Google has announced an effort to bring device encryption to a wider range of Android devices - including smartwatches and even medical systems - using a new encryption system better-suited to low-end devices without hardware cryptographic acceleration capabilities: Adiantum.
The creation of the first handheld mobile phone, a prototype developed by Motorola and used to place a highly-publicised call to rival Bell Labs, began a revolution in technology which continues to this day. Mobile phones became smaller, received data services, incorporated cameras, and today are what 1973's engineers would have seen as, effectively, multifunction supercomputers which somehow fit in your pocket.
All this technology, though, comes at a cost: It's possible to have a large chunk of your private life on your handset these days, from medical information gathered by connected wrist-worn smartwatch sensors and 'personal' photographs to passwords and payment information - and, in the case of cryptocurrencies, even the private keys needed to access cryptographically-secured funds. Device encryption is one method of protecting all this personal data, but it's only applicable to devices which have powerful enough processors or built-in hardware acceleration - which, Google argues, isn't enough. Enter Adiantum.
'Adiantum is a new form of encryption that we built specifically to run on phones and smart devices that don’t have the specialised hardware to use current methods to encrypt locally stored data efficiently,' explains Google's director of mobile security strategy Eugene Liderman. 'Adiantum is designed to run efficiently without that specialised hardware. This will make the next generation of devices more secure than their predecessors, and allow the next billion people coming online for the first time to do so safely. Adiantum will help secure our connected world by allowing everything from smart watches to internet-connected medical devices to encrypt sensitive data.'
In a more technical explanation on the Google Security Blog, engineers Paul Crowley and Eric Biggers explain: Android encrypts data in storage using the Advanced Encryption Standard (AES), which is hardware-accelerated using the ARMv8 Cryptography Extensions on suitably modern devices. Older, cheaper, and lower-power devices still abound, though, and most of these don't include the Cryptography Extensions - resulting in AES encryption performance below 50MB/s, and an exemption from what is otherwise a blanket requirement for on-by-default storage encryption.
Adiantum, the pair explain, is an entirely new encryption mode which uses the high-performance ChaCha stream cipher - typically used for Transport Layer Security (TLS) encryption of data in transit - for file-based encryption. The result is startling: Running on a Cortex-A7 chip at 1.19GHz Adantium's throughput hits 112MB/s for both encrypt and decrypt operations, whereas AES-256-XTS topped out at 24MB/s encrypt and 20MB/s decrypt.
More information on Adiantum, which is part of the Android common kernel 4.9 and above and mainline Linux kernel 5.0 and above, can be found in the paper published in the journal IACR Transactions on Symmetric Cryptology or on the company's GitHub repository.