Able to encrypt all kind of file type such as mpeg, mp3 and etc.
Able to encrypt largest file type without limited file size
Dr. Dobb's Journal, September 1995.
DES is the workhorse of cryptography algorithms, and it's long past time to
replace the 19-year-old standard. The recent design of a $1M machine that could
recover a DES key in 3.5 hours only confirmed what everybody knew: DES's key
size is far too small for today.
The world only partly trusted DES because it survived the scrutiny of the NSA.
Experts trusted DES because it was a published standard, and because it survived
20 years of intensive cryptanalysis by cryptographers around the world.
Cryptography is like that: confidence in an algorithm grows as group after group
tries to break it and fails.
Candidates for a replacement are emerging, but none has taken widespread
hold. Triple-DES is the conservative approach; IDEA (used in PGP) is the most
promising new algorithm. And there is a bevy of unpatented also-rans: RC4 (once
a trade secret of RSA Data Security, Inc. but now publicly available on the
Internet), SAFER, and my own Blowfish.
I first presented Blowfish at the Cambridge Algorithms Workshop ("Description
of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)," Fast
Software Encryption, R. Anderson, ed., Lecture Notes in Computer Science
#809, Springer-Verlag, 1994) and in Dr. Dobb's Journal (April
1994). From the start Blowfish was intended to be a completely free--unpatented,
unlicensed, and uncopyrighted--alternative to DES. Since then it has been
analyzed by some people and has started to see use in some systems, both public
and private. This article presents new Blowfish code, as well as updates on the
Blowfish is a block cipher that encrypts data in 8-byte blocks. The algorithm
consists of two parts: a key-expansion part and a data-encryption part. Key
expansion converts a variable-length key of at most 56 bytes (448 bits) into
several subkey arrays totaling 4168 bytes. (Note: the description in this
article differs slightly from the one in the April 1994 issue of Dr.
Dobb's Journal; there were typos in steps (5) and (6) of the subkey
Blowfish has 16 rounds. Each round consists of a key-dependent permutation,
and a key- and data-dependent substitution. All operations are XORs and
additions on 32-bit words. The only additional operations are four indexed array
data lookups per round.
Blowfish uses a large number of subkeys. These keys must be precomputed
before any data encryption or decryption. The P-array consists of 18 32-bit
subkeys: P1, P2,..., P18. There are also four 32-bit S-boxes with 256 entries
each: S1,0, S1,1,..., S1,255; S2,0, S2,1,..,, S2,255; S3,0, S3,1,..., S3,255;
S4,0, S4,1,..,, S4,255.
Encryption and Decryption:
Blowfish has 16 rounds. The input is a 64-bit data element, x. Divide x into
two 32-bit halves: xL, xR. Then, for i = 1 to 16:
xL = xL XOR Pi
xR = F(xL) XOR xR
Swap xL and xR
After the sixteenth round, swap xL and xR again to undo the last swap. Then,
xR = xR XOR P17 and xL = xL XOR P18. Finally, recombine xL and xR to get the
Function F looks like this: Divide xL into four eight-bit quarters: a, b, c,
and d. Then, F(xL) = ((S1,a + S2,b mod 232) XOR S3,c) + S4,d mod 232.
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are
used in the reverse order.
Generating the Subkeys:
The subkeys are calculated using the Blowfish algorithm:
1. Initialize first the P-array and then the four S-boxes, in order, with a
fixed string. This string consists of the hexadecimal digits of pi (less the
initial 3): P1 = 0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344,
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits
of the key, and so on for all bits of the key (possibly up to P14). Repeatedly
cycle through the key bits until the entire P-array has been XORed with key
bits. (For every short key, there is at least one equivalent longer key; for
example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys
described in steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the
6. Replace P3 and P4 with the output of step (5).
7. Continue the process, replacing all entries of the P array, and then all
four S-boxes in order, with the output of the continuously changing Blowfish
In total, 521 iterations are required to generate all required subkeys.
Applications can store the subkeys rather than execute this derivation process
C code for Blowfish starts on page xx. This is improved and corrected code;
the code in the April 1994 issue had some bugs and was less efficient than this
code. The code is also available electronically; see "Availability," page xx.
When I first presented Blowfish last year, Dr. Dobb's Journal sponsored a
cryptanalysis contest. There were five submissions in total, and I am pleased to
present the most interesting results here.
John Kelsey developed an attack that could break 3-round Blowfish, but was
unable to extend it. This attack exploits the F function and the fact that
addition mod 232 and XOR do not commute. Vikramjit Singh Chhabra looked at ways
of efficiently implementing a brute-force keysearch machine.
Serge Vaudenay examined a simplified variant of Blowfish, with the S-boxes
known and not key-dependent. For this variant, a differential attack can recover
the P-array with 28r+1 chosen plaintexts (r is the number of rounds). This
attack is impossible for 8-round Blowfish and higher, since more plaintext is
required than can possibly be generated with a 64-bit block cipher.
For certain weak keys that generate weak S-boxes (the odds of getting them
randomly are 1 in 214), the same attack requires only 24r+1 chosen plaintexts to
recover the P-array (again, assuming the S-boxes are known). With unknown
S-boxes, this attack can detect whether a weak key is being used, but cannot
determine what it is (neither the S-boxes, the P-array, nor the key itself).
This attack only works against reduced-round variants; it is completely
ineffective against 16-round Blowfish.
Even so, the discovery of weak keys in Blowfish is significant. A weak key is
one for which two entries for a given S-box are identical. There is no way to
check for weak keys before doing the key expansion. If you are worried, you have
to do the key expansion and check for identical S-box entries after you generate
a Blowfish key. I don't think it's necessary, though.
No one has come close to developing an attack that breaks Blowfish. Even so,
more cryptanalysis is required before pronouncing the algorithm secure. I invite
others to continue analyzing the algorithm.
The BlowFish Encryption Tools In Java Programming
The Java Implementation:
Method BF_Encrypt: This method is only called by the
makeKey method to generate a session key from user data. It outputs the result
to an int array.
Method blowfishDecrypt: The normal entry to the
decryption process. It is guaranteed to be called with enough bytes in the input
to carry on a decryption of one full block. Because the Blowfish cipher engine
is designed to handle two 32-bit blocks, this method's purpose is to transform
on entry and exit the data to/from 32-bit blocks; ie. Java.int. The input
becomes two 32-bit blocks as Left and Right halves onto which the Blowfish
cipher function is applied ROUNDS times in reverse order to that of the
Method blowfishEncrypt The normal entry to the
encryption process. It is guaranteed to be called with enough bytes in the input
to carry on an encryption of one full block. The code of the Blowfish encryption
engine, found here, is also replicated in the BF_encrypt method
found later. The reason for this duplication is performance. This
method, outputs the result in a byte array form, suitable for the user data
encryption operations, while BF_encrypt outputs its result as an int array
suitable for, and used during, the expansion of the user-key into a Blowfish
Method engineInitEncrypt Initializes this cipher
for encryption, using the specified key.
Method engineInitDecrypt Initializes this cipher
for decryption, using the specified
Method engineUpdate Performs the actual encryption
or decryption process
Method makeKey. Expands a userKey to a working
Blowfish session key (P) and generates this session s-boxes data (sKey). The key
bytes are fist extracted from the user-key and then used, repetitively if need
be, to build the contents of this session key and S-boxes
values. The method's only exceptions are when the user-key's contents
is a null Java object or a byte array of zero length. Otherwise the key data -up
to 56 bytes- are used repetitively.
DOWNLOAD THE JAVA SOURCE CODE
We provide partial of the source code but
having the full work functioning program written in java
To get the complete source code, please
US 15 for Full Complete Source Code