Recent CP News

Blowfish : The Encryption Algorithm

#AlgoOfDay

Hey, Guys
This is the first post about #AlgoOfDay.
Learner is here with an amazing algorithm called BlowFish.
Let’s start talking about BlowFish..

What’s BlowFish?

Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard (AES) now receives more attention.
Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually.
Blowfish is known for both its tremendous speed and overall effectiveness as many claims that it has never been defeated. Meanwhile, vendors have taken full advantage of its free availability in the public domain.
Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. It’s definitely one of the more flexible encryption methods available.

Blowfish in Pseudocode

uint32_t P[18];
uint32_t S[4][256];

uint32_t f (uint32_t x) {
uint32_t h = S[0][x >> 24] + S[1][x >> 16 & 0xff];
return ( h ^ S[2][x >> 8 & 0xff] ) + S[3][x & 0xff];
}

void encrypt (uint32_t & L, uint32_t & R) {
for (int i=0 ; i<16 ; i += 2) { L ^= P[i]; R ^= f(L); R ^= P[i+1]; L ^= f(R); } L ^= P[16]; R ^= P[17]; swap (L, R); } void decrypt (uint32_t & L, uint32_t & R) { for (int i=16 ; i > 0 ; i -= 2) {
L ^= P[i+1];
R ^= f(L);
R ^= P[i];
L ^= f(R);
}
L ^= P[1];
R ^= P[0];
swap (L, R);
}

{
// …
// initializing the P-array and S-boxes with values derived from pi; omitted in the example
// …
for (int i=0 ; i<18 ; ++i)
P[i] ^= key[i % keylen];
uint32_t L = 0, R = 0;
for (int i=0 ; i<18 ; i+=2) {
encrypt (L, R);
P[i] = L; P[i+1] = R;
}
for (int i=0 ; i<4 ; ++i)
for (int j=0 ; j<256; j+=2) {
encrypt (L, R);
S[i][j] = L; S[i][j+1] = R;
}
}

How it Works?

This algorithm is divided into two parts.

  1. Key-expansion
  2. Data Encryption

Key Expansion

It will converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. These keys are generated earlier to any data encryption or decryption.

The p-array consists of 18, 32-bit subkeys:

P1,P2,………….,P18

Four 32-bit S-Boxes consists of 256 entries each:

S1,0, S1,1,………. S1,255

S2,0, S2,1,……….. S2,255

S3,0, S3,1,……….. S3,255

S4,0, S4,1,…………..S4,255

Example

Using the example code
Of course, firmware upgrades and data logs are seldom exactly 64 bits in length. To encrypt long strings of data using Blowfish, carve the message up into 64-bit blocks, encrypt each block and save the results. Pad the message with a value of your choosing to end on a 64-bit boundary. The code in the main() of Listing 2 does exactly this.
Listing 2: Example of Blowfish use

int  main (void)
{
BLOWFISH_CTX ctx;
int n;

/* must be less than 56 bytes */
char *key = “a random number string would be a better key”;
int keylen = strlen(key);

uint8_t *plaintext_string = “this is our message”;
int plaintext_len = strlen(plaintext_string);

uint8_t ciphertext_buffer[256];
uint8_t *ciphertext_string = &ciphertext_buffer[0];
int ciphertext_len = 0;

uint32_t message_left;
uint32_t message_right;
int block_len;

#if 1
/* sanity test, encrypts a known message */
n = Blowfish_Test(&ctx);
printf(“Blowfish_Test returned: %d.%s\n”, n, n ? ” Abort.” : “”);
if (n) return n;
#endif

Blowfish_Init(&ctx, key, keylen);

printf(“Plaintext message string is: %s\n”, plaintext_string);

/* encrypt the plaintext message string */
printf(“Encrypted message string is: “);

while (plaintext_len)
{
message_left = message_right = 0UL;

/* crack the message string into a 64-bit block (ok, really two 32-bit blocks); pad with zeros if necessary /
for (block_len = 0; block_len < 4;=”” block_len++)=””>
{
message_left = message_left <>
if (plaintext_len)
{
message_left += *plaintext_string++;
plaintext_len–;
}
else message_left += 0;
}
for (block_len = 0; block_len < 4;=”” block_len++)=””>
{
message_right = message_right <>
if (plaintext_len)
{
message_right += *plaintext_string++;
plaintext_len–;
}
else message_right += 0;
}
/
encrypt and print the results */
Blowfish_Encrypt(&ctx, &message_left, &message_right);
printf(“%lx%lx”, message_left, message_right);

/* save the results for decryption below /
ciphertext_string++ = (uint8_t)(message_left >> 24);
ciphertext_string++ = (uint8_t)(message_left >> 16);
ciphertext_string++ = (uint8_t)(message_left >> 8);
ciphertext_string++ = (uint8_t)message_left;
ciphertext_string++ = (uint8_t)(message_right >> 24);
ciphertext_string++ = (uint8_t)(message_right >> 16);
ciphertext_string++ = (uint8_t)(message_right >> 8);
*ciphertext_string++ = (uint8_t)message_right;
ciphertext_len += 8;
printf(“\n”);

/* reverse the process */
printf(“Decrypted message string is: “);

ciphertext_string = &ciphertext_buffer[0];
while(ciphertext_len)
{
message_left = message_right = 0UL;

for (block_len = 0; block_len < 4;=”” block_len++)=””>
{
message_left = message_left <>
message_left += *ciphertext_string++;
if (ciphertext_len)
ciphertext_len–;
}
for (block_len = 0; block_len < 4;=”” block_len++)=””>
{
message_right = message_right <>
message_right += *ciphertext_string++;
if (ciphertext_len)
ciphertext_len–;
}

Blowfish_Decrypt(&ctx, &message_left, &message_right);

/* if plaintext message string padded, extra zeros here */

printf(“%c%c%c%c%c%c%c%c”,
(int)(message_left >> 24), (int)(message_left >> 16),
(int)(message_left >> 8), (int)(message_left),
(int)(message_right >> 24), (int)(message_right >> 16),
(int)(message_right >> 8), (int)(message_right));
}

printf(“\n”);

return 0;
}

Now is a good time to start thinking about adding data integrity and privacy capabilities to your embedded system. The Blowfish algorithm is an excellent choice for encryption, since it’s lightweight, public domain, and considered secure even after extensive analysis.

{Code With Code@ter}

Give Your Reviews




Leave a Reply