• ENCYRPTION TECHNIQUES
    AES FPE DES BLOWFISH TWOFISH SHA-1

    • BlowFish

    Description:

    Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative to DES Encryption Technique. It is significantly faster than DES and provides a good encryption rate with no effective cryptanalysis technique found to date. It is one of the first, secure block cyphers not subject to any patents and hence freely available for anyone to use.

    Following are few parameters related to it:

    • Block size: 64-bits
    • Key size: 32-bits to 448-bits variable size
    • Number of subkeys: 18 [P-array]
    • Number of rounds: 16
    • Number of substitution boxes: 4 [each having 512 entries of 32 bits each]
    • Blowfish requires about 5KB of memory.
    • Many cryptographers have examined Blowfish, although there are few published results. Serge Vaudenay examined weak keys in Blowfish; there is a class of keys that can be detected–although not broken–in Blowfish variants of 14 rounds or less.
    • Vincent Rijmen’s Ph.D. thesis includes a second-order differential attack on 4-round Blowfish that cannot be extended to more rounds.

    Algorithm:

    Steps of Encryption

    Following are the Steps which are followed during the encryption of data:

    1.Generation of Subkeys

    • 18 subkeys{P[0], P[1]…P[17]} are needed in both encryption as well as decryption process and the same subkeys are used for both the processes.
    • These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
    • Now each of the subkey is changed with respect to the input key as: P[0] = P[0] xor 1st 32-bits of input key P[1] = P[1] xor 2nd 32-bits of input key P[i] = P[i] xor (i+1)th 32-bits of input key [roll over to 1st 32-bits depending on the key length] P[17] = P[17] xor 18th 32-bits of input key (rolls over to 1st 32-bits depending on key length)
    • The resultant P-array Holds 18 subkeys that are used during the entire encryption process.

    2.Initialize Substitution Boxes

    • Four substitution boxes (S-boxes) are needed {S[0], S[1], .…, S[4]} In both encryption as well as decryption process with each S-box having 256 entries {S [i][0], S [i][1], .…, S [i][255],} Each entry is 32 bit.
    • It is initialised with the digits of Pi after initialising the P-array

    3.Encryption

    Encryption function consists of two parts:
    1)Rounds:
    Encryption consists of 16 rounds with each round namely R(i) now let the input be plain text PT from the previous round and corresponding subkey P[i].
    Description of each “Round” is as follows:

    Graphical representation of the blue fish algorithm appears in the figure about in this description or 64-bit plain text is first divided into 32-bits the left 32-bit are XORed with the first element of P-array to create a value called P`. Now this P` will run through the transformation function called F. When the resultant of this transformation function is XORed with right 32-bits of the message to produce a new value namely F`. F` then replaces the “Left” half of the message and P` replaces the “Right” half, and the process is then repeated for more 15 times with successive members of the P-array. The resulting P` and F`are then XORed Read the last two entries in the P-array (entries17 and 18), and recommended to produce 64-bit ciphertext.

    Description of of the function “F” is as follows

    A graphical representation of F appears in the figure above.The function divides 32-bit input into 4 bytes and uses those as indices into S-array. The lookup results are then added and XORed together to produce the output.

    2)Post-processing: Output after the rounds is processed as follows to generate the ciphertext:

    Steps of Decryption

    Following are the Steps which are followed during the decryption of data:

    • Generation of Subkeys
    • Initialize Substitution Boxes
    • Decryption

    As Blowfish is a symmetric algorithm the same procedure is used for decryption as well as for encryption the only difference is that the input to the encryption is a plain text whereas for decryption the input is ciphertext.

    The P-array and S-array values used by Blowfish are precomputed based on the user's key. In effect, the user's key is transformed into the P-array and S-array; the key itself may be discarded after the transformation. The P-array and S-array need not be recomputed as long as the key doesn't change, but must remain secret.