Key Schedule (Sub-Keys and S-Boxes) Algorithm

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟Key Schedule (Sub-Keys and S-Boxes) Algorithm

The Blowfish Key Schedule (Sub-Keys Generation) algorithm is provided to generate 18 Sub-keys and 4 S-boxes, using user provided secret key and hexadecimal digits of the fractional portion of constant Pi, (3.1415927... - 3) = 0.1415927... as input.

In the previous tutorial, we left two parts undefined in the Blowfish encryption algorithm:

18 Sub-keys: P{1), P(2), ..., P(18) - Each Sub-key is 32 bits long.
4 S-boxes: S1[], S2[], S3[], S4[] - Each S-box has 256 elements. Each element is 32 bits long.

Here is the suggested Blowfish key schedule algorithm, which should be used to construct 18 Sub-keys and 4 S-boxes:

Input: 
   K: The key - 32 bits or more
   PI: The binary representation of the fractional portion of "pi"
      = 3.1415927... - 3.0
      = 2/16 + 4*/16**2 + 3/16**3 + 15/16**4 + ...
      = 0x243f6a8885a308d313198a2e03707344...
   
Output: 
   P1, P2, ..., P18: 18 32-bit sub-keys
   S1[], S2[], S3[], S4[]: 4 S-boxes, 32-bit 256-element arrays

Algorithm - Blowfish Key Schedule Generation: 
   (P1, P2, ..., P18, S1[], S2[], S3[], S4[]) = PI
   K' = (K, K, K, ...), Repeat the key to 18*32 bits long
   (P1, P2, ..., P18) = (P1, P2, ..., P18) XOR K'
   T = (0x000000, 0x000000), Setting initial clear text
   T = Blowfish(T), Applying Blowfish process 
   (P1, P2) = T, Updating first two sub-keys
   T = Blowfish(T), Applying Blowfish process
   (P3, P4) = T
   ......
   T = Blowfish(T)
   (P17, P18) = T
   T = Blowfish(T)
   (S1[0], S1[1]) = T
   T = Blowfish(T)
   (S1[2], S1[3]) = T
   ......
   T = Blowfish(T)
   (S1[254], S1[255]) = T
   T = Blowfish(T)
   (S2[0], S2[1]) = T
   ......
   T = Blowfish(T)
   (S4[254], S4[255]) = T

Note that:

To initialize 18 sub-keys and 4 S tables, we need 18*32 + 4*256*32 = 576 + 32768 = 33344 binary digits of PI, or 33344/4 = 8336 hex digits of PI.
To finalize 18 sub-keys and 4 S tables, we need to apply Blowfish algorithm (18+4*256)/2 = 1042/2 = 521 times.
The secret key, K, has an variable length from 32 bits to 18*32=576 bits (72 bytes) long.
The Blowfish process is used as part of the key schedule algorithm.

Now we have completed the entire Blowfish encryption algorithm, which takes a give secret key, constructs Sub-keys and S-boxes, then apply the Blowfish process on the given 64-bit block.