TRƯỜNG ĐẠI HỌC KHOA HỌC VÀ CÔNG NGHỆ HÀ NỘI

UNIVERSITY OF SCIENCE AND TECHNOLOGY OF HANOI

UNIVERSITÉ DES SCIENCES ET DES TECHNOLOGIES DE HANOI

INTRODUCTION TO
CRYPTOGRAPHY
MIDTERM REPORT
TELEGRAM’S MESSAGE ENCRYPTION

Vũ Đức Hiếu [BI12-162]

Bùi Công Hoàng [BI12-169]
Đoàn Trí Tiến [BI12-435]
Lê Trọng Tấn [BI12-395]
Lê Đức Thắng [BI12-404]
Kiều Huy Hải [BI12-149]

Hanoi, February 2023

 TABLE OF CONTENTS
I. WHAT IS TELEGRAM? ............................................................................... 2
II. PROBLEM WITH NORMAL MESSAGING APPLICATIONS ............. 2
III. HOW DOES TELEGRAM SOLVE IT? ................................................... 2
1. Server-client encryption .............................................................................. 2
2. Client-client encryption ............................................................................... 3
IV. PROOF WITH NUMBERS ......................................................................... 4
V. REFERENCES ............................................................................................... 6

1
I. WHAT IS TELEGRAM?
Telegram is a cloud-based instant messaging app that focuses on speed and
security, allowing users to send text, media, and files securely and easily. It was
founded in 2013 by a Russian entrepreneur Pavel Durov. Since that, Telegram
has gained a large user base due to its fast and secure messaging capabilities.
II. PROBLEMS WITH NORMAL MESSAGING APPLICATIONS
Nowadays, there are many messaging applications on the market, but most of
them have problems about privacy, specifically the message protection.
In Vietnam, two of the most popular messaging apps are Facebook’s Messenger
and Zalo[1]. But both of them only have end-to-end messages encryption[2][3],
which means that even if only the users on the conversation can read the message,
but between the user’s device and the application server, there doesn’t exist any
type of encryption algorithm applied, so if attackers can stand in the middle of
this connection (Man-in-the-Middle – MitM attack), they can read the
conversation between the users. Therefore, the messages are not secured
anymore.
III. HOW DOES TELEGRAM SOLVE IT?
Inside Telegram, the developers implemented a protocol called “MTProto”. This
protocol consists of two layers: server-client encryption and client-client
encryption (end-to-end)[4].
1. Server-client encryption

2
This layer of security is applied in “Cloud Chats” (private and group chats) to
protects the communication between the user’s device and Telegram’s servers.
Before transmitting over network by a transport protocol, a (multiple part)
message is encrypted in a certain way, and an external header is added at the top
of the message. This header is made up of a 128-bit message key called msg_key
and a 64-bit key identifier called auth_key_id (64 lower-order bits of the SHA1
hash of the authorization key auth_key and uniquely identifies an authorization
key for both the server and the user). This message key is defined as 32 bytes
obtained from auth_key appended to the 128 middle bits of the SHA-256 of the
message body (containing session, message ID, padding, etc.).
The authorization key auth_key, which has the length of 2048 bits (256 bytes), is
established by exchanging Diffie-Hellman keys between the client device and the
server, and never transmitted over a network. This, combined with the message
key msg_key, define a 256-bit key aes_key and a 256-bit initialization vector
aes_iv, which are used to encrypt the message using AES-256 encryption in
infinite garble extension (IGE) mode.
Variable data (session, message ID, sequence number, and server salt) are present
in the message's initial portion and leading to affection of the message key (thus
the AES key and initialization vector).
2. Client-client encryption

3
In addition to server-client encryption, Secret Chats use an additional layer of
client-client encryption so that the messages are encrypted on the sender's device
and are decrypted only on the recipient's device, without being stored on
Telegram's servers. This layer uses a combination of 256-bit symmetric AES
encryption and 2048-bit RSA encryption to secure the communication.
The Secret Chat key key is 2048 bits (256 bytes) long and is generated using the
Diffie-Hellman protocol between two users. The official Telegram clients will
regenerate key once a key has been used for more than 100 messages or more
than 1 week, given that the key has been used to encrypt at least 1 message. The
old keys therefore are destroyed and cannot be recovered.
Message key msg_key is defined as 32 bytes obtained from shared key key
appended to the 128 middle bits of the SHA256 of the payload of the payload.
Data is encrypted with a 256-bit key aes_key and a 256-bit initialization vector,
aes_ige_iv, using AES-256 encryption with infinite garble extension (IGE).
Finally, the encryption key fingerprint key_fingerprint and the message key
msg_key is added at the top of the encrypted data.
IV. PROOF WITH NUMBERS
With the capabilities listed above, the Telegram program is gaining popularity
and being used by an increasing number of individuals. Nowadays, many users
have utilized Telegram instead of other chat apps such as Messenger,
WhatsApp.... As of 2023, Telegram has 700 million monthly users[5], sends more
than 12 billion messages per day[6], and is one of the top ten most downloaded
applications by users[7]. This demonstrates that Telegram is incredibly safe and
encrypts messages very successfully, earning the trust of many users. The security
and respect for users' privacy, which are the most significant factors in Telegram's
success, cannot therefore be ignored.
In terms of the security and privacy of Telegram's messaging encryption, there
have been several cases where Telegram's encryption has been praised for its
effectiveness in protecting the privacy of its users. For example:
− In 2018, during the protests in Iran, Telegram was widely used by protesters
to coordinate and communicate, as the Iranian government tried to block other
social media platforms. Telegram's encryption helped protect the privacy of
the protesters and their communications from government surveillance. [8]
− In 2019, it was reported that the encrypted messaging app Signal was
recommended by privacy advocates, including WhatsApp co-founder Brian
Acton, as a more secure alternative to WhatsApp due to its stronger

4
 encryption. Telegram was also mentioned as another secure alternative due to
its end-to-end encryption for secret chats.[9]
− In 2022, the Russian-Ukrainian conflict made Telegram the most used app for
specific reasons. Due to government restrictions, many people are unable to
update news about the conflict on Facebook, Instagram, and other social media
platforms as well as on other news websites. Therefore, Telegram has become
the first choice to share and update news for many people because of its
security and Telegram is not blocked by the government.[10]
These are just a few examples of how Telegram's encryption has been recognized
as a secure and private way to communicate. However, it is important to note that
no system is completely secure, and users should always be cautious when
sharing sensitive information online.

5
V. REFERENCES
[1]: https://www.similarweb.com/apps/top/google/store-
rank/vn/communication/top-free/
[2]: https://www.facebook.com/help/messenger-app/408883583307426
[3]: https://help.zalo.me/huong-dan/chuyen-muc/nhan-tin-va-goi/nhan-tin/ma-
hoa-dau-cuoi-bao-mat-toi-uu-cho-tro-chuyen/
[4]: https://core.telegram.org/mtproto
[5]: https://telegram.org/faq#q-how-many-people-use-telegram
[6]: https://techcrunch.com/2015/09/21/telegram-now-seeing-12bn-daily-
messages-up-from-1m-in-february/
[7]: https://www.forbes.com/sites/johnkoetsier/2023/01/04/top-10-most-
downloaded-apps-of-2022-facebook-down-spotify-up-tiktok-stable-capcut-
keeps-growing/
[8]: https://www.aljazeera.com/news/2018/01/telegram-social-media-platform-
protests-iran-180112084836911.html
[9]: https://www.bbc.com/news/world-middle-east-42675962
[10]: https://www.npr.org/2022/03/14/1086483703/telegram-ukraine-war-russia