Blowfish is a variable-length

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.



Blowfish is a variable-length, a new secret-key block cipher. It iterates a simple encryption function 16 times. Its main features are:
  • Block cipher: 64-bit block.
  • Variable key length: 32 bits to 488 bits.
  • Faster than many algorithms like IDEA ,DES etc.,


The Blowfish is a variable-length key, 64-bit block cipher. The algorithm consists of two components:

  1. A key-expansion part
  2. The Key expansion converts a variable-length key of a maximum of 56 bytes into several sub key arrays totaling 4168 bytes.

  3. A data- encryption part
  4. Data encryption occurs via a 16-round Feistel network. Each round consists of a key-dependent permutation, and a key- and data-dependent substitution. The additional operations are four indexed array data lookups per round. The Implementations of Blowfish that need the highest speeds should break the loop and ensure that all sub keys are stored in cache.


These additional requirements should, if possible, be applied on a standard encryption algorithm.

  1. It should be simple to code. If possible, the algorithm should be robust against any implementation mistakes.
  2. It should have a flat key space, allowing any random bit string of the required length to be a possible key. There should be no weak keys.
  3. It should be designed in order to allow easy key-management for software implementations.
  4. It should be easily modifiable for different levels of security, both minimum and maximum requirements.
  5. All operations should manipulate data in byte-sized blocks. Where possible, operations should manipulate data in 32-bit blocks.


The most interesting results are:

John Kelsey developed an attack that could break 3-round Blowfish, but was unable to extend it. This attack exploits the F function and the fact that addition mod 232 and XOR do not commute. Serge Vaudenay examined a simplified variant of Blowfish, with the S-boxes known and not key-dependent.

The discovery of weak keys in Blowfish is significant. A weak key is one for which two entries for a given S-box is identical. We have to do the key expansion and check for identical S-box entries after generating a Blowfish key.

Products that use Blowfish

The products that use the Blowfish encryption algorithm are:

BF-SDK (Blowfish Software Development Kit) provides the basic functions to encrypt and decrypt data. is a website that provides encrypted message delivery using Blowfish to transmit messages from an e-mail client to the CertifiedMail Server, then stores messages with Blowfish.

OpenBSD is a free Unix-like operating system that uses Blowfish by default for one-way password encryption.

Scramdisk is a Disk encryption for Windows95 and Windows98.

Ultra-Scan is an ultrasonic fingerprint scanner uses Blowfish to encrypt the fingerprint images.


Here we discussed Blowfish, it is a variable-length key block cipher. It is only suitable for applications where the key does not change often, like a communications link or an automatic file encryptor. It is much faster than DES when implemented on microprocessors with large data caches, such as the Pentium and the PowerPC.

Blowfish is a 16 pass block encryption algorithm that has never been broken. The most efficient way to break Blowfish is through exhaustive search of the key space. Although a number of excellent algorithms have been developed BLOWFISH is used frequently because:

  • It has been repeatedly tested and found to be very secure.
  • It is extremely fast due to its taking advantage of built-in instructions on the current microprocessors for basic bit shuffling operations.
  • It was placed in the public domain.