Google this week announced Adiantum, a new form of encryption aimed at Android devices without cryptographic acceleration.
Meant to protect user data if a device falls into the wrong hands, storage encryption has been required for most devices since Android 6.0 in 2015. Relying on Advanced Encryption Standard (AES), however, the feature is slow on devices using low-end processors without hardware support for AES.
To improve efficiency on such devices, Google designed Adiantum, which allows for the use of the ChaCha stream cipher in a length-preserving mode. ChaCha already was a viable solution in HTTPS encryption, but proved challenging to bring to disk and file encryption.
With ChaCha both highly secure and much faster than AES when hardware acceleration is unavailable, Adiantum encryption and decryption on ARM Cortex-A7 processors is around five times faster compared to AES-256-XTS, Google claims.
“Adiantum is a true wide-block mode: changing any bit anywhere in the plaintext will unrecognizably change all of the ciphertext, and vice versa. It works by first hashing almost the entire plaintext,” the Internet search company says.
“We also hash a value called the “tweak” which is used to ensure that different sectors are encrypted differently. This hash is then used to generate a nonce for the ChaCha encryption. After encryption, we hash again, so that we have the same strength in the decryption direction as the encryption direction,” Google continues.
Named after the genus of the maidenhair fern, which in the Victorian language of flowers (floriography) represents sincerity and discretion, Adiantum is very new, but the search provider says they have high confidence in its security.
The new encryption is expected to make future devices more secure, while bringing improved security to more users than before. With Adiantum everything from smart watches to Internet-connected medical devices will be able to encrypt sensitive data, the Internet giant claims.
“Our hope is that Adiantum will democratize encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance. Everyone should have privacy and security, regardless of their phone’s price tag,” Eugene Liderman, Director of Mobile Security Strategy, Android Security & Privacy Team, says.
Full details on Adiantum are available in Google’s paper Adiantum: length-preserving encryption for entry-level processors in IACR Transactions on Symmetric Cryptology.
Adiantum has been designed for devices running Android 9 and higher that lack AES CPU instructions. Details on how the encryption can be enabled are available on Google’s dedicated Android site.
Related: Password Practices Still Poor, Google Says
Related: Google Unveils New Encryption Features for Android Developers
Ionut Arghire is an international correspondent for SecurityWeek.
Tags: 
