Ambit Cipher [Final 2 - bug fix]

Submitted on: 6/10/2018 10:50:55 AM
By: Rde 
Level: Advanced
User Rating: By 1 Users
Compatibility: VB 5.0, VB 6.0
Views: 5945
author picture
     Ambit Cipher - Fast 128-bit multi-pass stream cipher

This article has accompanying files

  Ambit Cipher

  Fast 128-bit multi-pass stream cipher

Blowfish is a cipher that was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms.

Blowfish is a 64-bit feistel block cipher, meaning that data is encrypted and decrypted in 64-bit chunks within multiple rounds. Each block is fully encrypted/decrypted before moving on to the next block.

Blowfish uses the same shared secret key for both encryption of plaintext and decryption of the resultant ciphertext.

Ambit is a modification of Bruce Schneier's algorithm and is now a 128-bit multi-pass stream cipher. Modifications were made to increase efficiency and security. Multi-pass ensures that Ambits superior speed cannot be taken advantage of by an attacker.

Ambit processes data in 128-bit blocks. It performs multiple full passes over the data. Each block of data on a given pass has four rounds performed. Ambit uses output feedback (OFB) and a time-optimized key transformation process.

OFB mode gives added security similar to other modes such as cipher block chaining (CBC), by removing associations that may exist between cipher blocks that are encrypted independently.

Another advantage of OFB is any errors in transmission will not render all data beyond the first error bit as un-recoverable.

The Ambit cipher accepts an optional Seed. Specifying a non-zero secret seed effectively creates one unique variant of the Ambit algorithm from over 4 billion possible variants.

Ambit also incorporates a CRC checksum for decryption validation.


The key is first expanded to 512 bits (64 bytes) and transformed into a 64-byte key schedule. The key schedule is accessed as 128-bit segments, and so is cycled after every 4 rounds. A 128-bit state vector is also generated from the key during initialization, as is the Blowfish s-boxes.

Ambit's shift register/key schedule is dynamically updated with the output of the encryption function by hashing it with the current key segment, before incrementing to the next segment to be used to seed the encryption function. The segment is hashed with the state (with a side-shift cycle completed over 4 rounds), then the result is transformed by the dissociation function.

The output of the encryption function (the state) is hashed with the current block of input data (plaintext on the first pass) to produce the ciphertext. The state is also fed back into the key schedule. Each block of input is hashed with the state on every round.

The state is purely a product of the key, the input data has no effect on the state. Errors in transmission don't perpetuate.

The encryption function is basically the same dissociation function used by Bruce Schneier's Blowfish algorithm, including the 1024-word multi-dimensional 's-box' table of fractional values of PI. This is an exceptionally effective dissociation function.


Any key length is permitted by the Ambit algorithm. No weak keys such as "a" or "me" show any loss of quality of the ciphertext.

However, short keys and keys such as "password" or "letmein" are vulnerable to a key attack. Therefore, a key length of at least 160 bits (20 bytes) is recommended, and 240 bits (30 bytes) if the key is limited to keyboard characters. Don't use predictable keys!

Key length is truncated or expanded to 512 bits (64 bytes). The resultant ciphertext will be exactly 4 bytes larger than the source data due to an appended 32-bit CRC checksum.


Credit of course to Bruce Schneier for the Blowfish algorithm.

Thanks to Fredrik Qvarfort for the original Blowfish VB class.


You are free to use any part or all of this code even for commercial purposes under the agreement that you receive absolutely no warranties expressed or implied.

You are also free to implement the Ambit design, or parts of it, in any way.

winzip iconDownload article

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come out every day, so no prevention program can catch 100% of them. For your own safety, please:
  1. Re-scan downloaded files using your personal virus checker before using it.
  2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
  3. Scan the source code with Minnow's Project Scanner

If you don't have a virus scanner, you can get one at many places on the net

Other 25 submission(s) by this author


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Advanced category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)

Other User Comments

5/13/2018 4:15:18 AMRde

I had a thought; block ciphers such as AES could implement CBC as a final seperate pass after the encryption process.

Keep in mind the state after encryption (final cipher block) should be used to seed the CBC pass.

(If this comment was disrespectful, please report it.)

5/14/2018 9:17:03 AMRde

Forget my comment above
I've realised block ciphers must unchain before decryption, the final cipher state is not yet available
(If this comment was disrespectful, please report it.)


Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)

To post feedback, first please login.