Abstract
Telegram is a popular messaging app which supports end-to- end encrypted communication. In Spring 2015 we performed an audit of Telegram's Android source code. This short paper summarizes our findings. Our main discovery is that the symmetric encryption scheme used in Telegram { known as MTProto { is not IND-CCA secure, since it is possible to turn any ciphertext into a dif- ferent ciphertext that decrypts to the same message. We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong def- initions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices : SPSM '16 |
| Number of pages | 4 |
| Place of publication | New York, NY, USA |
| Publisher | Association for Computing Machinery |
| Publication date | 24 Oct 2016 |
| Pages | 113-116 |
| ISBN (Electronic) | 978-1-4503-4564-4 |
| DOIs | |
| Publication status | Published - 24 Oct 2016 |
| Event | 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices - Hofburg Palace, Wien, Austria Duration: 24 Oct 2016 → 24 Oct 2016 https://www.sigsac.org/ccs/CCS2016/ |
Workshop
| Workshop | 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices |
|---|---|
| Location | Hofburg Palace |
| Country/Territory | Austria |
| City | Wien |
| Period | 24/10/2016 → 24/10/2016 |
| Internet address |