How are subkeys generated in Blowfish algorithm?

Information SecuritySafe & SecurityData Structure

Blowfish is a symmetric block cipher algorithm invented by Brute Schneier in December 1993. Blowfish is a substitute of DES or IDEA. One of the most popular feistel network ciphers is Blowfish. Blowfish algorithm has 64-bit block size and variable key length from 42 bits to 448 bits. The algorithm includes a key-expansion part, and data-encryption part.

Blowfish create the key of at most 448 bits into several subkey arrays the total is 1042 32 bit values or 4168 bytes. It is a 16- round feistel system, which supports very high key-dependent S-boxes and enable 16 iterations.

Every round is adapted with a key and data dependent substitution and a keydependent permutation. The 32-bit words and XOR operations are implemented by additions. There is a P-array and four 32-bit S-boxes.

The P-array includes 18 of 32-bit sub keys, while each S-box includes 256 entries. The input is a 64 bit data element. The process of Sub key generation is as follows −

  • Blowfish creates use of a very large number of subkeys. These keys have to be ready before encryption and decryption appears. The key size field from 32 bits to 448 bits. In other terms, the key size ranges from 1 to 14 words, each including a word of 32 bits. These keys are saved in an array as follows −

    K1, K2,….Kn where 1 ≤ n ≤ 14

  • The concept of P-array including 18, 32-bit subkeys −


    Creation of the P-array is described subsequently.

  • There are four 32-bit S-Boxes includes 256 entries each −

    S1, 0, S1, 1… S1, 255

    S2, 0, S2, 1… S2, 255

    S3, 0, S3, 1… S3, 255

    S4, 0, S4, 1… S4, 255

    Creation of the P-array is defines subsequently.

  • It can initialize the P-array first, followed by the four S-boxes, with a fixed string.

  • P Array and the four S boxes is indicates as hexadecimal digits of Pi.

  • It can implement a bitwise XOR operations of P-array and with the K array reusing words from the K array required with the key bits (i.e., P1 XOR (thirty two bits of key), P2 XOR (thirty two bits of key).

  • It can encrypt the 64 bit block and use the following encryption process to encrypt the all-zeros with the common P and S arrays.

  • It can create the place of p1 and p2 with output of encryption and new output is termed as p1 and p2.

  • It can encrypt the output of step3 utilizing current P box and S box and transform p3 and p4 with resulting encrypted text and new output is termed as p3 and p4.

  • It can repeat the following steps until it can acquire all the elements of P array i.e P1, P2.

Updated on 15-Mar-2022 10:34:50