Adiantum (cipher)
Adiantum is a cipher construction for disk encryption, which uses the ChaCha and Advanced Encryption Standard (AES) ciphers, and Poly1305 cryptographic message authentication code (MAC).[1]
General | |
---|---|
Designers | Paul Crowley and Eric Biggers at Google |
First published | October 12, 2018 |
Related to | HPolyC |
It was designed in 2018 by Paul Crowley and Eric Biggers at Google specifically for low-powered mobile devices running Android Go. It has been included in the Linux kernel since version 5.0.[2] HPolyC is an earlier variant of Adiantum, which uses a different construction for the Poly1305 hash function.
Adiantum is implemented in Android 10 as an alternative cipher for device encryption, particularly on low-end devices lacking hardware-accelerated support for AES. The company stated that Adiantum ran five times faster than AES-256-XTS on ARM Cortex-A7 CPUs[3]. Google had previously exempted devices from mandatory device encryption if their specifications affected system performance if enabled. Due to the introduction of Adiantum, device encryption becomes mandatory on all Android devices beginning on Android 10.[4][5]
References
- Adiantum: length-preserving encryption for entry-level processors - doi:10.13154/tosc.v2018.i4.39-61
- "Adiantum: encryption for the low end". LWN.net. Eklektix, Inc. January 6, 2019. Retrieved January 17, 2019.
- "Adiantum: length-preserving encryption for entry-level processors". 2018-12-13. Retrieved 2020-07-17.
- "Google Improves Android Encryption with Adiantum". SecurityWeek. Retrieved 2019-09-05.
- Porter, Jon (2019-02-11). "Google wants to bring encryption to all with Adiantum". The Verge. Retrieved 2019-09-05.