New algorithms speed secure communications for Chrome on Android
Security is a constant cat-and-mouse game, and Google is promoting new algorithms that combine stronger security with faster performance to keep attackers at bay.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Google has sped up secure Web browsing on Android by taking advantage of something most companies don't have: control over the browser and the sites it's visiting.
Google added support for faster new encryption algorithms called ChaCha20 and Poly1305 to its Chrome browser, wrote Elie Bursztein, leader of Google's anti-abuse research team, in a blog post Thursday.
"ChaCha20 and Poly1305 are very fast on mobile and wearable devices," Bursztein wrote, in part because the algorithms can take advantage of some acceleration features in the ARM chips that power the vast majority of mobile devices.
Such algorithms scramble data being transmitted to thwart eavesdropping attempts, including government surveillance or malicious hackers trying to purloin passwords.
Old encryption algorithms gradually need to be replaced as researchers find ways to weaken them and as new computing hardware brings more power to those who want to crack encryption. Google likes one new algorithm called AES-GCM, according to Google security expert and programmer Adam Langley, but it works best with acceleration hardware not generally present on mobile phones. For that scenario, Google likes the ChaCha20 and its related Poly1305 algorithm, from researcher Daniel Bernstein.
The ChaCha20-Poly1305 combination sends encrypted data at 139.9 megabytes per second on a smartphone with a Snapdragon S4 Pro chip, such as the Google Nexus 4 . AES-GCM, in contrast, can encrypt data only at 41.5MBps, Bursztein explained.
Google has been pushing for wider use of encryption on the Web for years. However, especially with mobile devices, performance can be a hurdle because of issues such as slower Internet connections and power-consuming encryption calculations.
ChaCha20-Poly1305 aren't finished standards yet, but Langley and others are working to formalize them at the Internet Engineering Task Force. They're also trying to encourage others such as Firefox browser developer Mozilla to embrace the algorithms, adding the support directly to Android, and have written support to the open-source OpenSSL and NSS software used to run websites.
But perhaps the biggest lever Google has is its own properties, such as Gmail and search. Google is able to introduce new technologies to the Internet because it can not only build them into Chrome, but also make sure that there are sites that use the algorithms.