CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Google Improves Android Encryption with Adiantum

Google this week announced Adiantum, a new form of encryption aimed at Android devices without cryptographic acceleration.

Google this week announced Adiantum, a new form of encryption aimed at Android devices without cryptographic acceleration.

Meant to protect user data if a device falls into the wrong hands, storage encryption has been required for most devices since Android 6.0 in 2015. Relying on Advanced Encryption Standard (AES), however, the feature is slow on devices using low-end processors without hardware support for AES. 

To improve efficiency on such devices, Google designed Adiantum, which allows for the use of the ChaCha stream cipher in a length-preserving mode. ChaCha already was a viable solution in HTTPS encryption, but proved challenging to bring to disk and file encryption. 

With ChaCha both highly secure and much faster than AES when hardware acceleration is unavailable, Adiantum encryption and decryption on ARM Cortex-A7 processors is around five times faster compared to AES-256-XTS, Google claims.

“Adiantum is a true wide-block mode: changing any bit anywhere in the plaintext will unrecognizably change all of the ciphertext, and vice versa. It works by first hashing almost the entire plaintext,” the Internet search company says. 

“We also hash a value called the “tweak” which is used to ensure that different sectors are encrypted differently. This hash is then used to generate a nonce for the ChaCha encryption. After encryption, we hash again, so that we have the same strength in the decryption direction as the encryption direction,” Google continues. 

Named after the genus of the maidenhair fern, which in the Victorian language of flowers (floriography) represents sincerity and discretion, Adiantum is very new, but the search provider says they have high confidence in its security. 

The new encryption is expected to make future devices more secure, while bringing improved security to more users than before. With Adiantum everything from smart watches to Internet-connected medical devices will be able to encrypt sensitive data, the Internet giant claims. 

Advertisement. Scroll to continue reading.

“Our hope is that Adiantum will democratize encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance. Everyone should have privacy and security, regardless of their phone’s price tag,” Eugene Liderman, Director of Mobile Security Strategy, Android Security & Privacy Team, says. 

Full details on Adiantum are available in Google’s paper Adiantum: length-preserving encryption for entry-level processors in IACR Transactions on Symmetric Cryptology.

Adiantum has been designed for devices running Android 9 and higher that lack AES CPU instructions. Details on how the encryption can be enabled are available on Google’s dedicated Android site

Related: Password Practices Still Poor, Google Says

Related: Google Unveils New Encryption Features for Android Developers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...