![](\"https:\/\/media.wired.com\/photos\/5c5b816c85a8a025a0fc4bef\/master\/pass\/Phone-Updates-534984232.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Thu, 07 Feb 2019 17:00:00 +0000<\/strong><\/p>\n One of the <\/span>easiest ways to protect your privacy and security on a smartphone<\/a> is to set a passcode or biometric lock to enable disk encryption<\/a>. That way if your phone gets lost or stolen, no one can take data off the device in a readable form. But not all smartphones\u2014and tablets, and smartwatches, and so on\u2014offer that protection. They don\u2019t have the processing power to deal with resource-intensive encryption. So Google researchers have created a new encryption approach<\/a> that\u2019s faster and more efficient\u2014and aims to bring data encryption protections to billions of Android users around the world.<\/p>\n The scheme, dubbed Adiantum, takes established cryptographic tools and principles that have been vetted by experts and implements them in a new, more efficient way. It aims to get full disk encryption running seamlessly on embedded devices without the latest and greatest hardware, giving users added security without slowing down apps or making the whole experience buggy.<\/p>\n \u201cPrivacy really shouldn\u2019t be a luxury. It\u2019s something that all users for all products of all shapes and sizes should be able to have,\u201d says Dave Kleidermacher, who heads Android security. \u201cThere are many people for whom an expensive flagship phone is not an option, but to protect against an attacker or a thief getting access to your private information you have to encrypt that data.\u201d<\/p>\n Since Android is open source and can be adapted for all sorts of devices, the Google researchers who worked on Adiantum say that they\u2019re excited to see where the approach ends up. Google has already released versions of Adiantum in the Android kernel and Linux kernel<\/a> (which Android is based on), plus a tailored version for ARM processors. All of which makes it easy to bake into not just phones but also a multitude of IoT devices that run versions of Android.<\/p>\n Android has required that smartphones support storage encryption since Android 6 in 2015, but low-end devices have remained exempt because the demand would significantly impact performance. And while robust encryption for low-resource devices was a largely ignored problem for a long time, standards bodies like the National Institute of Standards and Technology have recently started to take an interest<\/a> in codifying new strategies.<\/p>\n It will be up to device manufacturers, though, to actually adopt Google's solution. The encryption exemption for low-resource IoT devices will remain for now. And manufacturers who implement Adiantum will likely largely focus on new devices going forward, though it could potentially be possible to add it retroactively to existing devices.<\/p>\n Adiantum is inspired by the ubiquitous Advanced Encryption Standard but is designed to reimagine some of AES\u2019s labor-intensive aspects. Phone chips that can handle AES encryption currently all have a dedicated coprocessor, or cryptographic accelerator, specifically there for encryption computations. To speed things up, Adiantum largely leans on a different, but still widely known and vetted, encryption algorithm called ChaCha12.<\/p>\n Underneath the complicated technical details lie real gains; researchers say that Adiantum has proved to be about five times faster than Android's standard AES-256 implementation.<\/p>\n \u201cWe started work on this in late 2017 and published an initial paper in August," says Paul Crowley, a Google senior software engineer who led the development of Adiantum. "We know a lot about how secure these algorithms like ChaCha and AES are. They've been around for decades; they\u2019ve had amazingly intense scrutiny. So we have a mathematical guarantee that if ChaCha is secure and AES is secure, then Adiantum is secure. We don\u2019t have the same sort of worries as if we were designing a new process ourselves."<\/p>\n "The composition uses a well-understood approach and standard building blocks."<\/p>\n Cryptographer Steve Weis<\/p>\n Adiantum has gotten so far already because of Google's reputation, influence, and reach, but the work will receive more intense scrutiny and vetting now that it was officially published<\/a> in a symmetric cryptology journal in December and will be presented at a major conference<\/a> in March. Initial reactions to the paper are largely positive, though.<\/p>\n "The Google engineers did not reinvent the wheel by creating new low-level algorithms but instead found an efficient way to combine established algorithms in order to address an engineering problem," says Jean-Philippe Aumasson, CEO of the Swiss IoT encryption company Teserakt AG. "The design is solid, based on trusted components, and likely to adequately protect users of the products integrating this new algorithm."<\/p>\n The Google researchers says that they are confident in Adiantum's integrity, and they hope it will help call attention to the importance of storage encryption for IoT and other low-resource devices. In true Google fashion, they call Adiantum "encryption for the next billion users."<\/p>\n "The composition uses a well-understood approach and standard building blocks," says Steve Weis, an applied cryptographer who formerly worked at Facebook and Google. "I think after some battle testing, it will be a good, performant option."<\/p>\n