What is the Blowfish encryption method and is it crackable?

Anton P. | September 22, 2023

Blowfish is a symmetric-key encryption algorithm. Designed by Bruce Schneier in 1993, Blowfish is an attempt to improve upon older cipher suites and encryption methods.

Although uncracked to this day, the cryptographic community does not consider Blowfish encryption safe.

Let us look at where this mistrust stems from by diving deeper into how Blowfish encryption works.

Learn what Blowfish encryption is and why it might be unsafe.

What is Blowfish encryption?

Analyzing the main components of the Blowfish algorithm definition will tell us its key features. These include the following:

  • Symmetric encryption method. Blowfish uses a symmetric encryption key, meaning the same key is used for both the encryption and decryption process.
  • Block cipher. The Blowfish encryption algorithm uses the block cipher technique. This method divides the message into chunks of information known as blocks and encrypts them separately. Blowfish uses a 64-bit block size.
  • Feistel cipher. For constructing the iterative block structure, the Blowfish method utilizes the Feistel cipher, named after the cryptographer Horst Feistel. This method uses rounds of iterations, each applying a round function and encryption key. There are 16 rounds in Blowfish encryption.
  • Variable key size. The Blowfish encryption method allows for different key lengths ranging from 32 bits to 448 bits.
  • Complex key schedule. The Blowfish algorithm’s P-array consists of 18 subkeys. Additionally, it has four substitution boxes (S-boxes). P-array and S-boxes are generated by deriving values from hexadecimal digits of Pi.

The process of encryption

Blowfish encryption has two major multi-step components - key expansion and 16 rounds of key-dependent permutations and substitutions.

Key expansion

Before any encryption or decryption starts, Blowfish must generate the subkeys from the main key. This key expansion process roughly goes like this:

  1. A random key of up to 448 bits in size is generated.
  2. The first P-array (P1, P2, P3, etc.) and S-boxes (S1, S2, S3, S4) are initialized, deriving hexadecimal digits from the Pi constant.
  3. A Boolean logic operator “exclusive or” (XOR) is used on the first 32 bits of the key and the first value derived from Pi (P1). The second 32-bit chunk is XORed with P2, and so on. This continues until the entire P-array is XORed with bits of the key.
  4. The all-zero string is encrypted with the Blowfish algorithm using the subkeys calculated in the first steps.
  5. P1 and P2 are replaced with the output of step 4. 
  6. This generates modified subkeys that are used to encrypt the output of step 4.
  7. The same replacing and encryption of P-array with the modified Blowfish algorithm is run 521 times to generate all the subkeys and large key-dependent S-boxes.

Private Christmas & a safe New Year!


Using the expanded key schedule for the Blowfish encryption

Now, we have a new P-array where P1 to P18 are iteratively generated subkeys. These subkeys and s-boxes, along with the same Blowfish algorithm, can now be used to encrypt plaintext. The Blowfish encryption proceeds like this.

  1. Plaintext is split into 64-bit blocks.
  2. The 64-bit data element is split into two 32-bit halves. We can call these halves A and B.
  3. In the first round, F(A) is calculated by splitting A into four 8-bit parts and using S-boxes according to a complex formula. The original 32-bit A is XORed with the precalculated subkey P1. B is XORed with F(A). The resulting new outputs, A and B, are swapped for the next round.
  4. The same is repeated for 16 rounds in total, using subkey P2 in the second round, P3 in the third round, and so on.
  5. After all the rounds, A and B are swapped for the last time. B is XORed with P17, A is XORed with P18. The two halves are recombined to form the ciphertext block.

The algorithm performs the same encryption process on every 64-bit block. The decryption process is the same, except that the subkeys are used in reverse order.

Can Blowfish encryption be cracked?

Blowfish encryption algorithm has considerable advantages over ciphers like Data Encryption Standard (DES) and International Data Encryption Algorithm (IDEA). It is unpatented and free of use for anyone in the world, including commercial usage.

Therefore, many have used it for the development of various cipher suites and encryption products.

More importantly, despite many attempts, no one has found a way to crack Blowfish with cryptanalysis yet.

However, uncracked does not mean uncrackable.

Researchers have shown that Blowfish encryption is vulnerable to brute force attacks. Specifically, the birthday attack, exploiting the mathematics behind the birthday problem, might be successful.

All block ciphers that use 64-bit or smaller block sizes share this vulnerability. The smaller the block the easier it is to reach the birthday-type collision and crack the encrypted message. Especially if the message itself is long.

Thus, although there is no general way to decrypt Blowfish cipher analytically, specific messages can be cracked. Enough brute force, i.e., computing power, will do the job.

Due to this reason, Blowfish’s creator, along with colleagues, has developed an alternative Twofish encryption method. Twofish is a 128-bit block size cipher, therefore it does not have Blowfish algorithm’s vulnerability.

Which is better, Blowfish or AES?

The Blowfish algorithm was among the top contenders for becoming the new Advanced Encryption Standard (AES). However, a different encryption method was chosen.

The algorithm selected for AES uses 128-bit size blocks, just like Blowfish’s successor Twofish.

The most robust type of AES - AES-256 also has a 256-bit long key. Thus, it is uncracked, just like Blowfish encryption, and impenetrable to brute force attacks given the current computing powers.

For this reason, AES-256 is more secure than Blowfish encryption and many top VPN products, including Atlas VPN, use it.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.



© 2023 Atlas VPN. All rights reserved.