Blowfish Cipher Tutorials - Herong's Tutorial Examples

Blowfish Cipher Tutorials

- Herong's Tutorial Examples

v2.04, 2024

Herong Yang

Copyright © 2012-2024 Herong Yang. All rights reserved.

ISBN: 978-0-359-60478-4

This tutorial book is a collection of notes and sample codes written by the author while he was learning Blowfish cipher himself. Topics basic concepts of cipher and encryption; introduction of Blowfish cipher algorithm; 8366 Hex Digits of PI; Perl Crypt::Blowfish and Crypt::CBC, Crypt::CFB modules; OpenSSL Blowfish ciphers: bf-ecb, bf-cbc, bf-cfb, bf-ofb; PHP Mcrypt extension; Blowfish CFB-8 and OFB-8 operation modes. Updated in 2024 (Version v2.04) with minor changes.

Table of Contents

About This Book

Blowfish Cipher Algorithm

Blowfish Cipher Encryption Algorithm

Key Schedule (Sub-Keys and S-Boxes) Algorithm

Efficient Form of the Blowfish Algorithm

Blowfish Cipher Decryption Algorithm

Proof of Blowfish Cipher Algorithm

Blowfish Cipher Test Vectors

First 8336 Fractional Hex Digits of PI

piqpr8.c - Generating Hex Digits of PI

Perl Crypt::Blowfish Module

What Is Crypt::Blowfish

Installing Crypt::Blowfish 2.14 with ActivePerl

Crypt::Blowfish Behavior Tests

Secret Keys with Repeating Pattern

Crypt::Blowfish Verification with Test Vectors

Blowfish Test Vectors with 16-Byte Keys

Perl Crypt::ECB Perl Module

What is Crypt::ECB

Installing Crypt::ECB 1.45 with ActivePerl

Crypt::ECB Encryption with No Padding

Crypt::ECB Encryption Test Cases

Crypt::ECB Auto Padding

Perl Crypt::CBC Module

What is Crypt::CBC

Installing Crypt::CBC 2.33 with ActivePerl

Crypt::CBC Encryption with Literal Keys

Crypt::CBC Literal Key Error Cases

Crypt::CBC Encryption with Crypt::Blowfish Objects

Crypt::CBC Operation Simulation

Crypt::CBC Encryption Verification

Blowfish CBC 2-Block Test Vectors

Crypt::CBC Prepending IV to Ciphertext

Crypt::CBC Encryption with Salted Keys

Crypt::CBC Salted Key Test Cases

Crypt::CBC Secret Key and IV Algorithm

Crypt::CBC Encryption with Random Salt

Crypt::CBC Padding Options

Crypt::CBC Padding Option Tests

Crypt::CBC Blowfish Encryption Summary

Perl Crypt::CFB Perl Module

What is Crypt::CFB

Installing Crypt::CFB 0.02 with ActivePerl

Crypt::CFB with Default IV

Crypt::CFB Not Requiring Padding

Crypt::CFB Operation Simulation

OpenSSL enc -bf-ecb for Blowfish/ECB Encryption

What is OpenSSL

Installing OpenSSL for Windows

OpenSSL enc Blowfish Ciphers

Ways to Control Secret Key and IV

bf-ecb Cipher with Literal Key

bf-ecb Cipher on Multiple Blocks

Secret Key Padding and Truncation

bf-ecb Cipher with Salted Key

Salted Key Generation Algorithm

bf-ecb Cipher with Random Salt

OpenSSL Default Padding - PKCS#5

enc -bf-ecb Command Summary

OpenSSL enc -bf-cbc for Blowfish/CBC Encryption

bf-cbc Cipher with Literal Key

bf-cbc Cipher on Multiple Blocks

bf-cbc Encryption Verification

bf-cbc 2-Block Test Vectors

bf-cbc Cipher with Salted Key

bf-cbc Cipher with Random Salt

enc -bf-cbc Command Summary

OpenSSL enc -bf-cfb for Blowfish/CFB Encryption

bf-cfb Cipher with Literal Key

bf-cfb Cipher on Multiple Blocks

bf-cfb Encryption Verification

bf-cfb 2-Block Test Vectors

bf-cfb Cipher with Salted Key

bf-cfb Cipher with Random Salt

enc -bf-cfb Command Summary

OpenSSL enc -bf-ofb for Blowfish/OFB Encryption

bf-ofb Cipher with Literal Key

bf-ofb Cipher on Multiple Blocks

bf-ofb Encryption Verification

bf-ofb 2-Block Test Vectors

bf-ofb Cipher with Salted Key

bf-ofb Cipher with Random Salt

enc -bf-ofb Command Summary

PHP Mcrypt Extension for Blowfish

What is PHP Mcrypt Extension

PHP Mcrypt Blowfish Block Cipher

Mycrypt Blowfish Block Chaining Cipher

ncfb/nofb for Block Chaining Ciphers

Performing CFB Operation Manually

php_blowfish.php - PHP Blowfish Demo

Blowfish 8-Bit Cipher in PHP

CFB-8 (CFB Byte or 8-Bit) Cipher Operation

CFB-8 2-Block Test Vectors

OFB-8 (OFB Byte or 8-Bit) Cipher Operation

OFB-8 2-Block Test Vectors

References

Keywords: Blowfish, Cipher, Encryption

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟ About This Book

This section provides some detailed information about this book - Blowfish Cipher Tutorials - Herong's Tutorial Examples.

Title: Blowfish Cipher Tutorials - Herong's Tutorial Examples

Author: Herong Yang - Contact by email via herong_yang@yahoo.com.

Category: COMPUTERS / Security / Cryptography

Version/Edition: v2.04, 2024

Number of pages: 229

Description: This tutorial book is a collection of notes and sample codes written by the author while he was learning Blowfish cipher himself. Topics basic concepts of cipher and encryption; introduction of Blowfish cipher algorithm; 8366 Hex Digits of PI; Perl Crypt::Blowfish and Crypt::CBC, Crypt::CFB modules; OpenSSL Blowfish ciphers: bf-ecb, bf-cbc, bf-cfb, bf-ofb; PHP Mcrypt extension; Blowfish CFB-8 and OFB-8 operation modes. Updated in 2024 (Version v2.04) with minor changes.

Keywords: Blowfish, CBC, Cipher, Encryption, Perl, Crypt, OpenSSL, PHP, Mcrypt.

Copyright:

This book is under Copyright © 2012-2024 Herong Yang. All rights reserved.

Material in this book may not be published, broadcasted, rewritten or redistributed in any form.

The example codes is provided as-is, with no warranty of any kind.

Revision history:

Version v2.04, 2024. Minor updates.

Version v2.00, 2018. Added PHP tutorials.

Version v1.20, 2015. Added OpenSSL tutorials.

Version v1.10, 2013. Added Perl tutorials.

Version v1.00, 2012. First edition.

Web version: https://www.herongyang.com/Blowfish - Provides free sample chapters, latest updates and readers' comments. The Web version of this book has been viewed a total of:

193,026 times as of December 2023.

163,209 times as of December 2022.

133,790 times as of December 2021.

102,069 times as of December 2020.

74,224 times as of December 2019.

51,149 times as of December 2018.

31,173 times as of December 2017.

14,679 times as of December 2016.

PDF/EPUB version: https://www.herongyang.com/Blowfish/PDF-Full-Version.html - Provides information on how to obtain the full version of this book in PDF, EPUB, or other format.

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟ Blowfish Cipher Algorithm

Tutorial notes and example codes on Blowfish cipher algorithm. Topics include Blowfish encryption algorithm; Blowfish Sub-key and S-box generation schema; Blowfish decryption algorithm and proof; list of first 8336 hex digits of PI; C program to calculate hex digits of PI.

Blowfish Cipher Encryption Algorithm

Key Schedule (Sub-Keys and S-Boxes) Algorithm

Efficient Form of the Blowfish Algorithm

Blowfish Cipher Decryption Algorithm

Proof of Blowfish Cipher Algorithm

Blowfish Cipher Test Vectors

First 8336 Fractional Hex Digits of PI

piqpr8.c - Generating Hex Digits of PI

Takeaways:

Blowfish cipher is a 16-round and 64-bit block cipher.

18 Sub-keys and 4 S-boxes are derived from a given secret key and hexadecimal digits from constant PI.

Decryption algorithm is identical to the encryption algorithm except that Sub-keys are applied in reverse order.

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟ Blowfish Cipher Algorithm

∟ Blowfish Cipher Encryption Algorithm

The Blowfish cipher algorithm is presented based on the algorithm designer Bruce Schneier's technical paper. Blowfish cipher is 16-round and 64-bit block cipher.

Blowfish algorithm was developed by Bruce Schneier in 1993. Here is the Blowfish encryption algorithm presented in Bruce's paper Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish) at http://www.schneier.com/paper-blowfish-fse.html:

Input:

  T: 64 bits of plaintext

  P{1), P(2), ..., P(18): 18 sub-keys, 32 bits each

  F(): Round function

Output:

  C: 64 bits of ciphertext

Algorithm - Blowfish Encryption:

  C = Blowfish(T), Blowfish round process defined as:

      (xL, xR) = T, dividing T into two 32-bit parts

      Loop on i from = 1 to 16

        xL = xL XOR P(i)

        xR = F(xL) XOR xR

        Swap xL and xR

      End of loop

      Swap xL and xR

      xR = xR XOR P(17)

      xL = xL XOR P(18)

      C = (xL, xR), combine xL, xR into 64-bit block

The round function F(A) is defined as:

Input:

  A: 32-bit input data

  S1[], S2[], S3[], S4[]: 4 S-box lookup tables, 256 bits each

Output

  B: 32-bit output data

Algorithm

  (a, b, c, d) = A, dividing A into four 8-bit parts

  B = ( (S1[a] + S2[b] mod 2**32) XOR S3[c] ) + S[d] mod 2**32

As you can see from the algorithm, Blowfish is clearly a 16-round and 64-bit block cipher.

See next tutorials on how Sub-keys P{1), P(2), ..., P(18) and S-boxes S1[], S2[], S3[], S4[] are constructed.

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟ Blowfish Cipher Algorithm

∟ Key Schedule (Sub-Keys and S-Boxes) Algorithm

The Blowfish Key Schedule (Sub-Keys Generation) algorithm is provided to generate 18 Sub-keys and 4 S-boxes, using user provided secret key and hexadecimal digits of the fractional portion of constant Pi, (3.1415927... - 3) = 0.1415927... as input.

In the previous tutorial, we left two parts undefined in the Blowfish encryption algorithm:

18 Sub-keys: P{1), P(2), ..., P(18) - Each Sub-key is 32 bits long.

4 S-boxes: S1[], S2[], S3[], S4[] - Each S-box has 256 elements. Each element is 32 bits long.

Here is the suggested Blowfish key schedule algorithm, which should be used to construct 18 Sub-keys and 4 S-boxes:

Input:

  K: The key - 32 bits or more

  PI: The binary representation of the fractional portion of pi

      = 3.1415927... - 3.0

      = 2/16 + 4*/16**2 + 3/16**3 + 15/16**4 + ...

      = 0x243f6a8885a308d313198a2e03707344...

Output:

  P1, P2, ..., P18: 18 32-bit sub-keys

  S1[], S2[], S3[], S4[]: 4 S-boxes, 32-bit 256-element arrays

Algorithm - Blowfish Key Schedule Generation:

  (P1, P2, ..., P18, S1[], S2[], S3[], S4[]) = PI

  K' = (K, K, K, ...), Repeat the key to 18*32 bits long

  (P1, P2, ..., P18) = (P1, P2, ..., P18) XOR K'

  T = (0x000000, 0x000000), Setting initial clear text

  T = Blowfish(T), Applying Blowfish process

  (P1, P2) = T, Updating first two sub-keys

  T = Blowfish(T), Applying Blowfish process

  (P3, P4) = T

  ......

  T = Blowfish(T)

  (P17, P18) = T

  T = Blowfish(T)

  (S1[0], S1[1]) = T

  T = Blowfish(T)

  (S1[2], S1[3]) = T

  ......

  T = Blowfish(T)

  (S1[254], S1[255]) = T

  T = Blowfish(T)

  (S2[0], S2[1]) = T

  ......

  T = Blowfish(T)

  (S4[254], S4[255]) = T

Note that:

To initialize 18 sub-keys and 4 S tables, we need 18*32 + 4*256*32 = 576 + 32768 = 33344 binary digits of PI, or 33344/4 = 8336 hex digits of PI.

To finalize 18 sub-keys and 4 S tables, we need to apply Blowfish algorithm (18+4*256)/2 = 1042/2 = 521 times.

The secret key, K, has an variable length from 32 bits to 18*32=576 bits (72 bytes) long.

The Blowfish process is used as part of the key schedule algorithm.

Now we have completed the entire Blowfish encryption algorithm, which takes a give secret key, constructs Sub-keys and S-boxes, then apply the Blowfish process on the given 64-bit block.

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟ Blowfish Cipher Algorithm

∟ Efficient Form of the Blowfish Algorithm

A more efficient form of the Blowfish Algorithm is presented with the 16-round loop expanded inline to avoid the 'Swap' step.

If you look at the Blowfish process again, you will see that the performance can be improved if the 16-round loop is expanded inline to avoid the Swap xL and xR step.

Here is a more efficient form of the Blowfish algorithm without loop as mentioned in the BlowfishJ implementation developed by Markus Hahn, http://come.to/hahn:

Input:

  T: 64 bits of clear text

  P1, P2, ..., P18: 18 sub-keys

  F(): Round function

Output:

  C: 64 bits of cipher text

Algorithm - Blowfish Encryption:

  C = Blowfish(T), Blowfish round process without loop defined as:

      (L, R) = T, dividing T into two 32-bit parts

      L = L XOR P1

      R = R XOR F(L) XOR P2

      L = L XOR F(R) XOR P3

      R = R XOR F(L) XOR P4

      L = L XOR F(R) XOR P5

      R = R XOR F(L) XOR P6

      L = L XOR F(R) XOR P7

      R = R XOR F(L) XOR P8

      L = L XOR F(R) XOR P9

      R = R XOR F(L) XOR P10

      L = L XOR F(R) XOR P11

      R = R XOR F(L) XOR P12

      L = L XOR F(R) XOR P13

      R = R XOR F(L) XOR P14

      L = L XOR F(R) XOR P15

      R = R XOR F(L) XOR P16

      L = L XOR F(R) XOR P17

      R = R XOR P18

      C = (R, L), combine R and L into 64-bit block

As you can see, the Swap L and R step is no longer needed.

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟ Blowfish Cipher Algorithm

∟ Blowfish Cipher Decryption Algorithm

The Blowfish cipher decryption algorithm is presented. It is identical to the encryption algorithm, except that Sub-keys, P1, P2, ..., P18, are applied in reverse order.

The decryption algorithm of a block cipher is usually identical to encryption algorithm step by step in reverse order. But for the Blowfish cipher, the encryption algorithm is so well designed, that the decryption algorithm is identical to the encryption algorithm step by step in the same order, only with the sub-keys applied in the reverse order.

Here is the Blowfish decryption algorithm with the 16-round loop expanded inline:

Input:

  CC: 64 bits of ciphertext

  P1, P2, ..., P18: 18 sub-keys

  F(): Round function

Output:

  TT: 64 bits of plaintext

Algorithm - Blowfish Decryption:

  (LL, RR) = CC, dividing CC into two 32-bit parts

  LL = LL XOR P18

  RR = RR XOR F(LL) XOR P17

  LL = LL XOR F(RR) XOR P16

  RR = RR XOR F(LL) XOR P15

  LL = LL XOR F(RR) XOR P14

  RR =