exclusive-ors;weak keys;cipher;attack;subkey arrays;">
Blowfish is a 64-bit block cipher developed by Schneier [Sch93]. It is a Feistel cipher (see Question 56) and each round consists of a key-dependent permutation and a key-and-data-dependent substitution. All operations are based on exclusive-ors and additions on 32-bit words. The key has a variable length (with a maximum length of 448 bits) and is used to generate several subkey arrays. This cipher was designed specifically for 32-bit machines and is significantly faster than DES. There was an open competition for the cryptanalysis of Blowfish supported by Dr. Dobb's Journal with a $1000 prize. This contest ended in April 1995 [Sch95a] and among the results were the discoveries of existence of certain weak keys (see Question 60), an attack against a three-round version of Blowfish, and a differential attack against certain variants of Blowfish. However, Blowfish can still be considered secure, and Schneier has invited cryptanalysts to continue investigating his cipher.