7/28/2019 IDEA and Blowfish

1/31

1

International Data Encryption

Algorithm

7/28/2019 IDEA and Blowfish

2/31

2

Overview

DES algorithm has been a popular secret keyencryption algorithm and is used in manycommercial and financial applications. However,its key size is too small by current standards and

its entire 56 bit key space can be searched inapproximately 22 hours

IDEA is a block cipher designed by Xuejia Laiand James L. Massey in 1991

It is a minor revision of an earlier cipher, PES(Proposed Encryption Standard)

IDEA was originally called IPES (Improved PES)and was developed to replace DES

7/28/2019 IDEA and Blowfish

3/31

3

Overview (cont)

It entirely avoids the use of any lookuptables or S-boxes

IDEA was used as the symmetric cipher in

early versions of the Pretty Good Privacycryptosystem

7/28/2019 IDEA and Blowfish

4/31

4

Detailed description of IDEA

IDEA operates with 64-bit plaintext andcipher text blocks and is controlled by a128-bit key

Completely avoid substitution boxes andtable lookups used in the block ciphers

The algorithm structure has been chosen

such that when different key sub-blocksare used, the encryption process isidentical to the decryption process

7/28/2019 IDEA and Blowfish

5/31

5

Key generation

The 64-bit plaintext blockis partitioned into four 16-bit sub-blocks

six 16-bit key aregenerated from the 128-bit key. Since a furtherfour 16-bit key-sub-blocksare required for thesubsequent outputtransformation, a total of

52 (= 8 x 6 + 4) different16-bit sub-blocks have tobe generated from the128-bit key.

7/28/2019 IDEA and Blowfish

6/31

6

Key generation process

First, the 128-bit key is partitioned into eight 16-bit sub-blocks which are then directly used asthe first eight key sub-blocks

The 128-bit key is then cyclically shifted to theleft by 25 positions, after which the resulting128-bit block is again partitioned into eight 16-bitsub-blocks to be directly used as the next eightkey sub-blocks

The cyclic shift procedure described above isrepeated until all of the required 52 16-bit keysub-blocks have been generated

7/28/2019 IDEA and Blowfish

7/31

7

Encryption of the key sub-blocks

The key sub-blocks used for the encryption and

the decryption in the individual rounds are

shown in Table 1

7/28/2019 IDEA and Blowfish

8/31

8

Encryption the first four 16-bit key sub-blocks

are combined with two of the 16-bit plaintext blocks using additionmodulo 216, and with the other twoplaintext blocks usingmultiplication modulo 216 + 1

At the end of the first encryptionround four 16-bit values are

produced which are used as inputto the second encryption round

The process is repeated in each ofthe subsequent 7 encryptionrounds

The four 16-bit values produced atthe end of the 8th encryption

round are combined with the lastfour of the 52 key sub-blocksusing addition modulo 216 andmultiplication modulo 216 + 1 toform the resulting four 16-bitciphertext blocks

7/28/2019 IDEA and Blowfish

9/31

One Round of IDEA

Red-Multiply

Green- Add

Blue- XOR

9

7/28/2019 IDEA and Blowfish

10/31

10

Decryption

The computational process used for decryption

of the ciphertext is essentially the same as that

used for encryption

The only difference is that each of the 52 16-bitkey sub-blocks used for decryption is the inverse

of the key sub-block used during encryption

In addition, the key sub-blocks must be used in

the reverse order during decryption in order to

reverse the encryption process

7/28/2019 IDEA and Blowfish

11/31

11

Modes of operation

IDEA supports all modes of operation such as: Electronic Code Book (ECB) mode

Cipher Block Chaining (CBC)

Cipher Feedback (CFB)

Output Feedback (OFB) modes For plaintext exceeding this fixed size, the

simplest approach is to partition the plaintext intoblocks of equal length and encrypt each

separately. This method is named ElectronicCode Book (ECB) mode. However, ElectronicCode Book is not a good system to use withsmall block sizes (for example, smaller than 40bits)

7/28/2019 IDEA and Blowfish

12/31

Blowfish Algorithm

7/28/2019 IDEA and Blowfish

13/31

The Blowfish Encryption

Algorithm Blowfish is a keyed, symmetric block

cipher, designed in 1993 by Bruce

Schneier and included in a large number

of cipher suites and encryption products.(Wikipedia)

Blowfish is a symmetric block cipher that

can be used as a drop-in replacement forDES or IDEA. (Bruce Schneier)

7/28/2019 IDEA and Blowfish

14/31

The Blowfish Encryption

Algorithm (cont.) Blowfish was designed in 1993 by Bruce

Schneier as a fast, free alternative to

existing encryption algorithms.

It takes a variable-length key, from 32 bits

to 448 bits, making it ideal for both

domestic and exportable use.

7/28/2019 IDEA and Blowfish

15/31

7/28/2019 IDEA and Blowfish

16/31

The Blowfish Algorithm

There are two parts to this algorithm; A part that handles the expansion of the key.

A part that handles the encryption of the data.

The expansion of the key: break the original keyinto a set of subkeys. Specifically, a key of no morethan 448 bits is separated into 4168 bytes. There isa P-array and four 32-bit S-boxes. The P-arraycontains 18 32-bit subkeys, while each S-box

contains 256 entries. The encryption of the data: 64-bit input is denoted

with an x, while the P-array is denoted with a Pi(where i is the iteration).

7/28/2019 IDEA and Blowfish

17/31

The Blowfish Algorithm: Key

Expansion (cont) Blowfish has a 64-bit block size and a key

length of anywhere from 32 bits to 448 bits

(32-448 bits in steps of 8 bits; default 128

bits).

It is a 16-round Feistel cipher and uses

large key-dependent S-boxes. It is similar

in structure to CAST-128, which uses fixedS-boxes.

7/28/2019 IDEA and Blowfish

18/31

Blowfish Algorithm

The algorithm consists of two parts:

A key - expansion part.

A data - encryption part.

7/28/2019 IDEA and Blowfish

19/31

Blowfish Algorithm

Key expansion converts a key of at most 448

bits into several subkey arrays totaling 4168

bytes.

Data encryption occurs via a 16-round Feistel

network. Each round consists of a key-

dependent permutation, and a key- and data-

dependent substitution.

7/28/2019 IDEA and Blowfish

20/31

Subkey

The P-array consists of 18 32-bit subkeys:

P1, P2,..., P18.

There are four 32-bit S-boxes with 256 entries

each:

S1,0, S1,1,..., S1,255;

S2,0, S2,1,..,, S2,255;

S3,0, S3,1,..., S3,255;

S4,0, S4,1,..,, S4,255.

7/28/2019 IDEA and Blowfish

21/31

Sub

key Generation Do a bitwise XOR of P1 with K1, P2 with K2 etc, until

P18.

But P15=P15 XOR K1

Now take 14-bit Block, with all the 64 bits initialized tovalue 0.

Use the above P-arrays and S-boxes above to run the

blowfish encryption on the 64-bit all-zero values.

7/28/2019 IDEA and Blowfish

22/31

Encryption Algorithm

The input is a 64-bit data element, x. Divide x into two 32-bit halves: xL, xR

For i = 1 to 16:

xL = xL XOR Pi xR = F(xL) XOR xR

Swap xL and xR

Swap xL and xR (Undo the last swap.)

7/28/2019 IDEA and Blowfish

23/31

Encryption Algorithm

xR = xR XOR P17

xL = xL XOR P18

Recombine xL and xR

Function F:

Divide xL into four eight-bit quarters: a, b, c, and d

F(xL) = ((S1,a + S2,b mod 232) XOR S3,c) + S4,

d mod 232

7/28/2019 IDEA and Blowfish

24/31

Encryption Algorithm

Begin

End

X/2 = xL and xR

xL = xL XOR Pi

xR = F(xL) XOR xR

For i = 1 to 16

swap xL and xR

xL = xL XOR P17

xR = xR XOR P18

Recombine xL and xR

swap xL and xR

I < 16Yes

No

7/28/2019 IDEA and Blowfish

25/31

Encryption Algorithm

Begin

End

xL/4 = a, b, c, d

where a, b, c, d are 8 bit quarters

F(xL) = ((S1, a + S2, b mod 2^32) XOR S3, c) + S4, d mod 2^23

7/28/2019 IDEA and Blowfish

26/31

Decryption Algorithm

Decryption is exactly the same as encryption,

except that P1, P2,..., P18 are used in the

reverse order.

7/28/2019 IDEA and Blowfish

27/31

The Blowfish Algorithm: Key

Expansion (cont) Initialize the P-array and S-boxes XOR P-array with the key bits. For example, P1

XOR (first 32 bits of key), P2 XOR (second 32 bits ofkey), ...

Use the above method to encrypt the all-zero string This new output is now P1 and P2

Encrypt the new P1 and P2 with the modifiedsubkeys

This new output is now P3 and P4 Repeat 521 times in order to calculate new subkeysfor the P-array and the four S-boxes

7/28/2019 IDEA and Blowfish

28/31

The Blowfish Algorithm

7/28/2019 IDEA and Blowfish

29/31

The Blowfish Algorithm:

Encryption (cont)

Diagram of Blowfish's F function

http://en.wikipedia.org/wiki/Image:BlowfishFFunction.png

7/28/2019 IDEA and Blowfish

30/31

The Blowfish Algorithm (cont)

Blowfish's key schedule starts by initializing the P-arrayand S-boxes with values derived from the hexadecimaldigits of pi, which contain no obvious pattern.

The secret key is then XORed with the P-entries in order

(cycling the key if necessary). A 64-bit all-zero block isthen encrypted with the algorithm as it stands.

The resultant ciphertext replaces P1 and P2. Theciphertext is then encrypted again with the new subkeys,and P3 and P4 are replaced by the new ciphertext. This

continues, replacing the entire P-array and all the S-boxentries.

In all, the Blowfish encryption algorithm will run 521times to generate all the subkeys - about 4KB of data isprocessed.

7/28/2019 IDEA and Blowfish

31/31

Products that Use Blowfish (cont)

AEdit: A free Windows word processorincorporating text encryption.

Coolfish: An encrypting text editor for Windows.

Foopchat: Encrypted chat and advanced filesharing using a client/server architecture.

JFile by Land-J Technologies: A databaseprogram for the PalmOS platform.

Freedom by Zero-Knowledge: Privacy for webbrowsing, e-mail, chat, telnet, and newsgroups.

More: http://www.schneier.com/blowfish-products.html