Paper 2025/818
An Attack on TON’s ADNL Secure Channel Protocol
Abstract
We present an attack on the Abstract Datagram Network Layer (ADNL) protocol used in The Open Network (TON), currently the tenth largest blockchain by market capitalization. In its TCP variant, ADNL secures communication between clients and specialized nodes called liteservers, which provide access to blockchain data. We identify two cryptographic design flaws in this protocol: a handshake that permits session-key replay and a non-standard integrity mechanism whose security critically depends on message confidentiality. We transform these vulnerabilities into an efficient plaintext-recovery attack by exploiting two ADNL communication patterns, allowing message reordering across replayed sessions. We then develop a plaintext model for this scenario and construct an efficient algorithm that recovers the keystream using a fraction of known plaintexts and a handful of replays. We implement our attack and show that an attacker intercepting the communication between a TON liteserver and a widely deployed ADNL client can recover the keystream used to encrypt server responses by performing eight connection replays to the server. This allows the decryption of sensitive data, such as account balances and user activity patterns. Additionally, the attacker can modify server responses to manipulate blockchain information displayed to the client, including account balances and asset prices.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. IEEE Symposium on Security and Privacy 2025
- DOI
- 10.1109/SP61157.2025.00169
- Keywords
- Secure channelTwo-time padCryptanalysis
- Contact author(s)
-
aviv @ fordefi com
dima @ fordefi com - History
- 2025-05-11: revised
- 2025-05-08: received
- See all versions
- Short URL
- https://ia.cr/2025/818
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/818, author = {Aviv Frenkel and Dmitry Kogan}, title = {An Attack on {TON}’s {ADNL} Secure Channel Protocol}, howpublished = {Cryptology {ePrint} Archive, Paper 2025/818}, year = {2025}, doi = {10.1109/SP61157.2025.00169}, url = {https://eprint.iacr.org/2025/818} }