Automated Symbolic Verification of Telegram's MTProto 2.0

  title={Automated Symbolic Verification of Telegram's MTProto 2.0},
  author={Marino Miculan and Nicola Vitacolonna},
MTProto 2.0 is a suite of cryptographic protocols for instant messaging at the core of the popular Telegram messenger application, which is currently used by more than 400 millions of people. In this paper we analyse MTProto 2.0 using ProVerif, a symbolic cryptographic protocol verifier based on the Dolev-Yao model. In particular, we provide a fully automated proof of the soundness of MTProto 2.0's authentication, normal chat, end-to-end encrypted chat, and re-keying mechanisms with respect to… 

Figures from this paper

A survey on the security protocols employed by mobile messaging applications
This paper presents the two protocols underlying MTProto and Signal and examines from the point of view of the primitive cryptographic security used and how the authenticated encryption, key derivation and asynchronous messaging are performed.


MTProto mobile protocol
  • https://core. (last accessed on Febuary 15, 2021).
  • 2021
Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach
This work uses ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures, and demonstrates that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.
Modeling and verifying security protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security
  • 2016
A 264 attack on Telegram, and why a super villain doesn’t need it to read your telegram chats
  • Accessible via
  • 2015
Telegram FAQ for the Technically Inclined
  • (last accessed on February 15, 2021).
  • 2021
EasyCrypt: A Tutorial
Machine-checked frameworks that support the construction and automated verification of cryptographic systems are developed to reason directly in the computational model commonly used by cryptographers to deliver rigorous and detailed mathematical proofs.
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
A comprehensive and realistic security model is provided that reveals that strong security properties, such as Future Secrecy, which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
A Formal Security Analysis of the Signal Messaging Protocol
This work extracts from the implementation a formal description of the abstract protocol, and defines a security model which can capture the "ratcheting" key update structure, and proves the security of Signal's core in this model, demonstrating several standard security properties.
Security Analysis of the Telegram IM
Two major findings are presented: first, the undocumented obfuscation method Telegram uses, and second, a replay attack vulnerability the authors discovered as part of a security analysis performed in late 2016.
Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
A methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol, and presents a computational CryptoVerif model for TLS1.3 Draft-18 and proves its security.