Conference paper

On the weak keys of Blowfish

Blowfish (Schneier, 1994) is a sixteen-rounds Feistel cipher (Feistel, 1973) in which the F function is a part of the private key. We show that the disclosure of F allows to perform a differential cryptanalysis which can recover all the rest of the key with 248 chosen plaintexts against a number of rounds reduced to eight. Moreover, for some weak F function, this attack only needs 223 chosen plaintexts against eight rounds, and 3×251 chosen plaintexts against sixteen-rounds. When the F function is safely kept private, one can detect whether it is weak or not with a differential attack using 222 plaintexts against eight rounds

Related material