Cryptography

Blow Fish
&
RC4 , RC5 stream ciphers

Department of Computer Science & Engineering

NIT Jalandhar
 Conventional Encryption Algorithms

Some of the most important Symmetric

Block Ciphers in current use:
Triple DES
IDEA (International Data Encryption Algorithm )
Blow Fish
RC5
CAST-128
(Cast 128 is license free algorithm available for
everyone)
Rc4, RC2 etc.
 Blowfish
a symmetric block cipher designed by Bruce
Schneier in 1993/94
Characteristics
» fast : encrypt data on 32-bit CPUs at a rate of 26
clocks/ byte and faster than DES and IDEA.
» compact in use of memory can run on memory, 5k
» simple structure eases analysis/ implementation
» variable security by varying key size, as long as 448
bits
» Unpatented and Royalty-free and is available free for
all users.
has been implemented in various products
Not suitable for applications such as packet switching
with frequent key change or one way hash function.
Blow fish Algorithm
 Blowfish Description
uses 64 bit block for variable key length
Has algorithms for key expansion and data encryption.
16 Round Feistel cipher
used to generate
» 18 32-bit sub-keys (P1……P18)

» stored in K-array Kj,K

j ≤ 14
» four 8 x 32 S-boxes stored in Si,j (256 entries each)
key schedule consists of:
» initialize P-array and then 4(32 bit ) S-boxes using pi
» ( 256 entries) XOR P-array with key bits (reuse as
needed)
» loop repeatedly encrypting data using current P & S
and replace successive pairs of P then S values
» requires 521 encryptions, hence slow in rekeying
 Blowfish Key Schedule
uses a 32 to 448 bit key
used to generate
» 18 32-bit sub-keys and these keys must be
precomputed before any data encryption or
decryption
» Total of 4168 Bytes
» Total 521 iterations are required to generate all
required Sub-keys, hence slow in rekeying
» Application can store the sub-keys rather than
execute this derivation process multiple times.
» So is not suitable for applications in which secret
key changes frequently.
» It is not appropriate for applications with limited
memory.
Encryption Process
Blow fish Encryption
Blowfish Algorithm
 Algorithm BF
Unlike DES , BF applies f-function to the left half of the block.
Obtaining D-array consists of 18 32-bit sub keys: D1, D2…..D18
Four 32 bit s-boxes with 256 entries each
S1,0,S1,1,…………..S1,255;
S2,0,S2,1……………S2,255;
S3,0,S3,1……………S3,255;
S4,0,s4,1…………….S4,255.
Sub keys are calculated( Diag. shown in next slide)
Step 1: Initialize D-array and then four S-boxes with a fixed string
Step 2: XOR D1 with the first 32 bits of the key
XOR D2 with the second 32 bits of the key and so on up to D14
Step 3: Encrypt the all –zero string with BF Algorithm using the sub-keys
as in steps 1 and 2
Step 4: Replace D1 and D2 with output of step 3
Step 5: Encrypt the output of step 3 using BF algorithm with the modified
sub keys.
Step 6: Replace D3, D4 with the output of Step 5.
Step 7: Continue replacing all D-array and all 4 s-boxes in order, with the
output of the continuously-changing blowfish algorithm.
 BF
For I = 1 to 16
XL = XL ⊕ Pi
XR = F(XL) ⊕ XR
Swap XL and XR
Swap XL and XR ( undo last swap)
XR = XR ⊕ P17
XL = XL ⊕ P18
Recombine XL and XR
data is divided into two 32-bit halves L0 & R0
for i = 1 to 16 do
Ri = Li-1 XOR Pi;
Li = F[Ri] XOR Ri-1;
L17 = R16 XOR P18;
R17 = L16 XOR i17;
BF Algorithm
Function F of BF Algorithm
 Function F

F[a,b,c,d]=((S1,a + S2,b) XOR S3,c) + S4,a

 Blowfish facts
Low key-agility and/or Blowfish’s speed makes
high memory demands it an good choice for
makes Blowfish applications that encrypt
impractical in intermediate amounts of
constrained data, such as typical of
environments. network communications
Small (64-bit) block size (e-mail, file transfers).
makes it insecure for No attacks on Blowfish
applications that encrypt are known that work on
large amounts of data the full 16-round official
with the same key (such version (certain attacks
as data archival, file recover some
system encryption, etc.) information from
Implemented in SSL and versions with up to 14-
other security suites. rounds).
 Discussion
key dependent S-boxes and subkeys,
generated using cipher itself, makes
analysis very difficult
changing both halves in each round
increases security
provided key is large enough, brute-force
key search is not practical, especially given
the high key schedule cost
 Stream Ciphers

RC2, RC4,
RC5, RC6
 Block Cipher Characteristics
features seen in modern block ciphers
are:
» variable key length / block size / no
rounds
» mixed operators, data/key
dependent rotation
» key dependent S-boxes
» more complex key scheduling
» operation of full data in each round
» varying non-linear functions
 Stream Ciphers
process the message bit by bit (as a stream)
typically have a (pseudo) random stream key
combined (XOR) with plaintext bit by bit
randomness of stream key completely
destroys any statistically properties in the
message
» Ci = Mi XOR StreamKeyi
what could be simpler!!!!
but must never reuse stream key
» otherwise can remove effect and recover
messages
 Stream Cipher Properties
some design considerations are:
» long period with no repetitions
» statistically random
» depends on large enough key
» large linear complexity
» correlation immunity
» confusion
» diffusion
» use of highly non-linear boolean
functions
 RC2
a proprietary cipher owned by RSA DSI (Aerospace Data
Security
Ron Rivest design, simple but effective
Details not published
Protected as a trade secret
variable key size from 0 byte to max string length, byte-
oriented stream cipher
widely used (web SSL/TLS (Secure Socket Layer and
Transport Layer Security ) (SSL/TLS uses
both asymmetric and symmetric encryption to protect
the confidentiality and integrity of data-in-transit. ),
wireless WEP)
key forms random permutation of all 8-bit values
uses that permutation to scramble input info processed a
byte at a time
 RC2
Encryption speed independent of key size
No S-boxes
Two operations Mix and Match and one is
chosen in each round.
Provides protection against differential and
Linear cryptanalysis.
 RC5
a proprietary cipher owned by RSADSI
( RSA data security incorporation)
designed by Ronald Rivest (of RSA fame)
used in various RSADSI products
can vary key size / data size / no rounds
very clean and simple design
easy implementation on various CPUs
yet still regarded as secure
Adaptable to processors of different word lengths
No of bytes of keys & PT block size are all variable, but values
remain same for a particular execution of cryptographic algorithm
Encrypt 2 word blocks at a time
No of rounds are 0 to 255
Word size in bits: 16,32,64
Key size is 255 X 8 = 2040 bits allowing 8 bit bytes in the key
 RC5 Cipher Parameters
RC5 is a family of ciphers RC5-w/r/b
» w = word size in bits (16/32/64) and data = 2w
» r = number of rounds (0..255)
» b = number of bytes in key (0..255)

nominal version is RC5-32/12/16

» ie 32-bit words so encrypts 64-bit data blocks
» using 12 rounds
» with 16 bytes (128-bit) secret key
 RC5 Key Expansion
RC5 uses 2r+2 sub key words (w-bits)
sub keys are stored in array S[i], i=0..t-1
Key length = 255X8 = 2040 bits and allowing 8 bit bytes
in the key.
There is one initial operation consisting of two steps,
then a no. of rounds ( r ) can vary from 0 to 255.
Input PT block is 64 bits.
First 2 steps are one time initial operation: Input text
divided into two (2) 32 bit blocks A and B.
then the key schedule consists of
» initializing S to a fixed pseudorandom value, based on
constants e and phi
» the byte key is copied (little-endian) into a c-word
array L
» a mixing operation then combines L and S to form the
final S array
 RC5 Encryption
split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li =((Li-1 XOR Ri-1)<<< Ri-1)+S[2 x i];
Ri =((Ri-1 XOR Li)<<< Li)+S[2 x i+1];
each round is like 2 DES rounds
note rotation is main source of non-linearity
need reasonable number of rounds (eg 12-16)
Key Expansion Algorithm
Key Expansion
Key Expansion
 RC5 Modes
RFC2040 defines 4 modes used by RC5
» RC5 Block Cipher, is ECB mode
» RC5-CBC, is CBC mode
» RC5-CBC-PAD, is CBC with padding
by bytes with value being the
number of padding bytes
» RC5-CTS, a variant of CBC which is
the same size as the original
message, uses ciphertext stealing to
keep size same as original
 RC4
a proprietary cipher owned by RSA DSI
another Ron Rivest design, simple but
effective
variable key size, byte-oriented stream
cipher
widely used (web SSL/TLS, wireless WEP)
key forms random permutation of all 8-bit
values
uses that permutation to scramble input info
processed a byte at a time
 RC4 Key Schedule
starts with an array S of numbers: 0..255
use key to well and truly shuffle
S forms internal state of the cipher
given a key k of length l bytes
for i = 0 to 255 do
S[i] = i
j = 0
for i = 0 to 255 do
j = (j + S[i] + k[i mod l]) (mod 256)
swap (S[i], S[j])
 RC4 Encryption
encryption continues shuffling array values
sum of shuffled pair selects "stream key"
value
XOR with next byte of message to en/decrypt
i = j = 0
for each message byte Mi
i = (i + 1) (mod 256)
j = (j + S[i]) (mod 256)
swap(S[i], S[j])
t = (S[i] + S[j]) (mod 256)
Ci = Mi XOR S[t]
 RC4 Security and Efficiency
claimed secure against known attacks
» have some analyses, none practical
result is very non-linear
since RC4 is a stream cipher, must never reuse a key and secure if if
key length higher than 128 bits.
have a concern with WEP, but due to key handling rather than RC4
Extremely efficient in software implementations, since only byte
operations are used.
Weaknesses:
The existence of large classes of weak keys
The weakness is a related key vulnerability.
RC4 is very fast in software
In hardware does not operate faster.
RC4 is suitable with the following recommendations
Word size used should be n = 8
First two output words must be suppressed.
A specific mechanism for re-keying should be standardized.
RC4,RC5,RC6 and Blowfish
 Summary
have considered:
» some other modern symmetric
block ciphers
» Triple-DES
» Blowfish
» RC5
» briefly introduced stream
ciphers
» RC4