On the CCA (in)security of MTProto

@article{Jakobsen2015OnTC,
  title={On the CCA (in)security of MTProto},
  author={Jakob Jakobsen and Claudio Orlandi},
  journal={IACR Cryptology ePrint Archive},
  year={2015},
  volume={2015},
  pages={1177}
}
Telegram is a popular messaging app which supports end-to-end encrypted communication. In Spring 2015 we performed an audit of Telegram's Android source code. This short paper summarizes our findings. Our main discovery is that the symmetric encryption scheme used in Telegram -- known as MTProto -- is not IND-CCA secure, since it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message. We stress that this is a theoretical attack on the definition of… CONTINUE READING