Google launched a new form of encryption called ‘Adiantum’, that is designed to secure data stored on lower-end smartphones and devices with insufficient processing power. In lieu of security, most Android phones have storage encryption enabled within them as a default feature. An exemption is made for phones with low processing power or with low-end hardware; where storage encryption is either off by default to improve performance, or not present at all.
Adiantum is suitable for devices that lack dedicated ARM extensions for security. While a majority of new Android devices have hardware support for AES through the ARMv8 Cryptography Extensions, devices that use low-end processors such as the ARM Cortex-A7 do not support AES encryption, as it leads to poor and slow user experience.
According to Eugene Liderman, director of mobile security strategy for Google’s Android security & privacy team, “Adiantum was built to run on phones and other smart devices that don’t have the specialized hardware to use current methods to encrypt locally stored data efficiently.” With a hope to democratize encryption for all devices – including any low-power Linux-based device, from smartwatches to connected medical devices, Liderman says that “There will be no excuse for compromising security for the sake of device performance. Everyone should have privacy and security, regardless of their phone’s price tag.”
How does Adiantum work?
Google’s Adiantum has been designed to encrypt local data without slowing down systems or increase the price of devices due to the implementation of additional hardware. Adiantum uses the ChaCha stream cipher in a length-preserving mode. It does so by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH. On ARM Cortex-A7, Adiantum encryption and decryption on 4096-byte sectors is around 5x faster than AES-256-XTS.
Adiantum can change any bit anywhere in the plaintext, and this will unrecognizably change all of the ciphertext, and vice versa. It hashes almost the entire plaintext using a keyed hash based on Poly1305 and a keyed hashing function called NH. It also hashes a value called the “tweak” which is used to ensure that different sectors are encrypted differently. This hash is used to generate a nonce for the ChaCha encryption.
After the encryption is complete, the data is hashed again. This is arranged in a configuration known as a Feistel network. You can read the entire whitepaper detailing the encryption standard by Google software engineers Paul Crowley and Eric Biggers. The paper goes into further technical details relating to Adiantum.
This is the second announcement made by Google in the spirit of Safer Internet day. Earlier this week, Google released a new Chrome extension called “Password Checkup” which checks if a user’s credentials have been connected to past data leaks.
You can head over to Google’s official blog to know more about Adiantum.