While high-end Android devices have specialized hardware that handles encryption using the Advanced Encryption Standard (AES), but smartphones in the budget segments run on low processors on which the AES can not run efficiently, Google is looking to solve the security puzzle with Adiantum.

Adiantum is designed to make encryption more efficient for devices without cryptographic acceleration, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR/HCH using the ChaCha stream cipher in a length-preserving mode. For ARM Cortex-A7, the decryption on 4096-byte sectors is about 10.6 cycles per byte, around 5x faster than AES-256-XTS.

Encryption has become hugely essential for security and privacy with the proliferation of public Wifi and the need to secure the data on our smartphones, albeit it comes as a trade-off for speed as it can take quite a while to resolve traffic through the system.

And this issue of slowness is the more reason it can not be supported on low processor powered devices, as AES would result in a very poor user experience and apps would take much longer to launch; since storage encryption has been required for most devices running Android 6.0, those devices with poor AES performance (50 MiB/s and below) remains exempted.

But Google seeks to change that because encryption is now necessary for everyone, even so much so that a device becomes practically unusable.

The ChaCha20 stream cipher offers faster encryption than AES when hardware acceleration is unavailable, because it relies on operations that all CPUs natively support: additions, rotations, and XORs. So, Google selected ChaCha20 along with the Poly1305 authenticator, which is also fast in software, for a new TLS cipher suite to secure HTTPS internet connections.

With ChaCha20-Poly1305 standardized as RFC7539, it greatly improves HTTPS performance on devices that lack AES instructions. And the end result is Adiantum, which is named after the genus of the maidenhair fern, and in the Victorian language of flowers (floriography) represents sincerity and discretion.

Going forward, device manufacturers are required to enable Adiantum for either full-disk or file-based encryption on devices with AES performance <= 50 MiB/sec and launching with Android Pie. For Android Q, Adiantum will be a part of the platform, and the Android Compatibility Definition Document (CDD) will be updated to require that all new Android devices be encrypted using any of the allowed encryption algorithms.

Google to bring Encryption to low-processor powered Android devices with Adiantum



While high-end Android devices have specialized hardware that handles encryption using the Advanced Encryption Standard (AES), but smartphones in the budget segments run on low processors on which the AES can not run efficiently, Google is looking to solve the security puzzle with Adiantum.

Adiantum is designed to make encryption more efficient for devices without cryptographic acceleration, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR/HCH using the ChaCha stream cipher in a length-preserving mode. For ARM Cortex-A7, the decryption on 4096-byte sectors is about 10.6 cycles per byte, around 5x faster than AES-256-XTS.

Encryption has become hugely essential for security and privacy with the proliferation of public Wifi and the need to secure the data on our smartphones, albeit it comes as a trade-off for speed as it can take quite a while to resolve traffic through the system.

And this issue of slowness is the more reason it can not be supported on low processor powered devices, as AES would result in a very poor user experience and apps would take much longer to launch; since storage encryption has been required for most devices running Android 6.0, those devices with poor AES performance (50 MiB/s and below) remains exempted.

But Google seeks to change that because encryption is now necessary for everyone, even so much so that a device becomes practically unusable.

The ChaCha20 stream cipher offers faster encryption than AES when hardware acceleration is unavailable, because it relies on operations that all CPUs natively support: additions, rotations, and XORs. So, Google selected ChaCha20 along with the Poly1305 authenticator, which is also fast in software, for a new TLS cipher suite to secure HTTPS internet connections.

With ChaCha20-Poly1305 standardized as RFC7539, it greatly improves HTTPS performance on devices that lack AES instructions. And the end result is Adiantum, which is named after the genus of the maidenhair fern, and in the Victorian language of flowers (floriography) represents sincerity and discretion.

Going forward, device manufacturers are required to enable Adiantum for either full-disk or file-based encryption on devices with AES performance <= 50 MiB/sec and launching with Android Pie. For Android Q, Adiantum will be a part of the platform, and the Android Compatibility Definition Document (CDD) will be updated to require that all new Android devices be encrypted using any of the allowed encryption algorithms.

No comments