Key Schedule (Sub-Keys and S-Boxes) Algorithm

The Blowfish Key Schedule (Sub-Keys Generation) algorithm is provided to generate 18 Sub-keys and 4 S-boxes, using user provided secret key and hexadecimal digits of the fractional portion of constant Pi, (3.1415927... - 3) = 0.1415927... as input.

In the previous tutorial, we left two parts undefined in the Blowfish encryption algorithm:

• 18 Sub-keys: P{1), P(2), ..., P(18) - Each Sub-key is 32 bits long.
• 4 S-boxes: S1[], S2[], S3[], S4[] - Each S-box has 256 elements. Each element is 32 bits long.

Here is the suggested Blowfish key schedule algorithm, which should be used to construct 18 Sub-keys and 4 S-boxes:

```Input:
K: The key - 32 bits or more
PI: The binary representation of the fractional portion of "pi"
= 3.1415927... - 3.0
= 2/16 + 4*/16**2 + 3/16**3 + 15/16**4 + ...
= 0x243f6a8885a308d313198a2e03707344...

Output:
P1, P2, ..., P18: 18 32-bit sub-keys
S1[], S2[], S3[], S4[]: 4 S-boxes, 32-bit 256-element arrays

Algorithm - Blowfish Key Schedule Generation:
(P1, P2, ..., P18, S1[], S2[], S3[], S4[]) = PI
K' = (K, K, K, ...), Repeat the key to 18*32 bits long
(P1, P2, ..., P18) = (P1, P2, ..., P18) XOR K'
T = (0x000000, 0x000000), Setting initial clear text
T = Blowfish(T), Applying Blowfish process
(P1, P2) = T, Updating first two sub-keys
T = Blowfish(T), Applying Blowfish process
(P3, P4) = T
......
T = Blowfish(T)
(P17, P18) = T
T = Blowfish(T)
(S1[0], S1[1]) = T
T = Blowfish(T)
(S1[2], S1[3]) = T
......
T = Blowfish(T)
(S1[254], S1[255]) = T
T = Blowfish(T)
(S2[0], S2[1]) = T
......
T = Blowfish(T)
(S4[254], S4[255]) = T
```

Note that:

• To initialize 18 sub-keys and 4 S tables, we need 18*32 + 4*256*32 = 576 + 32768 = 33344 binary digits of PI, or 33344/4 = 8336 hex digits of PI.
• To finalize 18 sub-keys and 4 S tables, we need to apply Blowfish algorithm (18+4*256)/2 = 1042/2 = 521 times.
• The secret key, K, has an variable length from 32 bits to 18*32=576 bits (72 bytes) long.
• The Blowfish process is used as part of the key schedule algorithm.

Now we have completed the entire Blowfish encryption algorithm, which takes a give secret key, constructs Sub-keys and S-boxes, then apply the Blowfish process on the given 64-bit block.

Table of Contents