{"id":"https://openalex.org/W4417439511","doi":"https://doi.org/10.1007/s00145-025-09566-1","title":"Four Attacks and a Proof for Telegram","display_name":"Four Attacks and a Proof for Telegram","publication_year":2025,"publication_date":"2025-12-17","ids":{"openalex":"https://openalex.org/W4417439511","doi":"https://doi.org/10.1007/s00145-025-09566-1"},"language":"en","primary_location":{"id":"doi:10.1007/s00145-025-09566-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00145-025-09566-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00145-025-09566-1.pdf","source":{"id":"https://openalex.org/S190936789","display_name":"Journal of Cryptology","issn_l":"0933-2790","issn":["0933-2790","1432-1378"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s00145-025-09566-1.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066696423","display_name":"M. Albrecht","orcid":"https://orcid.org/0000-0003-1835-052X"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Martin R. Albrecht","raw_affiliation_strings":["King\u2019s College London, London, UK","King's College London, London, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"King\u2019s College London, London, UK","institution_ids":["https://openalex.org/I183935753"]},{"raw_affiliation_string":"King's College London, London, UK","institution_ids":["https://openalex.org/I183935753"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021787921","display_name":"Lenka Marekov\u00e1","orcid":"https://orcid.org/0000-0001-8616-4150"},"institutions":[{"id":"https://openalex.org/I237525767","display_name":"Zurich Insurance Group (Switzerland)","ror":"https://ror.org/03cw8qd03","country_code":"CH","type":"company","lineage":["https://openalex.org/I237525767"]},{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Lenka Marekov\u00e1","raw_affiliation_strings":["Applied Cryptography Group, ETH Zurich, Z\u00fcrich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Applied Cryptography Group, ETH Zurich, Z\u00fcrich, Switzerland","institution_ids":["https://openalex.org/I35440088","https://openalex.org/I237525767"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072987600","display_name":"Kenneth G. Paterson","orcid":"https://orcid.org/0000-0002-5145-4489"},"institutions":[{"id":"https://openalex.org/I237525767","display_name":"Zurich Insurance Group (Switzerland)","ror":"https://ror.org/03cw8qd03","country_code":"CH","type":"company","lineage":["https://openalex.org/I237525767"]},{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Kenneth G. Paterson","raw_affiliation_strings":["Applied Cryptography Group, ETH Zurich, Z\u00fcrich, Switzerland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Applied Cryptography Group, ETH Zurich, Z\u00fcrich, Switzerland","institution_ids":["https://openalex.org/I35440088","https://openalex.org/I237525767"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069046629","display_name":"Igors Stepanovs","orcid":"https://orcid.org/0009-0009-3963-5584"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Igors Stepanovs","raw_affiliation_strings":["Amazon, Madrid, Spain"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Amazon, Madrid, Spain","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":1.1081,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.85220414,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"39","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.6820999979972839,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.6820999979972839,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.12919999659061432,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.08959999680519104,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/forward-secrecy","display_name":"Forward secrecy","score":0.7720000147819519},{"id":"https://openalex.org/keywords/key-exchange","display_name":"Key exchange","score":0.7121000289916992},{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.6317999958992004},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.550000011920929},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5296000242233276},{"id":"https://openalex.org/keywords/symmetric-key-algorithm","display_name":"Symmetric-key algorithm","score":0.46309998631477356},{"id":"https://openalex.org/keywords/secrecy","display_name":"Secrecy","score":0.4496000111103058},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.44359999895095825},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4406999945640564},{"id":"https://openalex.org/keywords/cryptographic-nonce","display_name":"Cryptographic nonce","score":0.41440001130104065}],"concepts":[{"id":"https://openalex.org/C205009425","wikidata":"https://www.wikidata.org/wiki/Q935662","display_name":"Forward secrecy","level":4,"score":0.7720000147819519},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7293000221252441},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7232999801635742},{"id":"https://openalex.org/C99674996","wikidata":"https://www.wikidata.org/wiki/Q1414155","display_name":"Key exchange","level":4,"score":0.7121000289916992},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.6317999958992004},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.550000011920929},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5296000242233276},{"id":"https://openalex.org/C65302260","wikidata":"https://www.wikidata.org/wiki/Q327675","display_name":"Symmetric-key algorithm","level":4,"score":0.46309998631477356},{"id":"https://openalex.org/C2776452267","wikidata":"https://www.wikidata.org/wiki/Q1503443","display_name":"Secrecy","level":2,"score":0.4496000111103058},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.44359999895095825},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4406999945640564},{"id":"https://openalex.org/C9996903","wikidata":"https://www.wikidata.org/wiki/Q1749235","display_name":"Cryptographic nonce","level":3,"score":0.41440001130104065},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.40709999203681946},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.40529999136924744},{"id":"https://openalex.org/C135530808","wikidata":"https://www.wikidata.org/wiki/Q3306713","display_name":"Key-agreement protocol","level":5,"score":0.4009000062942505},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.391400009393692},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.3822999894618988},{"id":"https://openalex.org/C28420585","wikidata":"https://www.wikidata.org/wiki/Q2665075","display_name":"Timing attack","level":4,"score":0.37610000371932983},{"id":"https://openalex.org/C44209976","wikidata":"https://www.wikidata.org/wiki/Q1327773","display_name":"Non-repudiation","level":3,"score":0.36730000376701355},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.3411000072956085},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.3352000117301941},{"id":"https://openalex.org/C2781221063","wikidata":"https://www.wikidata.org/wiki/Q6944186","display_name":"Mutual authentication","level":3,"score":0.3310000002384186},{"id":"https://openalex.org/C91069110","wikidata":"https://www.wikidata.org/wiki/Q1919060","display_name":"Reflection attack","level":5,"score":0.3253999948501587},{"id":"https://openalex.org/C92717368","wikidata":"https://www.wikidata.org/wiki/Q1162538","display_name":"Plaintext","level":3,"score":0.31940001249313354},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.3118000030517578},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.295199990272522},{"id":"https://openalex.org/C207468940","wikidata":"https://www.wikidata.org/wiki/Q869370","display_name":"Brute-force attack","level":3,"score":0.2847999930381775},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.2775999903678894},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.2728999853134155},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2603999972343445},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.259799987077713},{"id":"https://openalex.org/C2777572472","wikidata":"https://www.wikidata.org/wiki/Q4825878","display_name":"Authenticated Key Exchange","level":5,"score":0.25060001015663147}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s00145-025-09566-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00145-025-09566-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00145-025-09566-1.pdf","source":{"id":"https://openalex.org/S190936789","display_name":"Journal of Cryptology","issn_l":"0933-2790","issn":["0933-2790","1432-1378"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cryptology","raw_type":"journal-article"},{"id":"pmh:doi:10.3929/ethz-c-000790379","is_oa":true,"landing_page_url":"http://hdl.handle.net/20.500.11850/790379","pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal Article"}],"best_oa_location":{"id":"doi:10.1007/s00145-025-09566-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00145-025-09566-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00145-025-09566-1.pdf","source":{"id":"https://openalex.org/S190936789","display_name":"Journal of Cryptology","issn_l":"0933-2790","issn":["0933-2790","1432-1378"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4325523037","display_name":null,"funder_award_id":"EP/P009301/1","funder_id":"https://openalex.org/F4320335935","funder_display_name":"Royal Holloway, University of London"},{"id":"https://openalex.org/G8498677286","display_name":"Centre for Doctoral Training in Cyber Security at Royal Holloway: Renewal of the CS-CDT at RHUL","funder_award_id":"EP/P009301/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320314707","display_name":"Government of the United Kingdom","ror":"https://ror.org/05wnh3t63"},{"id":"https://openalex.org/F4320316785","display_name":"VMware","ror":null},{"id":"https://openalex.org/F4320321652","display_name":"Eidgen\u00f6ssische Technische Hochschule Z\u00fcrich","ror":"https://ror.org/05a28rw58"},{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"},{"id":"https://openalex.org/F4320335935","display_name":"Royal Holloway, University of London","ror":"https://ror.org/04g2vpn86"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4417439511.pdf","grobid_xml":"https://content.openalex.org/works/W4417439511.grobid-xml"},"referenced_works_count":41,"referenced_works":["https://openalex.org/W76791259","https://openalex.org/W1486887102","https://openalex.org/W1514489116","https://openalex.org/W1544435806","https://openalex.org/W1584813264","https://openalex.org/W1809974132","https://openalex.org/W1855109561","https://openalex.org/W1939171670","https://openalex.org/W2016250398","https://openalex.org/W2106847401","https://openalex.org/W2108855216","https://openalex.org/W2109394932","https://openalex.org/W2117679156","https://openalex.org/W2122650430","https://openalex.org/W2139172211","https://openalex.org/W2148555789","https://openalex.org/W2163005041","https://openalex.org/W2167606175","https://openalex.org/W2169290761","https://openalex.org/W2399916509","https://openalex.org/W2505511021","https://openalex.org/W2538771899","https://openalex.org/W2545990795","https://openalex.org/W2548640435","https://openalex.org/W2604136382","https://openalex.org/W2752328771","https://openalex.org/W2753645335","https://openalex.org/W2783094138","https://openalex.org/W2883434486","https://openalex.org/W2884610574","https://openalex.org/W2887239611","https://openalex.org/W2898381248","https://openalex.org/W2902549778","https://openalex.org/W2903043053","https://openalex.org/W3037299701","https://openalex.org/W3112402493","https://openalex.org/W3114185936","https://openalex.org/W3162158989","https://openalex.org/W4248987559","https://openalex.org/W4288057802","https://openalex.org/W4409854744"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"We":[1,19,164],"study":[2,218],"the":[3,9,16,26,63,66,72,90,107,118,122,151,173,176,187,203,206,215],"use":[4,221],"of":[5,15,38,65,95,98,112,135,153,175,190,205,219,222],"symmetric":[6,223],"cryptography":[7],"in":[8,32,48,138,230],"MTProto":[10,82],"2.0":[11],"protocol,":[12],"Telegram\u2019s":[13,39,160,181,191],"equivalent":[14],"TLS":[17],"protocol.":[18,163],"give":[20,103],"positive":[21],"and":[22,31,42],"negative":[23],"results.":[24],"On":[25,71,143],"one":[27,94,97,116,120],"hand,":[28,74],"we":[29,75,102],"formally":[30],"detail":[33],"specify":[34],"a":[35,49,195],"slight":[36,79],"variant":[37],"\u201crecord":[40],"protocol\u201d":[41],"prove":[43],"that":[44,156],"it":[45,200],"achieves":[46],"security":[47],"suitable":[50],"bidirectional":[51],"secure":[52,69],"channel":[53],"model,":[54],"albeit":[55],"under":[56],"unstudied":[57],"assumptions;":[58],"this":[59,146,167],"model":[60],"itself":[61],"advances":[62],"state":[64],"art":[67],"for":[68],"channels.":[70],"other":[73],"first":[76,216],"motivate":[77],"our":[78,113,212],"deviation":[80],"from":[81],"as":[83,225,227],"deployed":[84],"by":[85,130,150,159],"giving":[86],"two":[87,104],"attacks":[88,105],"on":[89,106,180],"original":[91],"protocol":[92,179],"specification:":[93],"practical,":[96],"theoretical":[99],"interest.":[100],"Then,":[101],"implementation,":[108],"which":[109],"are":[110,157],"outside":[111],"formal":[114],"model:":[115],"targeting":[117,121],"client,":[119],"server.":[123],"The":[124],"client-side":[125,207],"attack":[126,147,168,171,185],"enables":[127],"plaintext":[128],"recovery":[129],"exploiting":[131],"timing":[132],"side":[133],"channels,":[134],"varying":[136],"strength,":[137],"three":[139],"official":[140],"Telegram":[141],"clients.":[142],"its":[144,231],"own":[145],"is":[148],"thwarted":[149],"secrecy":[152],"header":[154],"fields":[155],"established":[158],"key":[161,177,192,232],"exchange":[162,178],"thus":[165],"chain":[166],"with":[169],"an":[170],"against":[172],"implementation":[174],"servers.":[182],"This":[183],"final":[184],"breaks":[186],"authentication":[188],"properties":[189],"exchange,":[193],"allowing":[194],"MitM":[196],"attack.":[197,209],"More":[198],"mundanely,":[199],"also":[201],"reduces":[202],"cost":[204],"plaintext-recovery":[208],"In":[210],"totality,":[211],"results":[213],"provide":[214],"comprehensive":[217],"MTProto\u2019s":[220],"cryptography,":[224],"well":[226],"highlight":[228],"weaknesses":[229],"exchange.":[233]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}