Paper 2022/595

On the Cryptographic Fragility of the Telegram Ecosystem

Theo von Arx and Kenneth G. Paterson


Telegram is a popular messenger with more than 550 million monthly active users and a large ecosystem of different clients. Telegram has its own bespoke transport layer security protocol, MTProto 2.0. This protocol was recently subjected to a detailed study by Albrecht et al. (IEEE S&P 2022). They gave attacks on the protocol and its implementations, along with a security proof for a modified version of the protocol. We complement that study by analysing a range of third-party client implementations of MTProto 2.0. We report practical replay attacks for the Pyrogram, Telethon and GramJS clients, and a more theoretical timing attack against the MadelineProto client. We show how vulnerable third-party clients can affect the security of the entire ecosystem, including official clients. Our analysis reveals that many third-party clients fail to securely implement MTProto 2.0. We discuss the reasons for these failures, focussing on complications in the design of MTProto 2.0 that lead developers to omit security-critical features or to implement the protocol in an insecure manner. We also discuss changes that could be made to MTProto 2.0 to remedy this situation. Overall, our work highlights the cryptographic fragility of the Telegram ecosystem.

Available format(s)
Publication info
Preprint. MINOR revision.
messagingsecure communicationattacks
Contact author(s)
kenny paterson @ inf ethz ch
theo vonarx @ inf ethz ch
2022-05-17: received
Short URL
Creative Commons Attribution


      author = {Theo von Arx and Kenneth G.  Paterson},
      title = {On the Cryptographic Fragility of the Telegram Ecosystem},
      howpublished = {Cryptology ePrint Archive, Paper 2022/595},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.