Post on 03-Apr-2018
7/28/2019 IDEA and Blowfish
1/31
1
International Data Encryption
Algorithm
7/28/2019 IDEA and Blowfish
2/31
2
Overview
DES algorithm has been a popular secret keyencryption algorithm and is used in manycommercial and financial applications. However,its key size is too small by current standards and
its entire 56 bit key space can be searched inapproximately 22 hours
IDEA is a block cipher designed by Xuejia Laiand James L. Massey in 1991
It is a minor revision of an earlier cipher, PES(Proposed Encryption Standard)
IDEA was originally called IPES (Improved PES)and was developed to replace DES
7/28/2019 IDEA and Blowfish
3/31
3
Overview (cont)
It entirely avoids the use of any lookuptables or S-boxes
IDEA was used as the symmetric cipher in
early versions of the Pretty Good Privacycryptosystem
7/28/2019 IDEA and Blowfish
4/31
4
Detailed description of IDEA
IDEA operates with 64-bit plaintext andcipher text blocks and is controlled by a128-bit key
Completely avoid substitution boxes andtable lookups used in the block ciphers
The algorithm structure has been chosen
such that when different key sub-blocksare used, the encryption process isidentical to the decryption process
7/28/2019 IDEA and Blowfish
5/31
5
Key generation
The 64-bit plaintext blockis partitioned into four 16-bit sub-blocks
six 16-bit key aregenerated from the 128-bit key. Since a furtherfour 16-bit key-sub-blocksare required for thesubsequent outputtransformation, a total of
52 (= 8 x 6 + 4) different16-bit sub-blocks have tobe generated from the128-bit key.
7/28/2019 IDEA and Blowfish
6/31
6
Key generation process
First, the 128-bit key is partitioned into eight 16-bit sub-blocks which are then directly used asthe first eight key sub-blocks
The 128-bit key is then cyclically shifted to theleft by 25 positions, after which the resulting128-bit block is again partitioned into eight 16-bitsub-blocks to be directly used as the next eightkey sub-blocks
The cyclic shift procedure described above isrepeated until all of the required 52 16-bit keysub-blocks have been generated
7/28/2019 IDEA and Blowfish
7/31
7
Encryption of the key sub-blocks
The key sub-blocks used for the encryption and
the decryption in the individual rounds are
shown in Table 1
7/28/2019 IDEA and Blowfish
8/31
8
Encryption the first four 16-bit key sub-blocks
are combined with two of the 16-bit plaintext blocks using additionmodulo 216, and with the other twoplaintext blocks usingmultiplication modulo 216 + 1
At the end of the first encryptionround four 16-bit values are
produced which are used as inputto the second encryption round
The process is repeated in each ofthe subsequent 7 encryptionrounds
The four 16-bit values produced atthe end of the 8th encryption
round are combined with the lastfour of the 52 key sub-blocksusing addition modulo 216 andmultiplication modulo 216 + 1 toform the resulting four 16-bitciphertext blocks
7/28/2019 IDEA and Blowfish
9/31
One Round of IDEA
Red-Multiply
Green- Add
Blue- XOR
9
7/28/2019 IDEA and Blowfish
10/31
10
Decryption
The computational process used for decryption
of the ciphertext is essentially the same as that
used for encryption
The only difference is that each of the 52 16-bitkey sub-blocks used for decryption is the inverse
of the key sub-block used during encryption
In addition, the key sub-blocks must be used in
the reverse order during decryption in order to
reverse the encryption process
7/28/2019 IDEA and Blowfish
11/31
11
Modes of operation
IDEA supports all modes of operation such as: Electronic Code Book (ECB) mode
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB) modes For plaintext exceeding this fixed size, the
simplest approach is to partition the plaintext intoblocks of equal length and encrypt each
separately. This method is named ElectronicCode Book (ECB) mode. However, ElectronicCode Book is not a good system to use withsmall block sizes (for example, smaller than 40bits)
7/28/2019 IDEA and Blowfish
12/31
Blowfish Algorithm
7/28/2019 IDEA and Blowfish
13/31
The Blowfish Encryption
Algorithm Blowfish is a keyed, symmetric block
cipher, designed in 1993 by Bruce
Schneier and included in a large number
of cipher suites and encryption products.(Wikipedia)
Blowfish is a symmetric block cipher that
can be used as a drop-in replacement forDES or IDEA. (Bruce Schneier)
7/28/2019 IDEA and Blowfish
14/31
The Blowfish Encryption
Algorithm (cont.) Blowfish was designed in 1993 by Bruce
Schneier as a fast, free alternative to
existing encryption algorithms.
It takes a variable-length key, from 32 bits
to 448 bits, making it ideal for both
domestic and exportable use.
7/28/2019 IDEA and Blowfish
15/31
7/28/2019 IDEA and Blowfish
16/31
The Blowfish Algorithm
There are two parts to this algorithm; A part that handles the expansion of the key.
A part that handles the encryption of the data.
The expansion of the key: break the original keyinto a set of subkeys. Specifically, a key of no morethan 448 bits is separated into 4168 bytes. There isa P-array and four 32-bit S-boxes. The P-arraycontains 18 32-bit subkeys, while each S-box
contains 256 entries. The encryption of the data: 64-bit input is denoted
with an x, while the P-array is denoted with a Pi(where i is the iteration).
7/28/2019 IDEA and Blowfish
17/31
The Blowfish Algorithm: Key
Expansion (cont) Blowfish has a 64-bit block size and a key
length of anywhere from 32 bits to 448 bits
(32-448 bits in steps of 8 bits; default 128
bits).
It is a 16-round Feistel cipher and uses
large key-dependent S-boxes. It is similar
in structure to CAST-128, which uses fixedS-boxes.
7/28/2019 IDEA and Blowfish
18/31
Blowfish Algorithm
The algorithm consists of two parts:
A key - expansion part.
A data - encryption part.
7/28/2019 IDEA and Blowfish
19/31
Blowfish Algorithm
Key expansion converts a key of at most 448
bits into several subkey arrays totaling 4168
bytes.
Data encryption occurs via a 16-round Feistel
network. Each round consists of a key-
dependent permutation, and a key- and data-
dependent substitution.
7/28/2019 IDEA and Blowfish
20/31
Subkey
The P-array consists of 18 32-bit subkeys:
P1, P2,..., P18.
There are four 32-bit S-boxes with 256 entries
each:
S1,0, S1,1,..., S1,255;
S2,0, S2,1,..,, S2,255;
S3,0, S3,1,..., S3,255;
S4,0, S4,1,..,, S4,255.
7/28/2019 IDEA and Blowfish
21/31
Sub
key Generation Do a bitwise XOR of P1 with K1, P2 with K2 etc, until
P18.
But P15=P15 XOR K1
Now take 14-bit Block, with all the 64 bits initialized tovalue 0.
Use the above P-arrays and S-boxes above to run the
blowfish encryption on the 64-bit all-zero values.
7/28/2019 IDEA and Blowfish
22/31
Encryption Algorithm
The input is a 64-bit data element, x. Divide x into two 32-bit halves: xL, xR
For i = 1 to 16:
xL = xL XOR Pi xR = F(xL) XOR xR
Swap xL and xR
Swap xL and xR (Undo the last swap.)
7/28/2019 IDEA and Blowfish
23/31
Encryption Algorithm
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR
Function F:
Divide xL into four eight-bit quarters: a, b, c, and d
F(xL) = ((S1,a + S2,b mod 232) XOR S3,c) + S4,
d mod 232
7/28/2019 IDEA and Blowfish
24/31
Encryption Algorithm
Begin
End
X/2 = xL and xR
xL = xL XOR Pi
xR = F(xL) XOR xR
For i = 1 to 16
swap xL and xR
xL = xL XOR P17
xR = xR XOR P18
Recombine xL and xR
swap xL and xR
I < 16Yes
No
7/28/2019 IDEA and Blowfish
25/31
Encryption Algorithm
Begin
End
xL/4 = a, b, c, d
where a, b, c, d are 8 bit quarters
F(xL) = ((S1, a + S2, b mod 2^32) XOR S3, c) + S4, d mod 2^23
7/28/2019 IDEA and Blowfish
26/31
Decryption Algorithm
Decryption is exactly the same as encryption,
except that P1, P2,..., P18 are used in the
reverse order.
7/28/2019 IDEA and Blowfish
27/31
The Blowfish Algorithm: Key
Expansion (cont) Initialize the P-array and S-boxes XOR P-array with the key bits. For example, P1
XOR (first 32 bits of key), P2 XOR (second 32 bits ofkey), ...
Use the above method to encrypt the all-zero string This new output is now P1 and P2
Encrypt the new P1 and P2 with the modifiedsubkeys
This new output is now P3 and P4 Repeat 521 times in order to calculate new subkeysfor the P-array and the four S-boxes
7/28/2019 IDEA and Blowfish
28/31
The Blowfish Algorithm
7/28/2019 IDEA and Blowfish
29/31
The Blowfish Algorithm:
Encryption (cont)
Diagram of Blowfish's F function
http://en.wikipedia.org/wiki/Image:BlowfishFFunction.png7/28/2019 IDEA and Blowfish
30/31
The Blowfish Algorithm (cont)
Blowfish's key schedule starts by initializing the P-arrayand S-boxes with values derived from the hexadecimaldigits of pi, which contain no obvious pattern.
The secret key is then XORed with the P-entries in order
(cycling the key if necessary). A 64-bit all-zero block isthen encrypted with the algorithm as it stands.
The resultant ciphertext replaces P1 and P2. Theciphertext is then encrypted again with the new subkeys,and P3 and P4 are replaced by the new ciphertext. This
continues, replacing the entire P-array and all the S-boxentries.
In all, the Blowfish encryption algorithm will run 521times to generate all the subkeys - about 4KB of data isprocessed.
7/28/2019 IDEA and Blowfish
31/31
Products that Use Blowfish (cont)
AEdit: A free Windows word processorincorporating text encryption.
Coolfish: An encrypting text editor for Windows.
Foopchat: Encrypted chat and advanced filesharing using a client/server architecture.
JFile by Land-J Technologies: A databaseprogram for the PalmOS platform.
Freedom by Zero-Knowledge: Privacy for webbrowsing, e-mail, chat, telnet, and newsgroups.
More: http://www.schneier.com/blowfish-products.html