Google Decides Not To Use Speck For Disk Encryption, Instead Developing HPolyC

Written by Michael Larabel in Linux Kernel on 6 August 2018 at 07:41 PM EDT. 8 Comments
While the controversial Speck crypto support was added to Linux 4.17 and with Linux 4.18 it's being exposed via fscrypt for a disk encryption option, which Google intended to be used on low-end "Android Go" devices that don't have CPUs with capable native encryption extensions, instead Google is backtracking.

Google now says they no longer intend to make use of Speck for encryption on these super low-end devices... Speck has been controversial due to being developed by the NSA, it was rejected from becoming an ISO standard, and there is an unproven belief this crypto algorithm could be back-doored by this US spy agency. So instead Google is working on an alternative implementation for disk encryption on these barebones Android smartphones.

What Google is working on is a new encryption mode called HPolyC. The HPolyC implementation uses the ChaCha stream cipher for disk encryption and have a stronger notion of security than XTS thanks to true wide-block modes.

Google's Eric Biggers wrote, "HPolyC is a construction, not a primitive. It is proven secure if XChaCha and AES are secure, subject to a security bound. Unless there is a mistake in this proof, one therefore does not need to trust HPolyC; one need only trust XChaCha (which itself has a security reduction to ChaCha) and AES... We attest that no "backdoor" or other weakness was inserted into HPolyC, its implementation, or any other aspect of our work; and that to the best of our knowledge, HPolyC's security proof is correct. You don't have to trust us, though: since HPolyC is a construction, not a primitive, its security proof can be independently verified by anyone."

As a "request for comments", Google sent out their HPolyC kernel work today on the kernel mailing list. It's not ready for merging yet but they are looking for developers and security experts to review and test the code.

As part of this patch series, Google is not dropping the Speck code within the kernel but they will "no longer have any objection to them being removed."
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week