Blowfish (cipher)

encryption method

Blowfish is a method of hiding information using keys and a symmetric block cipher. It was made in 1993 by Bruce Schneier. Since 1993 it has been included in a large number of security products. Blowfish is fast and has never been cryptanalytic broken. However, the AES method is more common.

Schneier made Blowfish as a general-purpose algorithm, to be used as a replacement for the old DES algorithm and to remove the problems and difficulties of other encryption algorithms. At the time Blowfish was released, many other algorithms were proprietary, or were secrets. Schneier has said that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."

Main features of the design include key-dependent S-boxes and a very complex key schedule. Blowfish is one of the fastest block ciphers used by many people, except when changing keys. Each new key needs to be pre-processed which takes the same time as encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This stops its use in certain applications (such as in the smallest embedded systems like the early smartcards), but it is not a problem in other applications. In one of the applications, it is actually good: the password-hashing method used in OpenBSD uses an algorithm that comes from Blowfish which makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks. See key strengthening.

Blowfish has a 64-bit block size and a variable key length from 0 up to 448 bits[1] It is a 16-round Feistel cipher and uses large key-dependent S-boxes. It is similar in structure to CAST-128, which uses fixed S-boxes.

In 1996, Serge Vaudenay found a known-plaintext attack needing 28r + 1 known plaintexts to break, where r is the number of rounds. Moreover, he also found a class of weak keys that can be detected and broken by the same attack with only 24r + 1 known plaintexts. This attack cannot be used against the regular Blowfish; it assumes knowledge of the key-dependent S-boxes. Vincent Rijmen, in his Ph.D. papers, introduced a second-order differential attack that can break four rounds and no more. Still there is no known way to break the full 16 rounds, apart from a brute-force search.[2] A sign extension bug in one of the published C code has been found in 1996.[3]

There is no good cryptanalysis on the full-round version of Blowfish known publicly till 2008. However, in 2007, Bruce Schneier noted that while Blowfish is still in use, he recommended using the new Twofish algorithm instead [4]

change

Notes and references

change
  1. Bruce Schneier (1994). "Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)" (HTML). Retrieved 2008-10-19. {{cite journal}}: Cite journal requires |journal= (help)
  2. Serge Vaudenay (1996). "On the Weak Keys of Blowfish". Archived from the original (PostScript) on 2007-11-04. Retrieved 2006-08-23. {{cite journal}}: Cite journal requires |journal= (help); More than one of |archivedate= and |archive-date= specified (help); More than one of |archiveurl= and |archive-url= specified (help)
  3. Bruce Schneier site mailing list (1996). "blowfish-bug" (Text). Retrieved 2008-10-19. {{cite journal}}: Cite journal requires |journal= (help)
  4. Dahna, McConnachie (2007-12-27). "Bruce Almighty: Schneier preaches security to Linux faithful". Computerworld. p. 3. Retrieved 2007-12-31. At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead.
  • Vincent Rijmen, "Cryptanalysis and design of iterated block ciphers", doctoral dissertation, October 1997.
  • Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish). Fast Software Encryption 1993: 191-204 [1].
  • Bruce Schneier, The Blowfish Encryption Algorithm—One Year Later, Dr. Dobb's Journal, 20(9), p. 137, September 1995 [2].
  • Serge Vaudenay, "On the weak keys of Blowfish," Fast Software Encryption (FSE'96), LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 27–32.

Other websites

change