BLOWFISH ENCRYPTION

ALGORITHM
GROUP 4 PRESENTATION
GROUP 4 MEMBERS

1. Muhammad Habeeb Dankadai UG22CYB1033

2. Mujittapha Habib UG22CYB1002

3. Abdul Aziz Alkasim UG22CYB1013

4. Usman Rabiu Ammani UG22CYB1059

5. Muhammad Habibu Saleh UG22CYB1050

6. Ahmad Usman Jibril UG22CYB1053

7. Khalid Nuruddin Shuaib UG22CYB1005

8. Muhammad Abdul Aziz Ahmad UG22CYB1057

9. Aisha Muhammad Dayyib UG22CYB1037

10. Sulaiman Sunusi Umar UG22CYB1023

• 11. Magaji Jafaru Shuaibu UG22CYB1055
Introduction to
blowfish
encryption
algorithm
• Blowfish is a symmetric-key encryption
algorithm developed by renowned
cryptographer Bruce Schneier in 1993.
At the time, the dominant standard for
encryption was DES (Data Encryption
Standard), which had become
increasingly vulnerable due to its short
key length (56 bits) and reliance on
proprietary licensing. Schneier
designed Blowfish to be a fast, free,
and publicly available alternative that
anyone could use without patent
restrictions. The algorithm quickly
gained popularity in the 1990s and
early 2000s because of its open-
source nature, robust design, and
suitability for a variety of applications,
from software encryption to secure
communications.
BASIC PRINCIPLES
• Blowfish is a symmetric-key block cipher, which
means it uses the same secret key for both
encryption and decryption. This is in contrast to
asymmetric ciphers like RSA, which use a
public/private key pair. Blowfish operates on 64-bit
blocks of plaintext, meaning it processes 64 bits
(or 8 bytes) of data at a time. Its design
emphasizes speed and efficiency, especially on
general-purpose 32-bit processors, making it ideal
for environments where computational resources
are limited. The cipher can be embedded into
software without significant performance
penalties, which contributed to its widespread
adoption in early encryption tools.
KEY STRUCTURE
• One of Blowfish’s key strengths is its flexible key
length, which can range from 32 bits to 448 bits.
This allows users to choose a balance between
speed and security. During initialization, Blowfish
undergoes a key expansion process where the
input key is transformed into subkeys using a
complex algorithm. These subkeys are stored in P-
arrays and S-boxes (substitution boxes), which are
essential components of the cipher’s internal
structure. The S-boxes are large fixed tables that
provide non-linear substitutions, while the P-array
contains 18 32-bit subkeys that are used
throughout the encryption rounds. The initialization
phase is computationally expensive but only needs
to be done once per key.
FEISTEL NETWORK
STRUCTURE
• Blowfish uses a classic Feistel network
architecture, consisting of 16 rounds. In this
structure, the 64-bit data block is split into two
32-bit halves: Left (L) and Right (R). Each round
applies a round function (the F-function) to one
half and then XORs the output with the other
half. The halves are then swapped, and the
process continues for 16 iterations. This design
has two major benefits: it ensures that
decryption is simply the inverse of encryption
(by applying the same process with the subkeys
in reverse), and it allows the algorithm to be
implemented efficiently in both hardware and
software.
ENCRYPTION
PROCESS
• The Blowfish encryption process involves the
following steps:1. Initial key-dependent P-array and
S-box generation.2. The plaintext is divided into
Left (L) and Right (R) halves.3. For 16 rounds:L = L
XOR P[i]R = R XOR F(L)Swap L and R.4. After the
16th round, swap back the final L and R.5. Final
transformation:R = R XOR P[17]L = L XOR P[18]The
F-function plays a critical role in creating confusion
and diffusion, key properties of secure ciphers. It
uses the S-boxes and performs a series of additions
and XORs to ensure that small changes in input or
key produce unpredictable outputs. These
operations make it extremely difficult for attackers
to reverse-engineer the key or deduce plaintext
from ciphertext.
DECRYPTION
PROCESS
• The decryption process in Blowfish is identical
to encryption, except that the subkeys are
used in reverse order (i.e., from P[18] down to
P[1]). Thanks to the Feistel structure, each
step of the encryption process is invertible
without needing a separate decryption
function. This symmetric nature simplifies
implementation and reduces the amount of
code needed. Because the rounds are
deterministic and based on subkeys, as long as
the same key is used, the original plaintext can
always be recovered from the ciphertext.
ADVANTAGES
• Blowfish comes with several benefits that made
it a go-to choice in earlier decades:Speed:
Blowfish is highly optimized for fast
encryption/decryption, especially on 32-bit
processors.Flexibility: Its variable key length
allows for a customizable balance between
performance and security.Open-source: There
are no patents or licensing fees, making it
accessible for developers and
researchers.Security: The design of Blowfish,
including the large keyspace and strong F-
function, makes it resistant to brute-force
attacks, differential cryptanalysis, and other
known methods (within its limitations).
DISADVANTAGES
• Despite its strengths, Blowfish also has several
shortcomings that limit its use today:Small
block size (64-bit): In the modern era of large
data transfers, a 64-bit block size is too small,
making it vulnerable to birthday attacks when
large amounts of data are encrypted with the
same key.Slow key setup: The key expansion
phase is computationally heavy, making
Blowfish less suitable for applications where
keys change frequently.Outdated for modern
systems: Newer encryption standards like AES
(Advanced Encryption Standard) are better
suited for today’s needs, both in terms of
performance and security.
USE CASES
• Blowfish found widespread adoption
in various applications during the late
90s and early 2000s:bcrypt: A secure
password hashing algorithm that is
still widely used today.VPNs and
Network Security Tools: Used in
protocols for encrypting data in
transit.File and Disk Encryption: Many
early encryption utilities used
Blowfish due to its speed and
availability.Embedded Systems: Some
devices with limited resources still
use Blowfish because of its light
footprint. Even though it is largely
replaced in modern software,
Blowfish continues to be used in
legacy systems where replacing the
encryption algorithm is impractical.
MODERN RELEVANCE
AND ALTERNATIVE
• In the current cryptographic landscape, Blowfish is
considered obsolete for new applications. Its 64-bit block
size and slower key expansion make it less secure and
less efficient compared to newer algorithms like:AES
(Advanced Encryption Standard): Now the global
standard for symmetric encryption, with a 128-bit block
size and better performance on modern CPUs.Twofish:
Also developed by Bruce Schneier as the successor to
Blowfish, with stronger design and support for larger
block sizes.ChaCha20: A modern stream cipher used in
mobile devices and TLS due to its speed and resistance
to timing attacks.Today, security experts recommend
against using Blowfish for encrypting new data, though it
may still be found in older systems that require
backward compatibility.