CryptoDB
Four Attacks and a Proof for Telegram
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | We study the use of symmetric cryptography in the MTProto 2.0 protocol, Telegram's equivalent of the TLS record protocol. We give positive and negative results. On the positive side, we formally and in detail model a slight variant of Telegram's ``record protocol'' and prove that it achieves security in a suitable secure channel model, albeit under unstudied assumptions. In this abstract we focus on the negative results. First, we motivate our modelling deviation from MTProto by giving two attacks -- one of practical, one of theoretical interest -- against MTProto without our modifications. We then also give a third attack exploiting timing side channels, of varying strength, in three official Telegram clients. On its own this attack is thwarted by the secrecy of salt and id fields that are established by Telegram's key exchange protocol. To recover these, we chain the third attack with a fourth one against the implementation of the key exchange protocol on Telegram's servers. Our results provide the first comprehensive study of MTProto's use of symmetric cryptography. |
BibTeX
@misc{rwc-2022-35497,
title={Four Attacks and a Proof for Telegram},
note={Presentation at \url{https://iacr.org/submit/files/slides/2022/rwc/rwc2022/60/slides.pdf}},
howpublished={Talk given at RWC 2022},
author={Martin R. Albrecht and Lenka Mareková and Kenneth G. Paterson and Igors Stepanovs},
year=2022
}