Google introduced a new storage encryption solution that it hopes will expand security efforts across its full spectrum of Android-powered devices – including low-end devices that typically can’t support encryption.
The new encryption offering, Adiantum, aims to solve a big issue that has plagued encryption over the years. It can slow down low-end or older devices, such as Android Go phones or smartwatches, by taking a toll on system resources.
“Storage encryption protects your data if your phone falls into someone else’s hands,”Paul Crowley and Eric Biggers, with the Android Security and Privacy Team, said on Thursday. “Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted.”
Android currently offers storage encryption using the Advanced Encryption Standard (AES), an instruction set meant to improve the speed of applications performing encryption and decryption.
Most new Android devices have hardware support for AES integrated into their processors (ARM’s latest ARMv8 processor).
However, the Android operating system runs on a wide range of devices: from high-end flagship and mid-range phones, but also entry-level Android Go phones (sold in developing countries) and smart watches and TVs. Some of the lower-cost device options may use low-end processors (like the ARM Cortex A7) that do not have hardware support for AES.
Adiantum seeks to solve this problem through using a different mode of encryption, the ChaCha20 stream stream cipher, which is a type of encryption algorithm that encrypts one byte of plaintext at a time, in a “length-preserving mode.”
The ChaCha20 stream cipher relies on a different set of rotations and operations that already exist in low-end devices, meaning that they would be able to handle the processes without draining valuable resources.
In fact, Google claims that Adiantum encryption and decryption on these low-end devices running on the Cortex A7 is about 5 times faster than the same devices with support for AES (AES-256-XTS).
Google said that it has deployed Adiantum in the Android kernel and Linux Kernel, as well as a tailored version of the encryption mode for ARM processors. Looking ahead, Adiantum will be part of the Android Q platform, Google said.