Adiantum is Google’s New Encryption Model

9,408

Adiantum is Google’s New Encryption ModelGoogle has a new mode of storage encryption called Adiantum that is made specifically to run on phones and smart devices that don’t have the specialised hardware to use current methods to encrypt locally stored data efficiently.

Google says that Adiantum allows it to use the ChaCha stream cipher in a length-preserving mode that adapts ideas from AES-based proposals for length-preserving encryption, such as HCTR and HCH.

Encryption is incredibly important. It underpins our digital security. Encryption encodes data so that it can only be read by individuals with a key. With encryption, you are in complete control of this key, and you can store sensitive information such as personal data securely.

But encryption isn’t always practical, since it would slow some computers, smartphones and other devices to the point of being unusable.

Adiantum is designed to run efficiently without specialised hardware. This will make the next generation of devices more secure than their predecessors, and allow the next billion people coming online for the first time to do so safely.

Adiantum will help secure our connected world by allowing everything from smart watches to internet-connected medical devices to encrypt sensitive data.

Adiantum is Google’s New Encryption ModelGoogle’s hope is that Adiantum will democratise encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance. Everyone should have privacy and security, regardless of their phone’s price tag.

Unlike modes such as XTS or CBC-ESSIV, Adiantum is a true wide-block mode: changing any bit anywhere in the plaintext will unrecognizably change all of the ciphertext, and vice versa. It works by first hashing almost the entire plaintext using a keyed hash based on Poly1305 and another very fast keyed hashing function called NH.

Google also hash a value called the “tweak” which is used to ensure that different sectors are encrypted differently. This hash is then used to generate a nonce for the ChaCha encryption. After encryption, it is hashed again, so that we have the same strength in the decryption direction as the encryption direction.

This is arranged in a configuration known as a Feistel network, so that we can decrypt what we’ve encrypted. A single AES-256 invocation on a 16-byte block is also required, but for 4096-byte inputs this part is not performance-critical

Android device manufacturers can enable Adiantum for either full-disk or file-based encryption on devices with AES performance <= 50 MiB/sec and launching with Android Pie. Where hardware support for AES exists, AES is faster than Adiantum; AES must still be used where its performance is above 50 MiB/s.

In Android Q, Adiantum will be part of the Android platform, and we intend to update the Android Compatibility Definition Document (CDD) to require that all new Android devices be encrypted using one of the allowed encryption algorithms.

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

Decline all Services
Accept all Services