Adiantum is a new form of encryption for Android devices without cryptographic acceleration, said researchers at Google.
To improve efficiency of devices, Google created Adiantum, which allows for the use of the ChaCha stream cipher. ChaCha already was a solution in HTTPS encryption, but proved challenging to bring to disk and file encryption.
“We present HBSH, a simple construction for tweakable length-preserving encryption which supports the fastest options for hashing and stream encryption for processors without AES or other crypto instructions, with a provable quadratic advantage bound,” said Google researchers Paul Crowley and Eric Biggers in a post.
“Our composition Adiantum uses NH, Poly1305, XChaCha12, and a single AES invocation. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. We also define HPolyC which is simpler and has excellent key agility at 13.6 cycles per byte,” they said.
“Two aspects of disk encryption make it a challenge for cryptography,” Crowley and Biggers said in a paper on the subject. “First, performance is critical; every extra cycle is a worse user experience, and on a mobile device a reduced battery life. Second, the ciphertext can be no larger than the plaintext: A sector-sized read or write to the filesystem must mean a sector-sized read or write to the underlying device, or performance will again suffer greatly (as well as, in the case of writes to flash memory, the life of the device).”
The new encryption should make future devices more secure, while bringing improved security to more users than before.
Adiantum has been designed for devices running Android 9 and higher that lack AES CPU instructions.