Presentation is loading. Please wait.

Presentation is loading. Please wait.

Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.

Published byAlison Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri."— Presentation transcript:

1 Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri

2 KEY TERMS  One-way hash function: Easy to compute a hash value from the input but hard to generate the input that hashes to a particular value.  Linear Cryptanalysis: uses linear approximations to describe the actions of a block cipher. Uses collected plain texts and associated cipher texts to guess the values of the key bits  Differential Cryptanalysis: Compare the pairs of cipher texts whose plain texts have particular differences. Analyzes these differences as the plain texts propagate through the rounds  Feistel Network: Divide the block of the length n into two halves. An iterated block cipher cab be defined as, L i = R i-1 R i = L i-1  f(R i-1,K i )  Avalanche Effect: Making the output bit depend on the input bit as quickly as possible  Reversible Functions: if f(x) = y then f(y) = x  Non-reversible Functions

3 DES – Data Encryption Standard  Implemented by IBM, 1976  56-bit key  64-bit block cipher  Symmetric Algorithm  16 iterations L i = R i-1 R i = L i-1  f(R i-1,K i )  Permutation functions & S-boxes are fixed  17 years (NSA involvement)

4  Weak keys  Complement keys E k (P) = C E k' (P') = C'  Differential cryptanalysis  Linear cryptanalysis  $1 million Machine (1993) – 3.5 hours  NSA can break DES in 3 to 15 minutes (rumor) Problems with DES

5 Unbroken algorithms  Khufu  REDOC II  IDEA  RC2  RC4  GOST  Skipjack

6 Areas of Application  Bulk Encryption  Random bit generation  Packet Encryption  Hashing

7 Platforms  Special hardware  Large processors  Medium size processors  Small processors

8 Additional Requirements  Simple to code  Flat key space  Easy Key Management  Security  Byte sized blocks

9 Design Decisions  Manipulation in terms of blocks(32-bit size)  64-bit or 128 bit block size  Scalable key from 32 to at least 256 bits  Simple operations  8-bit processors  Variable number of iterations  No weak keys  Sub key one way hash of the key  No linear structures  Simple Design – Feistel iterated block cipher  FEAL, Khufu, RC2, GOST and MMB

10 Building Blocks  Large S-boxes  Key-dependent S-boxes  Operations XOR mod 2 16, addition mod 2 16 and multiplication mod 2 16 + 1  Key dependent Permutations

11 Design Criteria For BLOWFISH  Fast  Compact  Simple  Variably Secure

12 BLOWFISH  Variable-length key, 64-bit block cipher  Key can be up to 448 bits  Algorithm Key Expansion Data Encryption  16-round Feistel Network key dependent permutation key and data dependent permutation  All operations are XORs and additions on 32-bit words

13 Subkeys 1. The P-array consists of 18 32-bit subkeys P 1, P 2, P 3, ………., P 18 2. 32-bit S-boxes with 256 entries each S 1,0,S 1,1 ……….,S 1,255 S 2,0,S 2,1 ……….,S 2,255 S 1,0,S 1,1 ……….,S 3,255 S 1,0,S 1,1 ……….,S 4,255

14 Algorithm for Encryption 1. Divide x into two 32-bit halves: X L, X R 2. For i = 1 to 16 X L = X L XOR P i X L = X L XOR P i X R = F(X L ) XOR X R X R = F(X L ) XOR X R Swap XL and XR Swap XL and XR 3. Swap XL and XR (undo the last Swap) 4. XR = XR XOR P17 5. XL = XL XOR P18 6. Recombine XL and XR

15 F F F PLAIN TEXT CIPHER TEXT 13 More Iterations 32 bits P1P1 P2P2 P16 P18 P17 64 bits

16 S-box 1 S-box 2 S-box 3 S-box 4 32 bits 8 bits 32 bits Function F F(X L ) = ((S 1,a + S 2,b mod 2 32 ) XOR S 3,c ) + S 4,d mod 2 32 )

17 Generating Subkeys: 1. Initialize first the P-array and then the four S-boxes, in order with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3) Ex: P 1 = 0X243f6a88 P 2 = 0X85a308d3 P 2 = 0X85a308d3 P 3 = 0X13198a2e P 3 = 0X13198a2e P 4 = 0X03707344 P 4 = 0X03707344 2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key(possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits(For every short key, there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent key)

18 3.Encrypt the all zero string with Blowfish algorithm, using the subkeys described in steps 1 and 2 4.Replace P 1 and P 2 with the output of step 3 5. Encrypt the output of step 3 using Blowfish algorithm with the modified subkeys 6. Replace P 3 and P 4 with the output of step 5 7.Continue the process, replacing all the entries of the P-array, and then all four S-boxes in order, with the output of the continuously-changing Blowfish algorithm Total number of iterations: 521

19 MINI-BLOWFISH  Mini-Blowfish : defined for cryptanalysis  Blowfish-32 : 32-bit block size, subkey array of 16-bit entries S-box : 16 entries  Blowfish-16 : 16-bit block size, subkey arrays of 8-bit entries S-box : 4 entries Mini-blowfish

20 Design Decisions  Simple design  Compatibility with existing algorithm  Scalability  Mini-Blowfish : useful for cryptanalysis  Operations : XOR, ADD, and MOV  Feistel Network: XOR – Reversible function Function F: Non-Reversible Function  4 XORs into single XOR R' 1,i+1 = R 1,i+1  R 2,i-1  R 3,i  R 4,i  Complicated reversible functions  Avalanche effect – after every 2 rounds – Function F

21  Non-reversible function – strength, speed, and simplicity S-box with 2 32 entries of 32-bit each S-box with 2 32 entries of 32-bit each key-dependent S-boxes  4 S-boxes instead of one S-box to avoid symmetries 4 S-boxes are faster, easier to program and more secure  Alternation of addition and XOR  Key-dependent S-boxes – protect against linear and differential attacks Structure of the S-boxes is hidden from the cryptanalyst Easy to implement – created on demand  Each bit in X L – input to one S-box(DES)

22  Function F: dependency on the iteration  Number of rounds: 16 Effects subkey generation process 16 iterations – maximum key length = 448 bits  Blowfish designed for large micro processors with large amount of memory  Subkey generation process is designed to preserve the entropy of the key and to distribute uniformly across subkeys  Digits of pi- random sequence digits of e, RAND tables, random generator  Subkeys change with every pair of the subkeys  448 limit on the key – every bit of the subkey depends on every bit of the key – P 15, P 16, P 17, and P 18 doesn’t affect every bit of cipher text, S-box - probability of affecting single cipher text block is 0.06  Possible attack is Brute force technique – 522 iterations of the encryption are required for testing a single key

23 Possible Simplifications  Fewer and small S-boxes  Fewer iterations Can reduce from 16 to 8 8-iteration algorithm can’t accept a key longer than 192 bits  On-the-fly subkey calculation

24 Attacks on Blowfish  No Successful attacks on Blowfish so far  Successful attack on 3-round Blowfish  Successful differential attack with known S-boxes  Discovery of weak keys

25 CONCLUSIONS  Blowfish is variable length key encryption  Non invertible function  Key dependent S-boxes  Feistel Networks  Possible attacks – Brute force  $1000 contest for best cryptanalysis of Blowfish  No known successful attacks till date  More than 150 products use Blowfish

26 References 1. “Applied Cryptography” by Bruce Schneier 2. www.schneier.com www.schneier.com

Download ppt "Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri."

Similar presentations

Keyed, symmetric block cipher Designed in 1993. Can be used as a drop-in replacement for DES.

Keyed, symmetric block cipher Designed in Can be used as a drop-in replacement for DES.
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
FEAL FEAL 1.

FEAL FEAL 1.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  

Similar presentations

Ads by Google