Re: Help with understanding subkey generation in Blowfish
From: Ian Piper (ianpiper@mac.com)
Date: 03/17/03
 Next message: Aziz: "Re: One Time Pad Implementations?"
 Previous message: Jan Doornaert: "Re: LibTomCrypt and LibTomMath site"
 In reply to: Tom St Denis: "Re: Help with understanding subkey generation in Blowfish"
 Next in thread: Ian Piper: "Re: Help with understanding subkey generation in Blowfish"
 Reply: Ian Piper: "Re: Help with understanding subkey generation in Blowfish"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: ianpiper@mac.com (Ian Piper) Date: 17 Mar 2003 01:11:10 0800
"Tom St Denis" <tomstdenis@yahoo.com> wrote in message news:<2MZca.260578$UXa.191868@news02.bloor.is.net.cable.rogers.com>...
> "Ian Piper" <ianpiper@mac.com> wrote in message
> news:BA99F1FE.7CB0%ianpiper@mac.com...
> > Any thoughts on this, anyone?
>
> I have blowfish code in my LibTomCrypt library. Why not just check that
> out?
>
> http://libtomcrypt.org
>
> Tom
Thanks, I downloaded your source and it seems little different in
essentials from the source I had looked at already, so the question
remains (I've copied it here again). To clarify, I don't have a
problem understanding how (or why) the XOR function takes place. I am
confused about the size of the keyspace  448 bits would require 14
loops, whereas all of the code I have seen does 18 loops (which would
lead to 576 bits, wouldn't it?).
==== quote ====
In particular there is one part that I am finding it hard to figure
out:
subkey generation. As I understand it, in the initialisation process
we
start with a Pbox array with 18 members, each a 32bit number
representing
the hex values of the decimal portion of pi. Each member of the Pbox
array
is then XORed with a 32bit portion of the key to produce the
subkeys.
I suppose that is one of the first confusions. For this to work don't
we
need to allow for 576 bits in the key (18 x 32)? But the maximum key
size in
Blowfish is 448 (14 x 32). In the original Schneier paper, it says
"XOR P1
with the first 32 bits of the key, XOR P2 with the second 32bits of
the
key, and so on for all bits of the key (possibly up to P14)." I can
understand that. But when I look at the source, it has this in the
initialisation function:
#define bf_N 16
...
j = 0;
for (i = 0; i < bf_N + 2; ++i) {
temp.word = 0;
temp.w.byte0 = key[j];
temp.w.byte1 = key[(j+1)%keybytes];
temp.w.byte2 = key[(j+2)%keybytes];
temp.w.byte3 = key[(j+3)%keybytes];
data = temp.word;
bf_P[i] = bf_P[i] ^ data;
j = (j + 4) % keybytes;
}
Which seems to be running the loop 18 times. It obviously works, so
what am
I missing here?
Second, and also related, is the next statement in the original paper.
I
quote: "(For every short key, there is at least one equivalent longer
key;
for example, if A is a 64bit key, then AA, AAA, etc, are equivalent
keys)."
I can't understand why a repeated key is the same as the individual
key:
doesn't this suggest that any key consisting of repeated characters is
weak?
Again I know that Blowfish is not noted for weak keys, so there is
obviously
something I don't understand.
==== quote ====
 Next message: Aziz: "Re: One Time Pad Implementations?"
 Previous message: Jan Doornaert: "Re: LibTomCrypt and LibTomMath site"
 In reply to: Tom St Denis: "Re: Help with understanding subkey generation in Blowfish"
 Next in thread: Ian Piper: "Re: Help with understanding subkey generation in Blowfish"
 Reply: Ian Piper: "Re: Help with understanding subkey generation in Blowfish"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
