2

I am trying to use the Blowfish algorithm, however, I am trying to understand SBoxes that were used in the algorithm. I saw that it uses the hex digits of PI. I looked around in the web and found some codes that implements Blowfish and saw that they're using hardcoded SBox int arrays.

For example, in here: https://www.schneier.com/code/constants.txt

Since it was stated that sboxes contain the digits of PI, so I am guessing that the first five entries of sbox0 correspond to 31416.

If so, how did 0xd1310ba6L came from 3?

I am asking this because I am experimenting if I can use a random set of integers for the sboxes. After all, I saw that sbox values were supposed to be random.

Also, if I did change the values of the sboxes, can I still use the same set for the P_Array?

User
  • 21
  • 2
  • 1
    Related to your …if I can use a random set of integers for the sboxes… statement , please *Make No Mistake – S-Boxes Are Not Random* – e-sushi Aug 18 '17 at 14:54
  • 1
    @e-sushi Thank you for this link! I'm quite new to cryptography and I do apologize if I ask some questions. However, I was wondering, since the SBoxes used in the Blowfish algorithm are initialized values of PI digits, what would be the effect if I shuffle the already existing initialized values? Is this not recommended? – Kawamoto Takeshi Aug 21 '17 at 03:59
  • @KawamotoTakeshi In that particular case, you "could" reshuffle the values indeed. *But* you have to remember that PI was used as a "nothing up my sleeves" number. Shuffling the box would raise two problems: (1) you would change Blowfish so thay it's incompatible with the default Blowfish standard. Every recipient of encrypted data would need to use your implementation… which brings us to another problem besides compatibility and distribution problems, because [1/2] – e-sushi Aug 22 '17 at 17:51
  • [2/2] (2) reshuffling would raise the question of your motivation. A reshuffle makes it a bunch of numbers no one knows. You can argue it's "PI with a shuffle", but you'ld also have to explain why you chose to reshuffle — user trust issue — and you have to prove that your choice of numbers does not introduce weaknesses — user trust and potential security problem. After all, that's the reason Blowfish uses PI a nothing up my sleeves number in the first place. So, changing the sbox introduces trust and maybe even security problems, while the benefit is unclear… therefore it is not recommended. – e-sushi Aug 22 '17 at 17:55

1 Answers1

1

Another unbreakable encryption from Bruce! His words.

Yes the boxes come from π. However, it's not the way you think. It's not a literal base change of the decimal expansion. You have to calculate π from scratch in hexadecimal. If you were to use your approach and simply change the base of the decimal expansion, you'd be putting 10 values into 16 bins for each digit. In hex, π is just:-

3.243F6 A8885 A308D 31319 8A2E0 37073 44A40 93822 299F3 1D008 2EFA9 8EC4E 6C894 52821 E638D 01377 BE546 6CF34 E90C6 CC0AC

which are your digits.

You do understand that the P and S boxes don't contain π? They are initialised with π digits, but then amended in a key related fashion. The π bit is what's know as nothing up your sleeve numbers (NUMSN), and there are many answers here relating to such initialisation. In summary, you have to initialise a variable with something or zero. The purpose of NUMSN is to create a dissociation between the numbers you start with and the way the algorithm works so that there cannot be any possible adverse relationship. There is some expansion here.

On that basis, yes you could initialise with anything. Even just zeros. Although, I've never seen security analysis of an algorithm with and without the NUMSN.

After all, I saw that sbox values were supposed to be random.

This is a contentious issue. For a super dooper efficient algorithm, s boxes are very cleverly designed with several security parameters in mind. There is an s-box tag that will highlight a pile of appropriate questions. Uber efficiency isn't always necessary. Brute force can be used instead by increasing the number of rounds. As Blowfish recalculates it's S and P boxes dynamically, such security pre design clearly isn't used in that case. I believe that this technique works for both the S and P boxes.

Paul Uszak
  • 15,390
  • 2
  • 28
  • 77