The Blowfish algorithm is the very first encryption algorithm which is symmetric. It was firstly used as an alternate algorithm for the DES algorithm. It was designed by Bruce Steiner in 1993. By symmetric, we mean that the algorithm uses the same key for encryption and decryption of the data. The algorithm is used to protect the sensitive data.
The symmetric encryption technique converts the given data into cipher text. Cipher text refers simply to the coded form of sensitive information generally used to prevent data leakage and for many other security purposes.
Use of Blowfish Algorithm
- The Blowfish algorithm is used today in many products, including password management tools, email interaction tools, and much more.
- Blowfish algorithm is used for DES encryption as it is significantly faster, safer and easier to implement.
- The primary speciality of the Blowfish algorithm is that no practical cryptanalysis has been found till today. In other words, this algorithm has no practical way to decode or understand the data encrypted by this algorithm.
- Cryptanalysis, in simple terms, is the technique to interpret the encrypted data used by usual hackers to barge into any encrypted database.
- Note that blowfish is not like the SHAS12 algorithm as it is not a hashing algorithm.
- Blowfish algorithm is open source and entirely in the public domain with no royalty charges and is more accessible and secure to use.
- Blowfish also follows Feistel structure, and the size of plain text to be encrypted by the blowfish algorithm is usually sixty-four bits.
- The storage required for storing the cipher key is variable (not fixed) but usually varies between 32 to 448 bits. Also, the default value or the size of any cipher key is 120 bit if not specified.
How are the keys expanded?
The procedure used for the transformation of the original key to sub-keys is explained step by step here in brief:
Your original key is divided into several sub-keys, usually 18. Once they are created, they are stored in the data structure called p array and are represented as P0, P1, .....Pn-1, ..., P17 respectively. Like the IDEA algorithm, the keys in the Blowfish algorithm are divided into several S boxes. Unlike the DES algorithm, the s-boxes in Blowfish algorithms are derived depending on the original key. In this algorithm, we derive 4 s boxes, each of which can hold approximately 512 entries of 32 bits each.
Steps to expand the original key
The first step for generating keys in the Blowfish algorithm is to initialize the data structures, P-array and S-boxes (substitution boxes). The value in p-array is initialized with the value of pi.
The 2nd and essential step is to fill the p-array. This is done by assigning the value in the follow way to each index in the p array.
P0= P0 XOR First 32 BITS OF ORIGINAL KEY. . . Pn= Pn XOR (n=1)th 32 BITS OF ORIGINAL KEY. . . P17= P17 XOR 18th(last) 32 BITS OF ORIGINAL KEY.
For example, the value of 1st sub-key P0 would equal the result of XOR between the initial value of P0 and the first 32 bits of the original key.
Encryption of data by the Blowfish algorithm
The central plain text to be encrypted by the Blowfish algorithm is firstly divided into two parts, and then a total of 16 rounds are performed to encrypt data in the Blowfish algorithm.
The step-by-step procedure for the encryption is:
- Divide the plane text into equal parts; left 32 bits and right part, 32 bits.
- Perform XOR operation on the left part with the nth sub-key. The result obtained is applied to a function f. We will look at this function separately for better clarity.
- After applying the function, the output received is passed as an input for XOR with the correct part.
- After performing the second step, the output received after the XOR between left and sub-key is now considered as the right part of the plain text, and similarly, the result from the right part is considered as left. Simply said, the values of the results are swapped.
- Iterate on steps 2, 3, and 4 up to the 16th sub-key (P15).
- After 16 rounds, the swapping of the results is paused, and each of the left and right parts is applied with the 17th and the 18th sub-key.
- The result from the 6th step is your final cipher text.