Formal Verfication of MTProto

Telegram uses the MTProto protocol for end-to-end encryption and client-server encryption. The protocol is open and there are no known vulnerabilities. Version v2.0 is formally verified, meets IND-CCA criterion and uses RSA-2048, AES-256 cryptographic and SHA256 hashing primitives. Telegram has received strong criticism from experts cryptographers for both the design defects (use of the SHA1 hashing primitive and the absence of the IND-CCA criterion) in version v1.0 corrected with version v2.0 and for the design of a new communication protocol instead of using a tested one.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone