[This post gives the full text of my presentation on the cryptography of Telegram that was delivered April, 2021. The presentation has become highly relevant in 2024 in connection with the charges that have been brought against Pavel Durov in Paris. Three of those charges relate to the unauthorized use of cryptography. Here I discuss the mathematician Nikolai Durov, who designed the cryptography for Telegram. He is Pavel Durov’s brother and cofounder of Telegram. I strongly condemn France’s criminalization of unsurveilled speech.]
Crypto Wars
April [2021] has been a terrible – a truly awful – month for internet security. For starters, 533 million phone numbers of Facebook accounts have been leaked online. If you have a Facebook account, your phone number might be compromised. Just days after the Facebook news, it was revealed that hackers are selling the data from 500 million LinkedIn accounts. And then less than a week ago [4/9/2021], it was demonstrated that hackers can take control of a computer running Zoom. If you are watching right now [in 2021] in a Zoom session on Windows or Mac, your computer is vulnerable. My apologies to all those I invited tonight [if watching by Zoom]! Fortunately, researchers found this vulnerability before any mischief could be done and reported it responsibly to Zoom.
How can we design better protections for our security and privacy? Today I will explain how a mathematician thinks about these things.
Mathematical Jeopardy
Cryptography (crypto for short) is the science of protecting communication to keep intruders out. Think of encryption as putting a message into a sealed envelope so that nobody can read it until it reaches its destination. Crypto is based on math, on computer science, and on engineering.
To see how crypto works, let’s play a little game called Math Jeopardy. (I promise not to spend more than one minute on math.) I give you the answer and you try to be the first to guess the question.
- If the answer is 6, you will say, “Alex, what is 2 times 3?”
- If the answer is 10, you will say, “Alex, what is [pause] 2 times 5?”
- If the answer is 15, you will say, “Alex, what is [pause] 3 times 5?”
Are you ready for final jeopardy?
- If the answer is 2,430,101, you will say, “Alex, what is [long pause] 1223 times 1987?”
As you see from the game of math jeopardy, the solutions rapidly become more difficult as the numbers get bigger. There was a $75,000 prize if you can find two numbers that multiply together to give this 270 digit number:
412023436986659543855531365332575948179811699844327982845455626433876445565248426198098870423161841879261420247188869492560931776375033421130982397485150944909106910269861031862704114880866970564902903653658867433731720813104105190864254793282601391257624033946373269391 (RSA-896).
That is the end of the math in my talk. This little game is significant for two reasons.
- Multiplication problems like these are easy to create. All you need is a mobile device.
- There is an amazingly clever way to use these multiplication problems to seal your messages into a privacy envelope. This means that secure communication is possible on a massive scale.
I can seal an envelope using the number 6, and it can only be unsealed using the numbers 2 and 3. When we seal the envelope with a big number like the one on my slide, this is very effective. We literally have “Safety in Numbers” (echoing the theme of this lecture series).
Strong Crypto
The process is so effective that no government in the world – no matter how many supercomputers it has – can break the crypto. Your private communications are secure. These algorithms are built into every browser and you use them every day without even being aware of it. This gives an enormous power to individuals: the power to communicate in private.
This is what we mean by strong crypto: encryption that is so effective that no government in the world can defeat it. It goes without saying that some governments do not want strong crypto in the hands of its citizens.
This has led to the Crypto Wars. A crypto war is not a physical battle, but a legal battle between a government on one side and private citizens on the other side. The government is fighting for increased surveillance and weakened cryptography. The private citizens are fighting for their right to privacy and strong crypto.
The crypto wars go back to the Cold War. Open cryptographic research was basically impossible back in the 1970s. At the time, every research paper related to cryptography was defined as a “weapon of war” by the United States government and was regulated as such by the International Traffic of Arms Regulation (ITAR). There was a danger of being prosecuted by the US government for presenting a crypto research paper at a conference. Eventually the US government backed off, and crypto research started to be done in the open. The crypto wars have continued off and on since then.
Snowden
In 2013, the whistleblower Edward Snowden revealed that the United States government was engaged in mass surveillance on its own citizens. A US intelligence agency had inserted backdoors in encryption. A backdoor means that you believe your communications are secure, when in fact they are not. The Snowden revelations made me passionate about cryptography.
Telegram
To bring the discussion up to date [in 2021], let me say a few words about a recent crypto war. I’ll use the example of the instant messaging service Telegram. If you are not a user of Telegram, that’s fine: it is an app that allows you to send private text messages that can be encrypted. Telegram is very popular: it has more than 500 million active monthly users [950 million in 2024].
As a mathematician, I am interested in Telegram because one of the two founders Nikolai Durov is a mathematician. He designed the crypto. I have met him. He is a brilliant mathematician. He won three gold medals in high school on the International Math Olympiad. He has two math PhDs. At one point, Telegram boasted that half its employees were math PhDs.
Can we trust the crypto in Telegram? Designing good crypto is about as hard as designing a helicopter that flies. Unless you are an expert, it probably won’t fly. Security researchers have said that Telegram’s crypto is quite weird and idiosyncratic. But is the current version safe? A few months ago [in December 2020] researchers announced, “We can affirm that MTProto 2.0 [Telegram’s crypto] does not present any logical flaw.” [Here’s an update from 2023.] Their proof used what is called automated reasoning: the reasoning was not done in the traditional way on a chalkboard, but the reasoning was done by a completely automated computer process. The idea of replacing chalkboard with computer reasoning is an important trend in computer science and mathematics.
Telegram’s Crypto Wars
Getting back to Crypto Wars, Telegram has had three major crypto battles.
(1) First battle – the Kremlin: The founders are from Saint Petersburg, and The Kremlin went after Telegram because of its strong crypto. Last year, in the Washington Post, there was a fascinating account of this battle with headline: “How the founder of the Telegram messaging app stood up to the Kremlin – and won” [6/28/2020].
(2) Second battle: The United States Securities and Exchange Commission (SEC) went after the Telegram blockchain. Blockchains are the key technology behind crypto currencies. The SEC has started to take action against some cryptocurrencies that fail to register with the SEC. Telegram gave up their battle with the SEC and withdrew their blockchain.
(3) Third battle: This is not a battle with a government but with private organizations that are against free speech and against private speech. The anti-free speech movement often uses what I call it the “evil pizza” argument. The evil pizza argument goes like this. A terrorist walks into Dominoes pizza and orders a pizza. You then blame evil Dominoes pizza for nourishing a terrorist. Then the terrorist gets in his Toyota and drives off, so you blame evil Toyota for providing transport to a terrorist, Then the terrorist sends an instant message on his iPhone, and you blame Telegram and iPhone, and so forth.
When you have built the infrastructure for hundreds of millions of users, you get a broad cross section of society, which will include some bad apples. That does not make Dominoes Pizza bad, or Toyota bad, or Telegram bad. It just makes the “evil pizza” argument a bad argument.
[Now there is a fourth battle with France in 2024.]
Why Care?
In conclusion, why should we even care about privacy? In Orwell’s 1984, the main character Winston learned to love Big Brother. Why can’t we?
- We care about medical privacy because of the stigma in society attached to our HIV/AIDS status and to our diagnosed psychological disorders.
- We care about financial privacy, to avoid being doxxed and to avoid having our bank account drained by identity thieves.
- We care about sexual privacy to keep the government out of our bedroom.
- We care about privacy on social media, so that we can joke and laugh and play and let down our guard without worrying that a potential future employer will judge us for what we say in jest.
The mathematics of privacy helps to make this all possible.
Source: University of Pittsburgh, Dietrich School of Arts and Sciences, public lecture series “Science Revealed.” Panel discussion on “Safety in Numbers? The Use (and Misuse) of Data in Society?” April 15, 2021.
[Postscript: August 31, 2024. It is remarkable how the Washington Post has reversed its opinion of Pavel Durov since 2020. It might appear that free speech is only good when it is bad for the Kremlin.]
