crittografia telegram

How does Telegram end-to-end encryption work and how impenetrable and secure is it?

The arrest of Pavel Durovfounder of Telegramwhich occurred on August 24, 2024 at Paris-Le Bourget airport, has put the spotlight back on the messaging app, accused by various governments of being an important “meeting place” for the shadiest figures on the Web, including scammers, terrorists, producers and consumers of child pornography. According to the prosecution, the reason why these criminals choose Telegram as a communication tool lies in the fact that the end-to-end encryption (E2E) of the app is generally considered very secure. E2E encryption is a method of encrypting chats using both endpoints (i.e. the ends of the conversation) two keysone public and one private, the latter available only to the sender and the recipient. This method is considered particularly impenetrable, so much so that Telegram defines itself as «more secure than mass messaging apps like WhatsApp and Line».
Durov’s app, which has over 900 million active users worldwide, actually offers a level of security comparable to that of WhatsApp and similar and does not apply end-to-end encryption to all the chatsbut only to those set as “secret”which can be configured to self-destruct messages after a all of time and prevent messages sent to the secret conversation from being forwarded to other chats. The proprietary protocol used by Telegram to apply end-to-end encryption to secret chats called MTProto and was developed by Nikolai Durov, brother of Pavel. In fact, this protocol is considered by cybersecurity experts less safe compared to known protocols.

When end-to-end encryption is used on Telegram

End-to-end encryption on Telegram is not automatically enabled for all chats and the same goes for groups and channels. For these “classic” chats, messages are saved on Telegram’s servers and are therefore technically accessible, as they leave a trace that can (at least potentially) be intercepted. This represents a substantial difference compared to other competing messaging services, first and foremost WhatsApp And Signal (another messaging app considered extremely secure for private communications), which keep end-to-end encryption enabled by default.

Despite this, Telegram claims to also protect chats that are not covered by end-to-end encryption, using adistributed infrastructure using the so-called server-client encryption. To put it simply, chat data is distributed across multiple data centers located in various geographical areas, which are controlled by various legal entities that, in turn, are distributed under various jurisdictions. The decryption keys are also divided into multiple parts and are never kept together with the data they protectthus making it more difficult to find data associated with conversations stored on Telegram servers. The platform itself, in commenting on how secure this system of storing data on its servers is, states:

As a result, it takes multiple court orders from multiple jurisdictions to force us to hand over any data. With this structure, we can ensure that no government or group of like-minded governments can impede people’s privacy and freedom of expression. Telegram can only be forced to hand over data if an issue is serious and universal enough to pass the scrutiny of multiple legal systems around the world. To date, we have disclosed 0 bytes of data to third parties, including governments.

While server-client encryption can be considered reasonably secure, it must be said that This “basic” level of security is applied only between users and the server. This means, therefore, that Telegram can potentially access its servers and intercept users’ communications, including calls and video calls, and cybercriminals can do the same thing if they manage to “penetrate” the platform’s security systems.

How impenetrable is Telegram’s end-to-end encryption?

What can we say, instead, about the second level of security of Telegram, that is, the end-to-end encryption? This certainly represents the maximum level of security made available by the platform and is applied in secret chats (activated in the settings of individual chats, although not in a super intuitive way). To activate secret chats on Telegram you need to go to the settings of individual chats, tap on the user profile, tap on the three dots in the top right that indicate the options and press the icon with a padlock that will start the secret chat. Only at this point is it possible to use the MTProto proprietary protocol applied to Telegram servers, which is able to protect users’ communications through a layer of Client-client encryption.

To go into more detail, the MTProto protocol uses a combination of cryptographic algorithms, including the AES-256 encryption for messages, the 2048-bit RSA encryption for cryptographic key exchanges and the exchange of Diffie-Hellman keys to establish secret chats over unprotected communication channels. Since it is not an open source protocol, independent security experts do not have the opportunity to test its security level and possible vulnerabilities, which is not a point in Telegram’s favor. In fact, security experts generally prefer standardized cryptography libraries in which potential vulnerabilities are known and can be better addressed and solved. For this reason There is no way to know how impenetrable Telegram’s end-to-end encryption is.

Despite having provided very detailed illustrative documentation about MTProto, many cryptography experts consider MTProto 2.0 (the most recent version of the protocol) less secure than the Signal Encryption Protocolconceived by Signal (which for the record is the same protocol used by popular apps such as WhatsApp And Skype). For example, Matthew Greenprofessor of cryptography at Johns Hopkins Universitysaid:

They basically invented a protocol. According to their blog post, they have a couple of very smart mathematicians who are not cryptographers per se, but they were smart and they invented their own protocol. It’s pretty crazy. It’s not something a cryptographer would use. That said, I don’t know if it’s broken. But it’s just weird.