Advertisement

On the weak keys of blowfish

  • Serge Vaudenay
Block Ciphers — Analysis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)

Abstract

Blowfish is a sixteen-rounds Feistel cipher in which the F function is a part of the private key. In this paper, we show that the disclosure of F allows to perform a differential cryptanalysis which can recover all the rest of the key with 248 chosen plaintexts against a number of rounds reduced to eight. Moreover, for some weak F function, this attack only needs 223 chosen plaintexts against eight rounds, and 3×251 chosen plaintexts against sixteen-rounds. When the F function is safely kept private, one can detect whether it is weak or not with a differential attack using 222 plaintexts against eight rounds.

References

  1. 1.
    C. M. Adams. A Formal and Practical Design Procedure for Substitution-Permutation Network Cryptosystems. PhD thesis, Queen's University, Kingston, Canada, 1990.Google Scholar
  2. 2.
    C. M. Adams, S. E. Tavares. Designing s-boxes Resistant to Differential Cryptanalysis. In Proceedings of 3rd Symposium on the State and Progress of Research in Cryptography, pp. 386–397, Rome, Italy, 1994.Google Scholar
  3. 3.
    E. Biham, A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  4. 4.
    H. Feistel. Cryptography and computer privacy. In Scientific American, vol. 228, pp. 15–23, 1973.Google Scholar
  5. 5.
    J. Lee, H. M. Heys, S. E. Tavares. On the Resistance of the CAST Encryption Algorithm to Differential Cryptanalysis. Presented at the SAC'95 conference.Google Scholar
  6. 6.
    B. Schneier. Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish). In Fast Software Encryption — Proceedings of the Cambridge Security Workshop, Cambridge, United Kingdom, Lectures Notes in Computer Science 809, pp. 191–204, Springer-Verlag, 1994.Google Scholar
  7. 7.
    B. Schneier. The Blowfish Encryption Algorithm. In Dr Dobb's Journal, pp. 38–40, April 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Serge Vaudenay
    • 1
  1. 1.Ecole Normale SupérieureDMIParis Cedex 5France

Personalised recommendations