Automated Symbolic Verification of Telegram's MTProto 2.0

  title={Automated Symbolic Verification of Telegram's MTProto 2.0},
  author={Marino Miculan and Nicola Vitacolonna},
MTProto 2.0 is a suite of cryptographic protocols for instant messaging at the core of the popular Telegram messenger application, which is currently used by more than 400 millions of people. In this paper we analyse MTProto 2.0 using ProVerif, a symbolic cryptographic protocol verifier based on the Dolev-Yao model. In particular, we provide a fully automated proof of the soundness of MTProto 2.0's authentication, normal chat, end-to-end encrypted chat, and re-keying mechanisms with respect to… 

Figures from this paper

A survey on the security protocols employed by mobile messaging applications
This paper presents the two protocols underlying MTProto and Signal and examines from the point of view of the primitive cryptographic security used and how the authenticated encryption, key derivation and asynchronous messaging are performed.


Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach
This work uses ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures, and demonstrates that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.
A 264 attack on Telegram, and why a super villain doesn’t need it to read your telegram chats
  • Accessible via
  • 2015
MTProto mobile protocol
  • https://core. (last accessed on Febuary 15, 2021).
  • 2021
Modeling and verifying security protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security
  • 2016
EasyCrypt: A Tutorial
Machine-checked frameworks that support the construction and automated verification of cryptographic systems are developed to reason directly in the computational model commonly used by cryptographers to deliver rigorous and detailed mathematical proofs.
Telegram FAQ for the Technically Inclined
  • (last accessed on February 15, 2021).
  • 2021
Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif
  • B. Blanchet
  • Computer Science, Mathematics
    Found. Trends Priv. Secur.
  • 2016
This survey presents an overview of the research on ProVerif, an automatic symbolic protocol verifier that automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses.
Security Analysis of the Telegram IM
Two major findings are presented: first, the undocumented obfuscation method Telegram uses, and second, a replay attack vulnerability the authors discovered as part of a security analysis performed in late 2016.
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
A comprehensive and realistic security model is provided that reveals that strong security properties, such as Future Secrecy, which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
A methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol, and presents a computational CryptoVerif model for TLS1.3 Draft-18 and proves its security.