Live Journal about blowfish |

Blowfish is symmetric block cipher encryption algorithm designed by the famous IT security technologist, BT Chief Security Technology Officer, and author Bruce ‘Almighty’ Schneier in 1993. The Blowfish encryption algorithm operates on 64-bit bit blocks of plaintext and supports variable key lengths ranging from 32 up to 448 bits; the default key length is 128 bits.

The technicalities of the Blowfish algorithm are quite complex and involve Feistel ciphers using large key-dependent S-boxes. As there is no successful cryptanalysis attacks known a Blowfish secured message can only be cracked using brute-force. This, in turn, can be prevented by using 256-bit keys for example.

Please find in Bright Hub’s article Can AES Encryption be Cracked? why attempts of cracking Blowfish used in conjunction with a reasonable lenght key by means of brute force can be ruled out (The underlying maths principles have been translated in easy-to-understand language).

The benefits of Blowfish include that the algorithm is unpatented and royalty-free, without any licensing requirements. The same is true for Twofish, an AES finalists designed by Schneier et al’s Counterpane Labs, gradually replacing Blowfish encryption. Twofish, first published in 1998, is a symmetric key block cipher algorithm using a block size of 128 bits .

Twofish uses key lengths of 128 bit, 192 bit or 256-bit. The Twofish algorithm is similar to the Blowfish algorithm and applies 16 rounds of encryption to 64-bit bit blocks plaintext input. More about block ciphers and stream ciphers can be found in Bright Hub’s article Types of Encryption.

Depending on on the key length as well as whether Twofish is used for hardware based or software based encryption Twofish may outperform AES in terms of speed. Many people believe Rijndael has just become more popular than Twofish because it received more attention since it was chosen for Advanced Encryption Standard (AES) by NIST in 2001.

When I first presented Blowfish last year, Dr. Dobb’s Journal sponsored a cryptanalysis contest. There were five submissions in total, and I am pleased to present the most interesting results here.

John Kelsey developed an attack that could break 3-round Blowfish, but was unable to extend it. This attack exploits the F function and the fact that addition mod 232 and XOR do not commute. Vikramjit Singh Chhabra looked at ways of efficiently implementing a brute-force keysearch machine.

Serge Vaudenay examined a simplified variant of Blowfish, with the S-boxes known and not key-dependent. For this variant, a differential attack can recover the P-array with 28r+1 chosen plaintexts (r is the number of rounds). This attack is impossible for 8-round Blowfish and higher, since more plaintext is required than can possibly be generated with a 64-bit block cipher.

For certain weak keys that generate weak S-boxes (the odds of getting them randomly are 1 in 2¹⁴), the same attack requires only 24r+1 chosen plaintexts to recover the P-array (again, assuming the S-boxes are known). With unknown S-boxes, this attack can detect whether a weak key is being used, but cannot determine what it is (neither the S-boxes, the P-array, nor the key itself). This attack only works against reduced-round variants; it is completely ineffective against 16-round Blowfish.

Even so, the discovery of weak keys in Blowfish is significant. A weak key is one for which two entries for a given S-box are identical. There is no way to check for weak keys before doing the key expansion. If you are worried, you have to do the key expansion and check for identical S-box entries after you generate a Blowfish key. I don’t think it’s necessary, though.

Conclusion

No one has come close to developing an attack that breaks Blowfish. Even so, more cryptanalysis is required before pronouncing the algorithm secure. I invite others to continue analyzing the algorithm.