Google Decides Not To Use Speck For Disk Encryption, Instead Developing HPolyC

Written by Michael Larabel in Linux Kernel on 6 August 2018 at 07:41 PM EDT. 8 Comments
LINUX KERNEL
While the controversial Speck crypto support was added to Linux 4.17 and with Linux 4.18 it's being exposed via fscrypt for a disk encryption option, which Google intended to be used on low-end "Android Go" devices that don't have CPUs with capable native encryption extensions, instead Google is backtracking.

Google now says they no longer intend to make use of Speck for encryption on these super low-end devices... Speck has been controversial due to being developed by the NSA, it was rejected from becoming an ISO standard, and there is an unproven belief this crypto algorithm could be back-doored by this US spy agency. So instead Google is working on an alternative implementation for disk encryption on these barebones Android smartphones.

What Google is working on is a new encryption mode called HPolyC. The HPolyC implementation uses the ChaCha stream cipher for disk encryption and have a stronger notion of security than XTS thanks to true wide-block modes.

Google's Eric Biggers wrote, "HPolyC is a construction, not a primitive. It is proven secure if XChaCha and AES are secure, subject to a security bound. Unless there is a mistake in this proof, one therefore does not need to trust HPolyC; one need only trust XChaCha (which itself has a security reduction to ChaCha) and AES... We attest that no "backdoor" or other weakness was inserted into HPolyC, its implementation, or any other aspect of our work; and that to the best of our knowledge, HPolyC's security proof is correct. You don't have to trust us, though: since HPolyC is a construction, not a primitive, its security proof can be independently verified by anyone."

As a "request for comments", Google sent out their HPolyC kernel work today on the kernel mailing list. It's not ready for merging yet but they are looking for developers and security experts to review and test the code.

As part of this patch series, Google is not dropping the Speck code within the kernel but they will "no longer have any objection to them being removed."
8 Comments
Related News
Linux 6.3-rc4 Released: "Looking Pretty Normal"
Linux 6.4 Preparing DRM Deadline Hints To Help Influence GPU Frequency/Performance
Linux VGEM Driver Rewritten In Rust Sent Out For Review
Linux 6.3-rc3 Released: It's "Fairly Big"
Linux Kernel Networking Driver Development Impacted By Russian Sanctions
Linux 6.4 Looking To Drop The SLOB Memory Allocator
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linux 6.4 AMD Graphics Driver Picking Up New Power Features For The Steam Deck
Valve Officially Announces Counter-Strike 2
Raja Koduri Departing Intel To Start New Software Company
GNOME 44 Released With Many Desktop Enhancements
Linux 6.3-rc3 Released: It's "Fairly Big"
Mozilla Announces Mozilla.ai For "Trustworthy AI"
Proxmox VE 7.4 Released With Linux 5.15 LTS + Linux 6.2 Support, New Dark Theme
Framework Laptop Launches AMD Ryzen Upgradeable Laptop, Intel Raptor Lake Models Too