International Data Encryption Algorithm

Overview
DES algorithm has been a popular secret key encryption algorithm and is used in many commercial and financial applications. However, its key size is too small by current standards and its entire 56 bit key space can be searched in approximately 22 hours IDEA is a block cipher designed by Xuejia Lai and James L. Massey in 1991 It is a minor revision of an earlier cipher, PES (Proposed Encryption Standard) IDEA was originally called IPES (Improved PES) and was developed to replace DES
2

Overview (cont)
It entirely avoids the use of any lookup tables or S-boxes IDEA was used as the symmetric cipher in early versions of the Pretty Good Privacy cryptosystem

Detailed description of IDEA

IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit key Completely avoid substitution boxes and table lookups used in the block ciphers The algorithm structure has been chosen such that when different key sub-blocks are used, the encryption process is identical to the decryption process
4

Key generation
The 64-bit plaintext block is partitioned into four 16bit sub-blocks six 16-bit key are generated from the 128bit key. Since a further four 16-bit key-sub-blocks are required for the subsequent output transformation, a total of 52 (= 8 x 6 + 4) different 16-bit sub-blocks have to be generated from the 128-bit key.
5

Key generation process

First, the 128-bit key is partitioned into eight 16bit sub-blocks which are then directly used as the first eight key sub-blocks The 128-bit key is then cyclically shifted to the left by 25 positions, after which the resulting 128-bit block is again partitioned into eight 16-bit sub-blocks to be directly used as the next eight key sub-blocks The cyclic shift procedure described above is repeated until all of the required 52 16-bit key sub-blocks have been generated
6

Encryption of the key sub-blocks

The key sub-blocks used for the encryption and the decryption in the individual rounds are shown in Table 1

Encryption
the first four 16-bit key sub-blocks are combined with two of the 16bit plaintext blocks using addition modulo 216, and with the other two plaintext blocks using multiplication modulo 216 + 1 At the end of the first encryption round four 16-bit values are produced which are used as input to the second encryption round The process is repeated in each of the subsequent 7 encryption rounds The four 16-bit values produced at the end of the 8th encryption round are combined with the last four of the 52 key sub-blocks using addition modulo 216 and multiplication modulo 216 + 1 to form the resulting four 16-bit ciphertext blocks
8

One Round of IDEA

Red-Multiply Green- Add Blue- XOR

9

Decryption
The computational process used for decryption of the ciphertext is essentially the same as that used for encryption The only difference is that each of the 52 16-bit key sub-blocks used for decryption is the inverse of the key sub-block used during encryption In addition, the key sub-blocks must be used in the reverse order during decryption in order to reverse the encryption process
10

Modes of operation
IDEA supports all modes of operation such as:
Electronic Code Book (ECB) mode Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) modes

For plaintext exceeding this fixed size, the simplest approach is to partition the plaintext into blocks of equal length and encrypt each separately. This method is named Electronic Code Book (ECB) mode. However, Electronic Code Book is not a good system to use with small block sizes (for example, smaller than 40 bits)
11

Blowfish Algorithm

The Blowfish Encryption Algorithm

Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. (Wikipedia) Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. (Bruce Schneier)

The Blowfish Encryption Algorithm (cont.)

Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use.

The Blowfish Algorithm

There are two parts to this algorithm;
A part that handles the expansion of the key. A part that handles the encryption of the data.

The expansion of the key: break the original key into a set of subkeys. Specifically, a key of no more than 448 bits is separated into 4168 bytes. There is a P-array and four 32-bit S-boxes. The P-array contains 18 32-bit subkeys, while each S-box contains 256 entries. The encryption of the data: 64-bit input is denoted with an x, while the P-array is denoted with a Pi (where i is the iteration).

The Blowfish Algorithm: Key Expansion (cont)

Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits (32-448 bits in steps of 8 bits; default 128 bits). It is a 16-round Feistel cipher and uses large key-dependent S-boxes. It is similar in structure to CAST-128, which uses fixed S-boxes.

Blowfish Algorithm
The algorithm consists of two parts:
A key - expansion part. A data - encryption part.

Blowfish Algorithm
Key expansion converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. Data encryption occurs via a 16-round Feistel network. Each round consists of a keydependent permutation, and a key- and datadependent substitution.

Subkey
The P-array consists of 18 32-bit subkeys: P1, P2,..., P18. There are four 32-bit S-boxes with 256 entries each: S1,0, S1,1,..., S1,255; S2,0, S2,1,..,, S2,255; S3,0, S3,1,..., S3,255; S4,0, S4,1,..,, S4,255.

Sub key Generation

Do a bitwise XOR of P1 with K1, P2 with K2 etc, until P18. But P15=P15 XOR K1 Now take 14-bit Block, with all the 64 bits initialized to value 0. Use the above P-arrays and S-boxes above to run the blowfish encryption on the 64-bit all-zero values.

Encryption Algorithm
The input is a 64-bit data element, x. Divide x into two 32-bit halves: xL, xR For i = 1 to 16:

xL = xL XOR Pi xR = F(xL) XOR xR Swap xL and xR

Swap xL and xR (Undo the last swap.)

Encryption Algorithm
xR = xR XOR P17 xL = xL XOR P18 Recombine xL and xR Function F:

Divide xL into four eight-bit quarters: a, b, c, and d F(xL) = ((S1,a + S2,b mod 232) XOR S3,c) + S4, d mod 232

Encryption Algorithm
Begin X/2 = xL and xR For i = 1 to 16 xL = xL XOR Pi xR = F(xL) XOR xR

swap xL and xR
Yes

I < 16
No swap xL and xR xL = xL XOR P17

xR = xR XOR P18
Recombine xL and xR

End

Encryption Algorithm
Begin xL/4 = a, b, c, d where a, b, c, d are 8 bit quarters

F(xL) = ((S1, a + S2, b mod 2^32) XOR S3, c) + S4, d mod 2^23

End

Decryption Algorithm
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order.

The Blowfish Algorithm: Key Expansion (cont)

Initialize the P-array and S-boxes XOR P-array with the key bits. For example, P1 XOR (first 32 bits of key), P2 XOR (second 32 bits of key), ... Use the above method to encrypt the all-zero string This new output is now P1 and P2 Encrypt the new P1 and P2 with the modified subkeys This new output is now P3 and P4 Repeat 521 times in order to calculate new subkeys for the P-array and the four S-boxes

The Blowfish Algorithm

The Blowfish Algorithm: Encryption (cont)

Diagram of Blowfish's F function

The Blowfish Algorithm (cont)

Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern. The secret key is then XORed with the P-entries in order (cycling the key if necessary). A 64-bit all-zero block is then encrypted with the algorithm as it stands. The resultant ciphertext replaces P1 and P2. The ciphertext is then encrypted again with the new subkeys, and P3 and P4 are replaced by the new ciphertext. This continues, replacing the entire P-array and all the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys - about 4KB of data is processed.

Products that Use Blowfish (cont)

AEdit: A free Windows word processor incorporating text encryption. Coolfish: An encrypting text editor for Windows. Foopchat: Encrypted chat and advanced file sharing using a client/server architecture. JFile by Land-J Technologies: A database program for the PalmOS platform. Freedom by Zero-Knowledge: Privacy for web browsing, e-mail, chat, telnet, and newsgroups. More: http://www.schneier.com/blowfish-products.html