View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 8, 2019

Google Unveils New ‘Adiantum’ Encryption Method for Low-Cost Devices

“Even though Adiantum is very new, we are in a position to have high confidence in its security."

By CBR Staff Writer

Google has unveiled a new form of storage encryption for mobile devices that is aimed at plugging the security gap in low-cost devices.

The encryption format Adiantum has been specifically designed by Google to bring encryption to low-process power devices.

Currently there is a manufacturing requirement that any android device after 6.0 in 2015 must have storage encryption in place. However an exemption was given to handset makers when it comes to low-cost devices with low processing power. Low-cost devices are missing the specialised hardware that supports the Advanced Encryption Standard or AES.

To keep costs low device manufactures often use low-end processors such as the ARM Cortex-A7 which cannot support AES. If AES was to be used on these devices users would experience serious delays in applications and the device would feel sluggish.

Adiantum gets around the lack of specialised hardware by using a different encryption method, the ChaCha stream cipher, which is much faster than AES when hardware acceleration is not an option. ChaCha relies on operations that are already present in most low-end CPU’s.

“Our hope is that Adiantum will democratize encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance. Everyone should have privacy and security, regardless of their phone’s price tag,” commented Eugene Liderman Director of Mobile Security Strategy at Android.

Adiantum Encryption Technical Challenge

Storage on devices is generally organised into sectors which are normally 4096 bytes in size. As a request is received by the device to access a sector in order to read or write, it must first pass through the encryption layer which coverts between plaintext and ciphertext.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

In order to use ChaCha encryption the ciphertext must be slightly larger than the plaintext, this is in order to accommodate the space needed for cryptographic nonce and message integrity information.

Android Security & Privacy Team members Paul Crowley and Eric Biggers wrote in a security blog that: “Where AES is used, the conventional solution for disk encryption is to use the XTS or CBC-ESSIV modes of operation, which are length-preserving.”

“Currently Android supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption. However, when AES performance is insufficient there is no widely accepted alternative that has sufficient performance on lower-end ARM processors.”

Adiantum EncryptionThey believe that the solution to the problem is their new encryption mode Adiantum which adapts ideas from AES-based length-preserving encryption proposals like HCTR and HCH.

“On ARM Cortex-A7, Adiantum encryption and decryption on 4096-byte sectors is about 10.6 cycles per byte, around 5x faster than AES-256-XTS.”

“Even though Adiantum is very new, we are in a position to have high confidence in its security,” they state.

See Also: Why Mobile Apps are a Headache for Critical Public Services

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU