Knowledgebase: Old articles
BlowFish (EN)
Posted by , Last modified by AceBIT GmbH on 10 February 2018 12:27

BlowFish

BlowFish/TwoFish is a widespread security algorithm which was published by Bruce Schneier in the beginning of the year 1994. This algorithm works similar to DES and it uses block coding with blocks of a size of 64 bit. BlowFish was spread very fast after its publication, due to the fact that Bruce Schneier is one of the most famous cryptology experts and that this algorithm can be used without paying a licence fee. In addition, using this algorithm data can be en- and decoded with high speed. If the routine for BlowFish is implemented in software, a disk space of less than five kilobytes is sufficient. You can vary the size of the key as as you like up to 448 bits. That is why this algorithm with its 2,448 different possibilities is protected against any brute force attacks.

This is how the encryption algorithm BlowFish works:

BlowFish defines two different S boxes, a P box and four S boxes. The P box P is a one-dimensional field with 18 32-bit values. The boxes contain accidental values, which are implemented in the code or generated during each initialization. The S boxes S1, S2, S3, S4 each contain 256 32-bit values.

The BlowFish initialization looks like this:

  • The key string is converted into 32-bit-values.
  • The entire content of the P box is substituted by the XOR-processed values
  • The P box is now encrypted like the S box.

BlowFish encryption (block size: 64 bits, rounds (r): 16):

  • The data element is divided into two parts L and R, each of 32 bit.
  • L is XOR-processed with P r.
  • R is XOR-processed with f(L).
  • L and R are interchanged.
  • This is done 16 times, until r =16.
  • R is XOR-processed with P 17.
  • L is XOR-processed with P 18.

Explanation of function f:

  • The incoming 32-bit-value (L in this case) is divided into four 8-bit-vectors: X1, X2, X3, X4.
  • With the help of these vectors a 32-bit value is selected from every S box.
  • The result is linked by addition and subjected to an XOR operation: S1 X1+S2 X2+S3 X3+S4 X4.

For decoding data, the entire process is performed vice versa.