# What is Blowfish Algorithm in Cryptography?

May 23, 2018

In cryptographic circles, plaintext is the message we are trying to transmit. The process of encryption converts that plaintext message into ciphertext, and decryption converts the ciphertext back into plaintext. Encryption algorithms are technically classified in two broad categories- Symmetric key Cryptography and Asymmetric Key Cryptography.

In symmetric type of Cryptography, the key that is used for encryption is same as the key used in decryption. Examples of various symmetric key algorithms are Data encryption standard (DES), Triple DES, Advanced Encryption Standard (AES) and Blowfish Encryption Algorithm.

In Asymmetric Cryptography, two unique keys are used for encryption and decryption. One is public and the other one is private. Examples of various Asymmetric key algorithms are Elliptic-curve cryptography (ECC), Diffie–Hellman key exchange, Rivest-Shamir-Adleman (RSA), etc.

### Overview of blowfish Algorithm

Blowfish is another algorithm designed by Bruce Schneier in 1993 to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. It’s definitely one of the more flexible encryption methods available.

Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is unpatented and license-free, and is available free for all uses.

Each line – 32 bits. Algorithm keeps two sub-key arrays: The 18-entry P-array four 256-entry S-boxes. Sboxes accept 8-bit input Produce 32-bit output. One entry of P-array is used every round. After final round, each half of data block is XORed with one of the two remaining unused P-entries. The blowfish algorithm Manipulates data in large blocks.

Blowfish is a symmetric block encryption algorithm designed in consideration with,

• Fast: It encrypts data on large 32-bit microprocessors at a rate of 26 clock cycles per byte.
• Compact: It can run in less than 5K of memory.
• Simple: It uses addition, XOR, lookup table with 32-bit operands.
• Secure:The key length is variable, it can be in the range of 32~448 bits: default 128 bits key length.
• It is suitable for applications where the key does not change often, like communication link or an automatic file encryptor.
• Unpatented and royality-free

### Algorithm Description

Blowfish symmetric block cipher algorithm encrypts block data of 64-bits at a time.it will follows the feistel network and this algorithm is divided into two parts.

• Key-expansion
• Data Encryption

Key Expansion:-

#### Key-expansion:

It will converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. Blowfish uses large number of sub keys.

These keys are generate earlier to any data encryption or decryption. The p-array consists of 18, 32-bit subkeys:

P1P2,………….,P18

Four 32-bit S-Boxes consists of 256 entries each:

S1, 0, S1, 1, ………. S1, 255

S2, 0, S2, 1,……….. S2, 255

S3, 0, S3, 1,……….. S3, 255

S4, 0, S4, 1,………….. S4, 255

#### Generating the Subkeys:

The subkeys are calculated using the Blowfish algorithm:

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344, etc.
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits. (For every short key, there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.
6. Replace P3 and P4 with the output of step (5).
7. Continue the process, replacing all entries of the P array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.

In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys rather than execute this derivation process multiple times.

#### Data Encryption:

It is having a function to iterate 16 times of network. Each round consists of key-dependent permutation and a key and data-dependent substitution. All operations are XORs and additions on 32-bit words. The only additional operations are four indexed array data lookup tables for each round.

### References

[1] Sankeeth Kumar Chinta, “Blowfish”, Sept 18, 2015, available online at: http://cs.indstate.edu/~schinta/blowfish.pdf

[2] Schneier on Security, “The Blowfish Encryption Algorithm”, available online at: https://www.schneier.com/academic/blowfish/

[3] Bill Gatliff, “Encrypting data with the Blowfish algorithm encrypting data with the Blowfish algorithm”, available online at: https://www.design-reuse.com/articles/5922/encrypting-data-with-the-blowfish-algorithm.html

[4] Blowfish Encryption Algorithm: [Explanation with Examples], available online at: https://www.tips2secure.com/2016/02/blowfish-encryption.html

[5] “Blowfishenc: Blowfish Encryption Algorithm”, available online at: available online at: http://iitd.vlab.co.in/?sub=66&brch=184&sim=1147&cnt=1

$${}$$