. .
BLOWFISHENC: Blowfish Encryption Algorithm




1. Introduction:


An encryption algorithm plays an important role in securing the data in storing or transferring it. The encryption   algorithms are categorized into Symmetric (secret) and Asymmetric (public) keys encryption.


  • In Symmetric key encryption or secret key encryption[1], only one key is used for both encryption and decryption of data.

                 Eg: Data encryption standard(DES), Triple DES, Advanced Encryption Standard(AES) and Blowfish                                   Encryption Algorithm

  • In asymmetric key encryption or public key encryption[1] uses two keys, one for encryption and other for decryption.
                  Eg: RSA


2. Blowfish Encryption Algorithm[2]:


Blowfish was designed in 1993 by Bruce Scheier as a fast, alternative to existing encryption algorithms such AES, DES and 3 DES etc.


Blowfish is a symmetric block encryption algorithm designed in consideration with, 


  • Fast : It encrypts data on large 32-bit microprocessors at a rate of 26 clock cycles per byte.


  • Compact: It can run in less than 5K of memory. 


  • Simple: It uses addition, XOR, lookup table with 32-bit operands.


  • Secure: The key length is variable ,it can be in the range of 32~448 bits: default 128 bits key length.


  • It is suitable for applications where the key does not change often, like communication link or an automatic file encryptor.


  • Unpatented and royality-free.

The Feistel structure of Blowfish 

Fig 1: The Feistel structure of Blowfish

[Source: http://en.wikipedia.org/wiki/File:BlowfishDiagram.png ]

 2.1 Description of Algorithm:


Blowfish symmetric block cipher algorithm encrypts block data of 64-bits at a time.it will follows the feistel network and  this algorithm is divided into two parts.


                                              1. Key-expansion


                                   2. Data Encryption


2.1.1 Key-expansion


It will converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. Blowfish uses large number of subkeys.


             These keys are generate earlier to any data encryption or decryption.


                          The p-array consists of 18, 32-bit subkeys:




                           Four 32-bit S-Boxes consists of 256 entries each:


                                          S1,0, S1,1,………. S1,255


                                          S2,0, S2,1,……….. S2,255


                                          S3,0, S3,1,……….. S3,255


                                                    S4,0, S4,1,..............S4,255


Generating the Subkeys:

The subkeys are calculated using the Blowfish algorithm:


  1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344, etc.
  2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits. (For every short key, there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)
  3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).
  4. Replace P1 and P2 with the output of step (3).
  5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.
  6. Replace P3 and P4 with the output of step (5).
  7. Continue the process, replacing all entries of the P array, and then all four S-boxes in order, with the output of the continuously changing Blowfish algorithm.


In total, 521 iterations are required to generate all required subkeys. Applications can store the subkeys rather than execute this derivation process multiple times.


2.1.2 Data Encryption:  


It is having a function to iterate 16 times of network. Each round consists of key-dependent permutation and a key and data-dependent substitution. All operations are XORs and additions on 32-bit words. The only additional operations are four indexed array data lookup tables for each round.



                  Algorithm:Blowfish Encryption


                Divide x into two 32-bit halves: xL, xR


                              For i = 1to 16:


                                        xL = XL XOR Pi


                                        xR = F(XL) XOR xR


                                        Swap XL and xR


                                        Swap XL and xR (Undo the last swap.)


                                        xR = xR XOR P17


                             xL = xL XOR P18


                            Recombine xL and xR



Fig 2: Blowfish Encryption

[Source: http://i.cmpnet.com/embedded/gifs/2003/0308/0308feat2fig1.gif]


 Note: For more details about the Blowfish Encryption Algorithm, refer "References" tab


3. Products that are using Blowfish Algorithm[8] :


1. Blowfish Advanced CS by Markus Hahn[9]:


      File encryption and wipe utility for all Win32 systems. File browser, job automation, auto password confirmation,

     secure key setup with SHA-1, and data compression with LZSS. Uses Blowfish, Twofish, and Yarrow. Open source.


2. Access Manager by Citi-Software Ltd[10]


        A password manager for Windows. Free for personal use.


3. AEdit[11]:


    A free Windows word processor incorporating text encryption.



For more information on Blowfish available given below,



Cite this Simulator:

..... .....
Copyright @ 2018 Under the NME ICT initiative of MHRD (Licensing Terms)
 Powered by AmritaVirtual Lab Collaborative Platform [ Ver 00.12. ]