Cryptography Reference
In-Depth Information
Analysis and Summary
Blowfish differs in its decryption from most block ciphers, such as DES,
in that it does not reverse the order of encryption but follows it. The sub-
keys are, as is usual with most block ciphers, used in reverse order. Also,
unlike DES, the S-boxes in Blowfish are key-dependent, and subkeys as well as
S-boxes are created by repeated execution of the Blowfish enciphering trans-
formation itself. This has proven to be a strength against cryptanalysis. In
comparison with how most Feistel ciphers work on only
one
half of the blocks
in each round, Blowfish works on
both
halves in each round, again adding to
strength against cryptanalysis. This would explain why the cipher is being
used in over 150 products thus far. (This is according to Schneier's Web site
http://www.schneier.com/blowfish.html
. The reader may also download a free
source copy of Blowfish from the site, since it is unpatented, royalty-free, and no
license is required, all of which were part of Schneier's intentions in the design
of Blowfish.) Additionally, Blowfish is extremely fast to execute, much faster
than DES, or triple DES. (To see timings and verify this, see Schneier's Web
site referenced above.)
There is a notion shared by DES and other block ciphers such as Blowfish,
called the
avalanche effect
, which means that the change of a single input bit
amplifies into a change in about half the bits of ciphertext. The way this works
in a block cipher with many rounds is that a change in a single bit of input
generally results in many bit changes after one round, even more bit changes
after another round, until, eventually, about half of the block will change. The
analogy from which the name is derived is to an avalanche involving snow, where
a tiny preliminary snowslide can result in a dramatic deluge of snow. Perhaps
Feistel said it best in the 1973
ScientificAmerican
article [81, page 22]: “As the
input moves through successive layers the pattern of 1's generated is amplified
and results in an unpredictable avalanche. In the end the final output will have,
on average, half 0's and half 1's
...
”. Blowfish has a very strong avalanche effect
since, in the
j
th round, every bit of the left side of the data affects every bit of
the right, and every subkey bit is affected by every key bit. The result is that
the function
F
has the best possible avalanche effect between the key
P
j
and the
right half of the data after each round. Moreover, Schneier deliberately made
F
independent of the rounds since the
P
-array already is round-dependent.
Since the Blowfish
S
-boxes are key-dependent, every bit of the input to
F
is used as input to only one
S
-box. DES, on the other hand, has several inputs
to two
S
-boxes, but the DES
S
-boxes are not key-dependent.
From Blowfish evolved a cipher designed by Schneier, and a team of others.
They called it
Twofish
. It became one of the five finalists for the successor to
AES, announced on August 9, 1999 by NIST (in round two of their competition).
In [85], Schneier and Ferguson (a member of the Twofish design team) make
arguments for the advantages of Twofish. Moreover, the entire team wrote a
topic on the cipher [241] to which the reader is referred for details. Yet, it was
not chosen as the AES. That distinction went to a
non
-Feistel cipher, which we
will present in the next section.
Search WWH ::
Custom Search