Blowfish (cipher): Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
(new article, moving text from block cipher)
 
mNo edit summary
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{PropDel}}<br><br>{{subpages}}
The '''Blowfish''' [[block cipher]]  
The '''Blowfish''' [[block cipher]]  
<ref>{{citation
<ref>{{citation
Line 13: Line 15:
The F function XORs the input with the 32-bit round key, splits the result into bytes and runs each byte through a different S-box to get four 32-bit results. Those are combined nonlinearly with x = ((a+b)^c)+d. As for [[Block_cipher#F_function_and_S-boxes|CAST]], the '''F function has ideal avalanche properties''' &mdash; every output bit depends nonlinearly on all input bits and all key bits. Complete avalanche &mdash; all 64 output bits depend on all 64 input bits &mdash; is achieved in three rounds.
The F function XORs the input with the 32-bit round key, splits the result into bytes and runs each byte through a different S-box to get four 32-bit results. Those are combined nonlinearly with x = ((a+b)^c)+d. As for [[Block_cipher#F_function_and_S-boxes|CAST]], the '''F function has ideal avalanche properties''' &mdash; every output bit depends nonlinearly on all input bits and all key bits. Complete avalanche &mdash; all 64 output bits depend on all 64 input bits &mdash; is achieved in three rounds.


Blowfish [[Block cipher#S-boxes|S-boxes]] are key-dependent, randomly generated at cipher setup time. They are not as nonlinear as the carefully optimised [[Cast cipher|CAST]] S-boxes, but they have the advantage of being unknown to an attacker and they are, with overwhelming probability, nonlinear enough. The key scheduling starts with a round key array of 18 32-bit entries (16 actual round keys plus 64 bits for [[#Whitening_and_tweaking|whitening]]) and four S-boxes, all initialised with apparently random bits derived from an expansion of pi. XOR the primary key into the round key array; the key can be any size up to the 576 bits of that array, Then run the cipher repeatedly and use the output to change both the round keys and the S-boxes; this takes 521 cipher iterations.
Blowfish [[Block cipher#S-boxes|S-boxes]] are key-dependent, randomly generated at cipher setup time. They are not as nonlinear as the carefully optimised [[CAST cipher|CAST]] S-boxes, but they have the advantage of being unknown to an attacker and they are, with overwhelming probability, nonlinear enough. The key scheduling starts with a round key array of 18 32-bit entries (16 actual round keys plus 64 bits for [[#Whitening_and_tweaking|whitening]]) and four S-boxes, all initialised with apparently random bits derived from an expansion of pi. XOR the primary key into the round key array; the key can be any size up to the 576 bits of that array, Then run the cipher repeatedly and use the output to change both the round keys and the S-boxes; this takes 521 cipher iterations.


For some applications, this key setup is inconveniently expensive; Blowfish may not be the best choice if keys need to be changed often. However, the actual encryption and decryption are fast.
For some applications, this key setup is inconveniently expensive; Blowfish may not be the best choice if keys need to be changed often. However, the actual encryption and decryption are fast.


The cipher is freely available for any use. It has a home page; see [[Block_cipher/External_Links#Homepages_for_block_ciphers | external links]].
The cipher is freely available for any use. It has a [http://www.schneier.com/blowfish.html home page].
 
There are later block ciphers from Schneier and co-workers named [[Twofish]] (a candidate in the [[AES competition]]) and [[Threefish]] (used in the [[Skein (hash algorithm) | Skein hash]], a candidate in the [[AHS competition]]). Except for the names, these bear little resemblance to Blowfish.
 
== References ==
{{reflist|2}}[[Category:Suggestion Bot Tag]]

Latest revision as of 17:01, 19 July 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

The Blowfish block cipher [1] was designed by Bruce Schneier. It is a Feistel cipher with 64-bit blocks and 16 rounds. Supported key sizes are 32 to 576 bits; at least 128 is recommended.

The F function XORs the input with the 32-bit round key, splits the result into bytes and runs each byte through a different S-box to get four 32-bit results. Those are combined nonlinearly with x = ((a+b)^c)+d. As for CAST, the F function has ideal avalanche properties — every output bit depends nonlinearly on all input bits and all key bits. Complete avalanche — all 64 output bits depend on all 64 input bits — is achieved in three rounds.

Blowfish S-boxes are key-dependent, randomly generated at cipher setup time. They are not as nonlinear as the carefully optimised CAST S-boxes, but they have the advantage of being unknown to an attacker and they are, with overwhelming probability, nonlinear enough. The key scheduling starts with a round key array of 18 32-bit entries (16 actual round keys plus 64 bits for whitening) and four S-boxes, all initialised with apparently random bits derived from an expansion of pi. XOR the primary key into the round key array; the key can be any size up to the 576 bits of that array, Then run the cipher repeatedly and use the output to change both the round keys and the S-boxes; this takes 521 cipher iterations.

For some applications, this key setup is inconveniently expensive; Blowfish may not be the best choice if keys need to be changed often. However, the actual encryption and decryption are fast.

The cipher is freely available for any use. It has a home page.

There are later block ciphers from Schneier and co-workers named Twofish (a candidate in the AES competition) and Threefish (used in the Skein hash, a candidate in the AHS competition). Except for the names, these bear little resemblance to Blowfish.

References

  1. "Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)", Fast Software Encryption, Cambridge Security Workshop Proceedings: 191-204, December 1993