# Blowfish

概述 The round function (Feistel function) of Blowfish 布鲁斯·施奈尔 1993 Twofish 32-448位 64位 费斯妥密码 16 Four rounds of Blowfish are susceptible to a second-order differential attack (Rijmen, 1997);[1] for a class of weak keys, 14 rounds of Blowfish can be distinguished from a pseudorandom permutation (Vaudenay, 1996).

Blowfish是一个對稱密鑰加密分组密码算法，由布魯斯·施奈爾於1993年设计，现已应用在多种加密产品。Blowfish算法由於分組長度太小已被認為不安全，施奈尔更建议在现代应用中使用Twofish密码。[2]

Blowfish主要包括关键的几个S盒和一个复杂的核心变换函数。

## Blowfish的伪代码

```uint32_t P[18];
uint32_t S[4][256];

uint32_t f (uint32_t x) {
uint32_t h = S[0][x >> 24] + S[1][x >> 16 & 0xff];
return ( h ^ S[2][x >> 8 & 0xff] ) + S[3][x & 0xff];
}

void encrypt (uint32_t & L, uint32_t & R) {
for (int i=0 ; i<16 ; i += 2) {
L ^= P[i];
R ^= f(L);
R ^= P[i+1];
L ^= f(R);
}
L ^= P[16];
R ^= P[17];
swap (L, R);
}

void decrypt (uint32_t & L, uint32_t & R) {
for (int i=16 ; i > 0 ; i -= 2) {
L ^= P[i+1];
R ^= f(L);
R ^= P[i];
L ^= f(R);
}
L ^= P[1];
R ^= P[0];
swap (L, R);
}

// ...
// initializing the P-array and S-boxes with values derived from pi; omitted in the example
// ...
{
for (int i=0 ; i<18 ; ++i)
P[i] ^= key[i % keylen];
uint32_t L = 0, R = 0;
for (int i=0 ; i<18 ; i+=2) {
encrypt (L, R);
P[i] = L; P[i+1] = R;
}
for (int i=0 ; i<4 ; ++i)
for (int j=0 ; j<256; j+=2) {
encrypt (L, R);
S[i][j] = L; S[i][j+1] = R;
}
}
```

## 参考资料

1. ^ Vincent Rijmen. Cryptanalysis and Design of Iterated Block Ciphers. Ph.D thesis. 1997 [2015-03-16]. （原始内容 存档于2013-05-08）.
2. ^ Dahna, McConnachie. Bruce Almighty: Schneier preaches security to Linux faithful. Computerworld: 3. 2007-12-27 [2018-01-26]. （原始内容存档于2016-12-02）. At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead.