporating text encryption.
Coolfish: An encrypting text editor for Windows.
Foopchat: Encrypted chat and advanced file sharing using a client/server architecture.
JFile by Land-J Technologies: A database program for the PalmOS platform.
Freedom by Zero-Knowledge: Privacy for web browsing, e-mail, chat, telnet, and newsgroups.
JFile is one of the famous application that use blowfish method. JFile5 is the new version of the JFile. It is a flat-file database application for the PalmOS. There are 4 primary ‘views’ in JFile 5.0. First is Main View, where it is the view that shows a list of all the JFile 5 databases that are currently installed on the Palm device. Second is New/Modify Database Structure View, this is the view when we are creating a new database, or modifying the structure of an existing database. Here is where we have to set the field names, the field types, the database name, and other elements of the database structure. The third view is Database View, this is the view that presented along when we tap on a database name from the ‘Main View. The last view is Record View, this is the view that received when we tap a specific record from the ‘Database View’. In this JFile5 we can change the current method of security for each database by tapping the ‘lock’ icon of the database on the main screen. There are three levels of security for databases in JFile5. The first level is the green/open lock where at this level the database contains no security, any user accessing the device can view and edit the database. The second level is the orange/grey closed lock, at this level the database is protected by the Security application’s password (if it is set). To access this database, we will need to provide the password set in the Security application. This security level is appropriate for handing the Palm temporarily to a colleague so they won’t have easy access to the database, but the information is not encrypted in any way. The third level is the red/dark closed lock at this level we will choose an encryption password for the database. The entire database will be encrypted, and we MUST remember the password to access the database. Due to the encryption, certain operations within the database will be slower. In addition, we will need to insure that any PC/Mac side utilities that we use with JFile support the encryption method.
There are also some new features in this JFile5 where the maximum number of databases increased to 120 and it is improved use of color in the application compared to JFile4. There are 5 different sorts and filter settings can be saved for quick and easy usage, it is also easier to use because of the updated user interface. It is also has multiple locked columns for left/right scrolling in the main database view and the encryption of databases using 64-bit Blowfish algorithm. The VFS memory cards made easy movement of databases and have new calculated value field types. There are also default values for fields, read-only field options are also available with the Beam-Via-Coola (www.coola.com) support. They also enhanced resolution for Handera 330 devices, extensive keyboard input support and the Navigation of most common areas of JFile for JogDial equipped devices. The limitations for this JFile5 are 120 databases (1 in the demonstration version), 20 character maximum for field names, 50 fields maximum per databases, 4,000 characters per field of data, 10,000 characters per record of data and 16,000 records per database.
3.6 Hardware Architecture
Pipelining is a famous technique for improving the throughput of computers, by using parallel elements so that several instructions can be worked on simultaneously. The basic idea of pipelining is to begin carrying out a new instruction before execution of an old one is completed. When pipelining is used, the number of steps in the basic algorithm is less important than fitting the steps into a framework so that they can be performed in parallel. The figure of the pippelining implementation are showed below
These are processed separately (with delayed arithmetic carries – shown in the figure as carry) and then combined at the end of processing. Even though more clock cycles are needed, the speed of the clock can be greatly improved, because smaller adders are required at each stage, with smaller internal propagation delays.
(Malaysian Journal of Computer Science, Vol. 14 No. 1, June 2001, pp. 16-27)
These are some examples of blowfish hardware architecture
Figure 18: Chip Specifications
What is this table? Explanation needed
DecryptTable 1: Mode Specification
What is this figure? Explanation needed
The controller is implemented as a Finite State Machine and described in a behavioral Verilog model. The figure and the explanation of the Finite State Machine are showed below
Figure 20: FSM of Controller
(Bruce Schneier, “Applied Cryptography”, John Wiley & Sons, Inc. 1996)
Explanation of Finite State Machine figure :
e1: Finish loading data from ROM to SRAM
e2: Finish initialization and mode != 1
e3: Finish encryption and mode != 2
e4: Finish decryption and mode != 3
Datapath includes ROM modules, SRAM modules, and the main arithmetic units of Blowfish. The figure showed below is the architecture of the datapath
Figure 21 : The architecture of the datapath
Explanation for the figure of the architecture :
The A?A° string is mapped to ROM_P and ROM_S-box. The P-array is mapped to SRAM_P, and the four S-boxes are mapped to SRAM_Sbox. Because the size of SRAM module is 2n words, P1 and P18 are implemented as registers, and the others are mapped to 16?32 bits SRAM. We use a shift register under DataIn to expand 4-bit input to 64-bit input and a shift register over DataOut to reduce 64-bit output to 4-bit output. CORE implements the loop of the 16-round iteration. A pipeline stage is added to the output of the SRAM modules. The pipeline stages will double the performance of the Blowfish hardware but lead to the overhead of area.
3.7 Advantages and Drawbacks
Blowfish is one of the fastest block ciphers in general use, except when changing keys. Each new key requires pre-processing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others, such as SplashID. In an application, it’s actually a benefit especially the password-hashing method used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule. Blowfish is not subject to any patents and is therefore freely available for anyone to use. This has contributed to its popularity in cryptographic software.
The disadvantages of Blowfish are it must get key to the person out of band specifically not through the unsecured transmission channel. Each pair of users needs a unique, so as number of users increase, key management becomes complicated. For example N(N-1)/2 keys required. Blowfish can’t provide authentication and non-repudiation as two people have same key. It also has weakness in decryption process over other algorithms in terms of time consumption and serially in throughput