March 3, 2026Open Access

RSA Algorithm in Telegram Messenger

Key Points

Critical security risks arise from Telegram's custom padding scheme, exposing it to timing side-channel attacks.
The analysis reveals Telegram sacrifices perfect forward secrecy for multi-device convenience and long-term key storage.
Unlike standard protocols, RSA is limited in Telegram to server authentication and Diffie-Hellman parameters exchange.
A comparative analysis with the Signal Protocol shows Telegram's approach may compromise message integrity and privacy.

Abstract

This paper evaluates the implementation of the RSA-2048 algorithm within Telegram’s MTProto protocol. Unlike standard applications, Telegram utilizes RSA exclusively for initial server authentication and the exchange of Diffie-Hellman parameters, rather than direct message encryption. The analysis identifies critical security risks stemming from Telegram’s use of a custom padding scheme (RSAPAD) instead of the industry-standard OAEP. This non-standard approach has exposed the protocol to timing side-channel attacks and message malleability. Furthermore, a comparative study with the Signal Protocol reveals that Telegram’s architecture—which stores long-term keys on servers—sacrifices Perfect Forward Secrecy (PFS) and absolute privacy for multi-device convenience. The findings suggest that Telegram’s

Bookmark

View Full Paper

Cite This Study

Sao et al. (Thu,) studied this question.

synapsesocial.com/papers/69a7673fbadf0bb9e87e02ba https://doi.org/https://doi.org/10.56975/ijvra.v4i1.700295

Bookmark

View Full Paper