Paper 2025/818

An Attack on TON’s ADNL Secure Channel Protocol

Aviv Frenkel, Fordefi
Dmitry Kogan, Fordefi
Abstract

We present an attack on the Abstract Datagram Network Layer (ADNL) protocol used in The Open Network (TON), currently the tenth largest blockchain by market capitalization. In its TCP variant, ADNL secures communication between clients and specialized nodes called liteservers, which provide access to blockchain data. We identify two cryptographic design flaws in this protocol: a handshake that permits session-key replay and a non-standard integrity mechanism whose security critically depends on message confidentiality. We transform these vulnerabilities into an efficient plaintext-recovery attack by exploiting two ADNL communication patterns, allowing message reordering across replayed sessions. We then develop a plaintext model for this scenario and construct an efficient algorithm that recovers the keystream using a fraction of known plaintexts and a handful of replays. We implement our attack and show that an attacker intercepting the communication between a TON liteserver and a widely deployed ADNL client can recover the keystream used to encrypt server responses by performing eight connection replays to the server. This allows the decryption of sensitive data, such as account balances and user activity patterns. Additionally, the attacker can modify server responses to manipulate blockchain information displayed to the client, including account balances and asset prices.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. IEEE Symposium on Security and Privacy 2025
DOI
10.1109/SP61157.2025.00169
Keywords
Secure channelTwo-time padCryptanalysis
Contact author(s)
aviv @ fordefi com
dima @ fordefi com
History
2025-05-11: revised
2025-05-08: received
See all versions
Short URL
https://ia.cr/2025/818
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/818,
      author = {Aviv Frenkel and Dmitry Kogan},
      title = {An Attack on {TON}’s {ADNL} Secure Channel Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/818},
      year = {2025},
      doi = {10.1109/SP61157.2025.00169},
      url = {https://eprint.iacr.org/2025/818}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.