The round function (Feistel function) of Blowfish 

General  

Designers  Bruce Schneier 
First published  1993 
Successors  Twofish 
Cipher detail  
Key sizes  32–448 bits in steps of 8 bits; default 128 bits 
Block sizes  64 bits 
Structure  Feistel network 
Rounds  16 
Best public cryptanalysis  
Four rounds of Blowfish are susceptible to a secondorder differential attack (Rijmen, 1997); for a class of weak keys, 14 rounds of Blowfish can be distinguished from a pseudorandom permutation (Vaudenay, 1996). 
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention.
Schneier designed Blowfish as a generalpurpose algorithm, intended as a replacement for the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."
Notable features of the design include keydependent Sboxes and a highly complex key schedule.
Contents 
Blowfish has a 64bit block size and a variable key length from 32 up to 448 bits.^{[1]} It is a 16round Feistel cipher and uses large keydependent Sboxes. It is similar in structure to CAST128, which uses fixed Sboxes.
The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18entry Parray and four 256entry Sboxes. The Sboxes accept 8bit input and produce 32bit output. One entry of the Parray is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused Pentries.
The diagram to the upper right shows Blowfish's Ffunction. The function splits the 32bit input into four eightbit quarters, and uses the quarters as input to the Sboxes. The outputs are added modulo 2^{32} and XORed to produce the final 32bit output.
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order. This is not so obvious because xor is commutative and associative. A common mistake is to use inverse order of encryption as decryption algorithm (i.e. first XORing P17 and P18 to the ciphertext block, then using the Pentries in reverse order).
Blowfish's key schedule starts by initializing the Parray and Sboxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern (see nothing up my sleeve number). The secret key is then XORed with the Pentries in order (cycling the key if necessary). A 64bit allzero block is then encrypted with the algorithm as it stands. The resultant ciphertext replaces P_{1} and P_{2}. The ciphertext is then encrypted again with the new subkeys, and P_{3} and P_{4} are replaced by the new ciphertext. This continues, replacing the entire Parray and all the Sbox entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys  about 4KB of data is processed.
There is no effective cryptanalysis on the fullround version of Blowfish known publicly as of 2009. A sign extension bug in one publication of C code has been identified.^{[2]}
In 1996, Serge Vaudenay found a knownplaintext attack requiring 2^{8r + 1} known plaintexts to break, where r is the number of rounds. Moreover, he also found a class of weak keys that can be detected and broken by the same attack with only 2^{4r + 1} known plaintexts. This attack cannot be used against the regular Blowfish; it assumes knowledge of the keydependent Sboxes. Vincent Rijmen, in his Ph.D. thesis, introduced a secondorder differential attack that can break four rounds and no more. There remains no known way to break the full 16 rounds, apart from a bruteforce search.^{[3]}
Bruce Schneier notes that while Blowfish is still in use, he recommends using the more recent Twofish algorithm instead.^{[4]}
Blowfish is a fast block cipher, except when changing keys. Each new key requires preprocessing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others. In one application, it is actually a benefit: the passwordhashing method used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks. See key strengthening.
Blowfish has a memory footprint of just over 4 kilobytes of RAM. This constraint is not a problem even for older desktop and laptop computers, though it does prevent use in the smallest embedded systems such as early smartcards.
Blowfish was one of the first secure block ciphers not subject to any patents and therefore freely available for anyone to use. This benefit has contributed to its popularity in cryptographic software.
The English used in this article or section may not be easy for everybody to understand. You can help Wikipedia by making this page or section simpler. 
In cryptography, Blowfish is a keyed, symmetric block cipher, made in 1993 by Bruce Schneier and since 1993 has been included(put together) in a large number of encryption products. Blowfish has a good encryption rate in software and until 2008 no cryptanalytic attack model of it has been found. However, the AES block cipher algorithm now has more attention.
Schneier made Blowfish as a generalpurpose algorithm, to be used as a replacement for the old DES algorithm and to remove the problems and difficulties of other encryption algorithms. At the time Blowfish was released, many other algorithms were proprietary, or were secrets. Schneier has said that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."
Main features of the design include keydependent Sboxes and a very complex key schedule. Blowfish is one of the fastest block ciphers used by many people, except when changing keys. Each new key needs to be preprocessed which takes the same time as encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This stops its use in certain applications (such as in the smallest embedded systems like the early smartcards), but it is not a problem in other applications. In one of the applications, it is actually good: the passwordhashing method used in OpenBSD uses an algorithm that comes from Blowfish which makes use of the slow key schedule; the idea is that the extra computational effort required gives protection against dictionary attacks. See key strengthening.
Blowfish has a 64bit block size and a variable key length from 0 up to 448 bits^{[1]} It is a 16round Feistel cipher and uses large keydependent Sboxes. It is similar in structure to CAST128, which uses fixed Sboxes.
In 1996, Serge Vaudenay found a knownplaintext attack needing 2^{8r + 1} known plaintexts to break, where r is the number of rounds. Moreover, he also found a class of weak keys that can be detected and broken by the same attack with only 2^{4r + 1} known plaintexts. This attack cannot be used against the regular Blowfish; it assumes knowledge of the keydependent Sboxes. Vincent Rijmen, in his Ph.D. papers, introduced a secondorder differential attack that can break four rounds and no more. Still there is no known way to break the full 16 rounds, apart from a bruteforce search. ^{[2]} A sign extension bug in one of the published C code has been found in 1996.^{[3]}
There is no good cryptanalysis on the fullround version of Blowfish known publicly till 2008. However in 2007, Bruce Schneier noted that while Blowfish is still in use, he recommended using the new Twofish algorithm instead ^{[4]}
