Join Log in
Score:1
phantomcraft avatar Crypto

Could Blowfish be extended to larger block/key sizes if increasing the level of sum and XOR operations?

pf flag
phantomcraft

Blowfish encryption is made as follows:

1 - XOR the round key with half of the plaintext.
2 - Split the 32-bits word in 4 bytes and insert each one in the S-Boxes.
3 - Sum the result of byte #1 with #2 and XOR in the result of byte #3
4 - Sum the above result with result of byte #4.
5 - XOR the result of the above operations in the other half of plaintext.
6 - Repeat the steps above 15 times more.
7 - XOR the two halves of the ciphertext with 2 whitening keys.

I have been thinking if something similar could be done with larger halves of ciphertext other than 32-bits.

For a 256-bits block size (128-bits each half) It could be:

1 - XOR the 128-bits round key with half of the plaintext.
2 - Split the 128-bits resulting array in 16 bytes and insert each one the S-Boxes.
2 - Concatenate the first 128-bits chunk and sum with next 128-bits chunk #2.
3 - XOR the result above with the chunk #3
4 - Sum the above result with chunk #4.
5 - XOR the result of the above operations in the other half of plaintext.
6 - Repeat the steps above 15 times more.
7 - XOR the two halves of the ciphertext with 2 whitening keys of 128-bits size each one.

Resuming the scheme above: results of the insertions of bytes in the S-Boxes was concatenated and modular and XOR operations was increased.

Obviously the sum and XOR operations for a 256-bits block must be done in mod 2^128 instead of mod 2^32 as regular Blowfish.

My question is:

Can Blowfish be securely extended to larger key/block sizes if only increasing the level modular and XOR operations as I proposed in the scheme above?

49
1 + 0
Score:1
Daniel S avatar Crypto
ru flag
Daniel S

No.

Although it is perfectly possible to implement the algorithm that you describe, it comes with none of the assurance of historic cryptanalysis that has been applied to Blowfish both at the design stage and subsequently. Changing block sizes in a cipher design typically requires other parameters to be reassessed and most often at least an increase in the number of rounds is required. To describe your algorithm as Blowfish would give a misleading and possibly fraudulent impression of security to users.

Although I've not done anything like a full cryptanalysis of your design I can already see some poor mixing properties in comparison to Blowfish. For example in Blowfish, flipping any of the input bits to the left hand side of an input to the round function has a good chance (close to fifty percent) of flipping a bit on the left hand side of the corresponding output (after swapping sides). In your design changing any of the bits in positions 0-23, 32-55, 64-87, 96-119 of the input will leave bits in positions 96-127 of the output of the round function unchanged. This is very bad from an avalanche property point of view and could easily lead to a strong differential or differential-linear attack.

Note that if you want a Blowfish-like design with a bigger block size, Schneier himself recommends using Twofish.

+ 1
phantomcraft avatar
pf flag
phantomcraft
"To describe your algorithm as Blowfish would give a misleading and possibly fraudulent impression of security to users." -- I didn't described as Blowfish, I would never do that. But thank you very much for your answer.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.