A very under appreciated aspect of Telegram’s protocol is that it’s designed by very, very weird people. Telegram scooped up a lot of winners of ACM ICPC contests in Russia, some of whom I’ve personally met, and the design of the protocol is exactly in line with the code these people generally write.
It’s really a showcase of how very high IQ and outstanding mathematical abilities mix with a distrust of existing technologies and a lack of expert intuition coming from more normal industry experience.
Just try implementing MTProto, or at least read the low-level docs, and you’ll see for yourself. Crypto isn’t the weirdest part. The whole thing is an attempt to define a binary protocol in terms of grandiose mathematical concepts most of which didn’t even end up ever used in the actual protocol. And there’s zero thought given to what’s actually important, making a bullet-proof syncing between server and client states (and that results in numerous bugs to this day).
Can’t discount malice, but I don’t believe that’s the case.
When Telegram first launched this was exactly my hypothesis. They found some mathematicians and (to paraphrase Bruce Schneier) they immediately tried to re-invent cryptography -- badly. Which is fine.
I assumed that after a few years and some success, Telegram would get more serious about this and replace its crypto with something better (maybe Signal protocol) in the same way that WhatsApp did. I also thought they'd eventually back up their privacy claims by deploying default end-to-end encryption for non-broadcast chats. After all that's the trend everywhere: even Facebook Messenger is now encrypted! But Telegram never, ever did this. They kept on making loud claims to be a privacy-preserving messenger, but they never added real privacy.
It’s really a showcase of how very high IQ and outstanding mathematical abilities mix with a distrust of existing technologies and a lack of expert intuition coming from more normal industry experience.
Just try implementing MTProto, or at least read the low-level docs, and you’ll see for yourself. Crypto isn’t the weirdest part. The whole thing is an attempt to define a binary protocol in terms of grandiose mathematical concepts most of which didn’t even end up ever used in the actual protocol. And there’s zero thought given to what’s actually important, making a bullet-proof syncing between server and client states (and that results in numerous bugs to this day).
Can’t discount malice, but I don’t believe that’s the case.