The crypto protocol behind Telegram, the supposedly uber-secure messaging app dreamed up by colourful Russian entrepreneurs and brothers Pavel and Nikolai Durov (also the founders of social networking juggernaut VKontakte), is impossible to break.
At least, that's what the Durov brothers think and hope. And they're willing to part with $200,000 (in bitcoins, no less) if you can prove them wrong and break its 'MTProto' protocol in the next two months.
In what they dub a crypto-contest, the Durovs essentially challenge everyone to crack Telegram by managing to decipher private messages sent between two users before March 1, 2014.
Starting today, each day Paul (+79112317383) will be sending a message containing a secret email address to Nick (+79218944725). In order to prove that Telegram crypto was indeed deciphered and claim your prize, send an email to the secret email address from Paul’s message.
Your email must contain: - The entire text of the message that contained the secret email. - Your Bitcoin address to receive the $200,000 in BTC. - A detailed explanation of the attack.
Encrypted Telegram traffic from and to Paul’s account is publicly available for download from this page. You can send Telegram messages to Paul and view his traffic in real time.
To prove that the competition was fair, we will publish the participating keys necessary to decrypt the traffic as soon as a winner is announced. In case there is no winner by March 1, 2014, encryption keys will be published at that date.
Response
The contest sparked an interesting discussion over on Hacker News, where people are gleefully referencing American cryptographer Bruce Schneier's 1998 essay on why cracking contests suck.
In addition, some techies on Y Combinator's social news website are calling the people behind Telegram "cocky and arrogant know-it-alls", the contest a "bullshit challenge", and pointing out various ways the service could be prone to cracking apart from breaking the crypto protocol.
It's important to note that Telegram's contest comes after some controversy about the way it handles security - "avoid at all costs", summarized security software expert Geoffroy Couprie on his blog - and is likely a good way for the young company to get more attention for its product (just in case the media referring to Pavel Durov as "Russia's Zuckerberg" wasn't enough).
For what it's worth, Telegram says Couprie's 'review' was inaccurate. Also check the comments below.
A race to the bottom
More importantly though, I think nobody is actually going to gain anything from the contest.
Telegram won't be more (or less) secure if someone manages to break the protocol, and if that indeed ends up happening, then the reality is that nobody's better off for it (except maybe the guy or girl who pockets $200,000 in BTC, but that's also a big question mark).
Update: Pavel Durov says on Hacker News that Telegram will pay $200,000 in USD if that's what the 'winner' wants instead of bitcoins.
Seriously, all this cracking contest does is bring polarization and send well-meaning people up in arms about something that's becoming increasingly necessary in this day and age. Coincidentally, I also found this via Hacker News: Researchers crack the world’s toughest encryption.
The need for tightly secured communication applications is more real than ever.
We don't need more code-breaking contests - what we need is more collaboration among cryptographers and security software experts and developers, more research and more open discussions about what demonstrably works - and why it works.
If I had $200,000 bitcoins to give, I would gladly donate it to someone who can figure out a way to take all the animosity out of the crypto-debate and bring constructiveness back.
P.S.: Coincidentally, the last telegram EVER was apparently sent in India earlier this year. Go figure.
Featured image credit: Carlos Amarillo / Shutterstock
