Subverting Telegram's end-to-end encryption
13 hours ago
- #Telegram
- #Encryption
- #Cybersecurity
- Telegram's end-to-end encryption (E2EE) protocol is vulnerable to efficient algorithm substitution attacks.
- The attack exploits MTProto2.0's flexibility in choosing random padding length and value, allowing key recovery with high probability.
- Official Telegram clients may be protected due to open-source nature, but third-party clients could be compromised for surveillance.
- A minor modification to MTProto2.0's padding methodology could enhance its resistance to subversion.
- The paper introduces MTProto-G, a generalized version of MTProto2.0, showing it as a multi-user secure deterministic authenticated encryption scheme.