Google Decides Not To Use Speck For Disk Encryption, Instead Developing HPolyC

Written by Michael Larabel in Linux Kernel on 6 August 2018 at 07:41 PM EDT. 8 Comments
LINUX KERNEL
While the controversial Speck crypto support was added to Linux 4.17 and with Linux 4.18 it's being exposed via fscrypt for a disk encryption option, which Google intended to be used on low-end "Android Go" devices that don't have CPUs with capable native encryption extensions, instead Google is backtracking.

Google now says they no longer intend to make use of Speck for encryption on these super low-end devices... Speck has been controversial due to being developed by the NSA, it was rejected from becoming an ISO standard, and there is an unproven belief this crypto algorithm could be back-doored by this US spy agency. So instead Google is working on an alternative implementation for disk encryption on these barebones Android smartphones.

What Google is working on is a new encryption mode called HPolyC. The HPolyC implementation uses the ChaCha stream cipher for disk encryption and have a stronger notion of security than XTS thanks to true wide-block modes.

Google's Eric Biggers wrote, "HPolyC is a construction, not a primitive. It is proven secure if XChaCha and AES are secure, subject to a security bound. Unless there is a mistake in this proof, one therefore does not need to trust HPolyC; one need only trust XChaCha (which itself has a security reduction to ChaCha) and AES... We attest that no "backdoor" or other weakness was inserted into HPolyC, its implementation, or any other aspect of our work; and that to the best of our knowledge, HPolyC's security proof is correct. You don't have to trust us, though: since HPolyC is a construction, not a primitive, its security proof can be independently verified by anyone."

As a "request for comments", Google sent out their HPolyC kernel work today on the kernel mailing list. It's not ready for merging yet but they are looking for developers and security experts to review and test the code.

As part of this patch series, Google is not dropping the Speck code within the kernel but they will "no longer have any objection to them being removed."
8 Comments
Related News
Linux 6.10-rc1 Kernel Released With Many New Features
Linux 6.10 Supports NUMA Balancing For Multi-Size THPs
Newer AMD Radeon Graphics Cards Now Work On RISC-V With Linux 6.10
Initial Windows NT Sync Driver Merged Into Linux 6.10 But Not Yet Complete
Linux 6.10's Hardening Configuration Now Enables KCFI & Other Features
Linux 6.10 Will Print The Number Of Populated Memory Slots At Boot Time
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linux 6.10 Honors One Last ReiserFS Request Made By Hans Reiser
Linux 6.10 Will Print The Number Of Populated Memory Slots At Boot Time
Memory Sealing "mseal" System Call Merged For Linux 6.10
GNOME Shell & Mutter Broke Their Good Faith With Ubuntu
NVIDIA 555.42.02 Linux Beta Brings Wayland Explicit Sync, GSP Firmware Used By Default
KDE Plasma 6.1 Beta Released With Wayland Explicit Sync, Input Capture Portal & More
Coreboot 24.05 Released With 25 More Platforms - Including The Framework 13 AMD
KDE Plasma 6.1 Lands Dynamic Triple Buffering Support