Auth key generation example

In the examples below, the transport headers are omitted:

For example, for the abridged version of the transport », the client sends 0xef as the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e = data length divided by 4; or 0x7f followed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send 0xefas the first byte).

Detailed documentation on creating authorization keys is available here ».

DH exchange initiation

1) Client sends query to server

Sent payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 E0 D1 0C 00 21 A9 72 68
0010 | 14 00 00 00 F1 8E 7E BE 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C

Payload (de)serialization:

req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;

Parameter	Offset, Length in bytes	Value	Description
auth_key_id	0, 8	`0000000000000000`	0 since the message is in plain text
message_id	8, 8	`E0D10C0021A97268`	Message ID generated as specified here » (unixtime() << 32) + (N*4)
message_length	16, 4	`14000000` (20 in decimal)	Message body length
%(req_pq_multi)	20, 4	`f18e7ebe`	req_pq_multi constructor number from TL schema
nonce	24, 16	`75E622F3BC7D714632B833821FD7BB0C`	Random number

2) Server sends response of the form

Received payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 01 4C 52 79 21 A9 72 68
0010 | 50 00 00 00 63 24 16 05 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 08 16 E7 48 B2 95 22 C6
0040 | 8F 00 00 00 15 C4 B5 1C 03 00 00 00 85 FD 64 DE
0050 | 85 1D 9D D0 A5 B7 F7 09 35 5F C3 0B 21 6B E8 6C
0060 | 02 2B B4 C3

Payload (de)serialization:

resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;

Parameter	Offset, Length in bytes	Value	Description
auth_key_id	0, 8	`0000000000000000`	0 since the message is in plain text
message_id	8, 8	`014C527921A97268`	Message ID generated as specified here » (unixtime() << 32) + (N*4)
message_length	16, 4	`50000000` (80 in decimal)	Message body length
%(resPQ)	20, 4	`63241605`	resPQ constructor number from TL schema
nonce	24, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	40, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Server-generated random number
pq	56, 12	`0816E748B29522C68F000000` TL byte deserialization => bigendian conversion to decimal => 1650367720298038927	Single-byte prefix denoting length, an 8-byte string, and three bytes of padding
%(Vector strlong)	68, 4	`15c4b51c`	Vector t constructor number from TL schema
count	72, 4	`03000000`	Number of elements in server_public_key_fingerprints
server_public_key_fingerprints[0]	76, 8	`85FD64DE851D9DD0`	64 lower-order bits of `SHA1(server_public_key)`
server_public_key_fingerprints[1]	84, 8	`A5B7F709355FC30B`	64 lower-order bits of `SHA1(server_public_key)`
server_public_key_fingerprints[2]	92, 8	`216BE86C022BB4C3`	64 lower-order bits of `SHA1(server_public_key)`

In our case, the client only has the following public keys, with the following fingerprints:

85FD64DE851D9DD0

Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0.

Proof of work

3) Client decomposes pq into prime factors such that p < q.

pq = 1650367720298038927

Decompose into 2 prime cofactors p < q: 1650367720298038927 = 1145839111 * 1440313657

p = 1145839111
q = 1440313657

Presenting proof of work; Server authentication

4) `encrypted_data` payload generation

First of all, generate an encrypted_data payload as follows:

Generated payload (excluding transport headers/trailers):

0000 | 95 5F F5 A9 08 16 E7 48 B2 95 22 C6 8F 00 00 00
0010 | 04 44 4C 1E 07 00 00 00 04 55 D9 71 39 00 00 00
0020 | 75 E6 22 F3 BC 7D 71 46 32 B8 33 82 1F D7 BB 0C
0030 | 8E C5 3E C0 50 CB 2D 47 5B 45 7B AF 44 5B 49 F5
0040 | 99 80 D4 75 80 F8 88 B3 B1 DA EF 34 DB 48 47 3E
0050 | 7D 8B D2 68 A5 8F F0 3B 8C 4A 9F 7A 42 24 59 59
0060 | 02 00 00 00

Payload (de)serialization:

p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;

Parameter	Offset, Length in bytes	Value	Description
%(p_q_inner_data_dc)	0, 4	`955ff5a9`	p_q_inner_data_dc constructor number from TL schema
pq	4, 12	`0816E748B29522C68F000000` TL byte deserialization => bigendian conversion to decimal => 1650367720298038927	Single-byte prefix denoting length, 8-byte string, and three bytes of padding
p	16, 8	`04444C1E07000000` TL byte deserialization => bigendian conversion to decimal => 1145839111	First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
q	24, 8	`0455D97139000000` TL byte deserialization => bigendian conversion to decimal => 1440313657	Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
nonce	32, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	48, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
new_nonce	64, 32	`9980D47580F888B3B1DAEF34DB48473E` `7D8BD268A58FF03B8C4A9F7A42245959`	Client-generated random number
dc	96, 4	`02000000` (2 in decimal)	DC ID: `10000` (decimal) has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC.

The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:

data = 955FF5A90816E748B29522C68F00000004444C1E070000000455D9713900000075E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F59980D47580F888B3B1DAEF34DB48473E7D8BD268A58FF03B8C4A9F7A4224595902000000
random_padding_bytes = 252A073EE8374E6CE125C66E082722D5594D192C90F080B19348609886999D4866E0A4E62FBC0DBC90BD56157405A5EC9F59DEA5EFC99B571F477023E35C0B059875BC2A8DCC7CA164857BF4B359303CC4B05E33BDACEAD881FF8AF6

And this is the output:

encrypted_data = 90511A4D8C730E67A091E4C4B623DC9AFAE98BDB499016A5AFAD35B9996BD06519B8182FA1F8FDDF2C365474FE315D93CF736E86B5B591AC1DCCAE9C5FE9A9170B6D1B9A9881A4C9F9756CF9BCDCBE7A89ECA398686E3B180A0C3695E6A971847B905C6EB001A65F49395C24171020D2EE7C2BADF486F78F6CBDAB9DBB54F9A159A11BD4FD5F8B2DBB7141A8A11F3FD960EC5ED25B96FCE573A4F1EC61CD507957B77BB3349406365D92E1E0839A0C6EA3084702C949B268DA5677603145237440A199D190F257A7FD99B2EF8555030A6F35747742344B07C4DC7753AC2BF3E38C880416B7BB1EEBCB1556845F53895DEBF6AE06E4032DFA90720D5DDAAF50CA

The length of the final string is 256 bytes.

5) Send req_DH_params query with generated `encrypted_data`

Sent payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 E4 D1 0C 00 21 A9 72 68
0010 | 40 01 00 00 BE E4 12 D7 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 04 44 4C 1E 07 00 00 00
0040 | 04 55 D9 71 39 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 90 51 1A 4D 8C 73 0E 67 A0 91 E4 C4
0060 | B6 23 DC 9A FA E9 8B DB 49 90 16 A5 AF AD 35 B9
0070 | 99 6B D0 65 19 B8 18 2F A1 F8 FD DF 2C 36 54 74
0080 | FE 31 5D 93 CF 73 6E 86 B5 B5 91 AC 1D CC AE 9C
0090 | 5F E9 A9 17 0B 6D 1B 9A 98 81 A4 C9 F9 75 6C F9
00A0 | BC DC BE 7A 89 EC A3 98 68 6E 3B 18 0A 0C 36 95
00B0 | E6 A9 71 84 7B 90 5C 6E B0 01 A6 5F 49 39 5C 24
00C0 | 17 10 20 D2 EE 7C 2B AD F4 86 F7 8F 6C BD AB 9D
00D0 | BB 54 F9 A1 59 A1 1B D4 FD 5F 8B 2D BB 71 41 A8
00E0 | A1 1F 3F D9 60 EC 5E D2 5B 96 FC E5 73 A4 F1 EC
00F0 | 61 CD 50 79 57 B7 7B B3 34 94 06 36 5D 92 E1 E0
0100 | 83 9A 0C 6E A3 08 47 02 C9 49 B2 68 DA 56 77 60
0110 | 31 45 23 74 40 A1 99 D1 90 F2 57 A7 FD 99 B2 EF
0120 | 85 55 03 0A 6F 35 74 77 42 34 4B 07 C4 DC 77 53
0130 | AC 2B F3 E3 8C 88 04 16 B7 BB 1E EB CB 15 56 84
0140 | 5F 53 89 5D EB F6 AE 06 E4 03 2D FA 90 72 0D 5D
0150 | DA AF 50 CA

Payload (de)serialization:

req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;

Parameter	Offset, Length in bytes	Value	Description
auth_key_id	0, 8	`0000000000000000`	0 since the message is in plain text
message_id	8, 8	`E4D10C0021A97268`	Message ID generated as specified here » (unixtime() << 32) + (N*4)
message_length	16, 4	`40010000` (320 in decimal)	Message body length
%(req_DH_params)	20, 4	`bee412d7`	req_DH_params constructor number from TL schema
nonce	24, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	40, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
p	56, 8	`04444C1E07000000` TL byte deserialization => bigendian conversion to decimal => 1145839111	First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
q	64, 8	`0455D97139000000` TL byte deserialization => bigendian conversion to decimal => 1440313657	Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
public_key_fingerprint	72, 8	`85FD64DE851D9DD0`	`fingerprint` of public key used
encrypted_data	80, 260	`FE00010090511A4D8C730E67A091E4C4` `B623DC9AFAE98BDB499016A5AFAD35B9` `996BD06519B8182FA1F8FDDF2C365474` `FE315D93CF736E86B5B591AC1DCCAE9C` `5FE9A9170B6D1B9A9881A4C9F9756CF9` `BCDCBE7A89ECA398686E3B180A0C3695` `E6A971847B905C6EB001A65F49395C24` `171020D2EE7C2BADF486F78F6CBDAB9D` `BB54F9A159A11BD4FD5F8B2DBB7141A8` `A11F3FD960EC5ED25B96FCE573A4F1EC` `61CD507957B77BB3349406365D92E1E0` `839A0C6EA3084702C949B268DA567760` `3145237440A199D190F257A7FD99B2EF` `8555030A6F35747742344B07C4DC7753` `AC2BF3E38C880416B7BB1EEBCB155684` `5F53895DEBF6AE06E4032DFA90720D5D` `DAAF50CA`	Value generated above

6) Server responds with:

Received payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 01 3C 94 9A 21 A9 72 68
0010 | 78 02 00 00 5C 07 E8 D0 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 FE 50 02 00 0E EF F2 25
0040 | 8A E9 3B F6 A5 8F 79 37 1A DA 21 06 B2 0E 80 60
0050 | 25 6B 68 91 82 EF E3 7C 03 B0 6C 6F D9 0C F2 0F
0060 | B5 6D 6C 10 F6 99 C3 2F EB 76 A8 E9 A0 44 CB 0A
0070 | EC CA 05 3C F3 01 D3 2B E8 5D F6 DA 0D 28 6F 5F
0080 | C8 6D 60 3E B8 89 C2 D0 78 6D D0 C1 37 08 9E 6D
0090 | 55 D0 39 D1 1C 1E A6 88 A8 89 88 22 8F 36 7E 0B
00A0 | A2 C3 3E 49 B9 79 D6 04 7F 25 29 49 BB 19 40 5A
00B0 | D4 E8 B5 40 1A 54 0A 5F FD 96 8A FF 22 63 1A 32
00C0 | 51 C6 29 70 EE A1 F0 61 B4 8D 76 7B 04 75 B1 28
00D0 | C8 7C 16 E6 55 0C A0 01 2F BD A1 C5 73 AB 66 3C
00E0 | 48 33 DE D8 7D B0 0A 23 DB 5C 6E 14 89 50 DF 2F
00F0 | 40 9D 31 85 77 F1 83 A7 38 EE 62 6B 53 0F 3A B9
0100 | 4D 88 02 C2 2E DA 47 9D BC 06 65 1B 5B 0E 7F 26
0110 | E8 DF D2 5B 04 39 94 7B 38 38 D6 DE FC B0 1A B0
0120 | CC 42 C7 DA DD DE 54 72 52 20 9E 6A D0 EB 7C FC
0130 | F8 DF 65 8B 21 AB FF 4A 77 F8 25 A3 87 24 7C 47
0140 | 7F 1D 22 52 C1 5E C3 9D E9 6C 8B EB D9 2E 3A 0F
0150 | 19 D2 2C D7 0D A8 48 CD 76 16 53 9B C3 1C 2C 64
0160 | 38 3C C7 C3 2D 38 F7 BD 9C 5A 62 6D 06 4C 31 5B
0170 | 43 6B B6 89 AF 31 17 8F AB A6 A7 02 ED 5C 73 D3
0180 | B0 15 D0 C0 04 5B 2E ED 93 16 F4 15 37 1F 1D A7
0190 | 3B EC E2 13 0C 19 A6 02 1D 6E A1 0C 27 9D 01 6E
01A0 | 94 C3 EA 4F 37 2B 4E 21 81 32 39 A5 AB 88 E8 40
01B0 | 19 03 77 7B 1D BD FB 95 34 3F F9 B5 35 CC 43 F3
01C0 | A8 4C FB 47 1C 6F B4 DB 46 C5 05 5D F3 E9 B2 B4
01D0 | 31 32 53 14 B3 E8 7F 31 D4 AA 20 31 0B D8 0B 50
01E0 | B0 D5 64 C1 EA C0 2A B9 0A C4 23 3D 35 18 3E 85
01F0 | 2D 6E 9F 34 46 4D CA 58 2D 4E 2E 0F 52 CA BD E3
0200 | 41 30 70 7F 5A 3C DD 6E 32 D2 F4 2B 87 94 EB C9
0210 | 06 32 FA E3 17 40 82 0F 5E 85 7A 24 82 E5 4B 7D
0220 | A8 8D 3F AA 5A 49 72 67 55 AA B0 9D A6 9A DB B7
0230 | 2C EA 06 3E 6F 42 C2 02 99 AC A8 69 3C 3B 2A 2E
0240 | 55 37 E3 80 F9 A6 44 88 82 CE B3 49 10 FE FC F7
0250 | 01 50 1B 1A 6A 18 D8 DD 16 86 28 DB FA F1 5A AD
0260 | 6D 99 47 80 1B 5B D9 FC F2 A0 F8 6F 00 6F 6D B1
0270 | BB 3F CE 08 1A 0C 33 5E 29 F5 D3 71 10 0A 03 B9
0280 | 66 9D AB 46 CA 31 AC B2 F3 88 49 EA

Payload (de)serialization:

server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;

Parameter	Offset, Length in bytes	Value	Description
auth_key_id	0, 8	`0000000000000000`	0 since the message is in plain text
message_id	8, 8	`013C949A21A97268`	Message ID generated as specified here » (unixtime() << 32) + (N*4)
message_length	16, 4	`78020000` (632 in decimal)	Message body length
%(server_DH_params_ok)	20, 4	`5c07e8d0`	server_DH_params_ok constructor number from TL schema
nonce	24, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	40, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
encrypted_answer	56, 596	`FE5002000EEFF2258AE93BF6A58F7937` `1ADA2106B20E8060256B689182EFE37C` `03B06C6FD90CF20FB56D6C10F699C32F` `EB76A8E9A044CB0AECCA053CF301D32B` `E85DF6DA0D286F5FC86D603EB889C2D0` `786DD0C137089E6D55D039D11C1EA688` `A88988228F367E0BA2C33E49B979D604` `7F252949BB19405AD4E8B5401A540A5F` `FD968AFF22631A3251C62970EEA1F061` `B48D767B0475B128C87C16E6550CA001` `2FBDA1C573AB663C4833DED87DB00A23` `DB5C6E148950DF2F409D318577F183A7` `38EE626B530F3AB94D8802C22EDA479D` `BC06651B5B0E7F26E8DFD25B0439947B` `3838D6DEFCB01AB0CC42C7DADDDE5472` `52209E6AD0EB7CFCF8DF658B21ABFF4A` `77F825A387247C477F1D2252C15EC39D` `E96C8BEBD92E3A0F19D22CD70DA848CD` `7616539BC31C2C64383CC7C32D38F7BD` `9C5A626D064C315B436BB689AF31178F` `ABA6A702ED5C73D3B015D0C0045B2EED` `9316F415371F1DA73BECE2130C19A602` `1D6EA10C279D016E94C3EA4F372B4E21` `813239A5AB88E8401903777B1DBDFB95` `343FF9B535CC43F3A84CFB471C6FB4DB` `46C5055DF3E9B2B431325314B3E87F31` `D4AA20310BD80B50B0D564C1EAC02AB9` `0AC4233D35183E852D6E9F34464DCA58` `2D4E2E0F52CABDE34130707F5A3CDD6E` `32D2F42B8794EBC90632FAE31740820F` `5E857A2482E54B7DA88D3FAA5A497267` `55AAB09DA69ADBB72CEA063E6F42C202` `99ACA8693C3B2A2E5537E380F9A64488` `82CEB34910FEFCF701501B1A6A18D8DD` `168628DBFAF15AAD6D9947801B5BD9FC` `F2A0F86F006F6DB1BB3FCE081A0C335E` `29F5D371100A03B9669DAB46CA31ACB2` `F38849EA`	See below

Decrypt encrypted_answer using the reverse of the process specified in step 6:

encrypted_answer = 0EEFF2258AE93BF6A58F79371ADA2106B20E8060256B689182EFE37C03B06C6FD90CF20FB56D6C10F699C32FEB76A8E9A044CB0AECCA053CF301D32BE85DF6DA0D286F5FC86D603EB889C2D0786DD0C137089E6D55D039D11C1EA688A88988228F367E0BA2C33E49B979D6047F252949BB19405AD4E8B5401A540A5FFD968AFF22631A3251C62970EEA1F061B48D767B0475B128C87C16E6550CA0012FBDA1C573AB663C4833DED87DB00A23DB5C6E148950DF2F409D318577F183A738EE626B530F3AB94D8802C22EDA479DBC06651B5B0E7F26E8DFD25B0439947B3838D6DEFCB01AB0CC42C7DADDDE547252209E6AD0EB7CFCF8DF658B21ABFF4A77F825A387247C477F1D2252C15EC39DE96C8BEBD92E3A0F19D22CD70DA848CD7616539BC31C2C64383CC7C32D38F7BD9C5A626D064C315B436BB689AF31178FABA6A702ED5C73D3B015D0C0045B2EED9316F415371F1DA73BECE2130C19A6021D6EA10C279D016E94C3EA4F372B4E21813239A5AB88E8401903777B1DBDFB95343FF9B535CC43F3A84CFB471C6FB4DB46C5055DF3E9B2B431325314B3E87F31D4AA20310BD80B50B0D564C1EAC02AB90AC4233D35183E852D6E9F34464DCA582D4E2E0F52CABDE34130707F5A3CDD6E32D2F42B8794EBC90632FAE31740820F5E857A2482E54B7DA88D3FAA5A49726755AAB09DA69ADBB72CEA063E6F42C20299ACA8693C3B2A2E5537E380F9A6448882CEB34910FEFCF701501B1A6A18D8DD168628DBFAF15AAD6D9947801B5BD9FCF2A0F86F006F6DB1BB3FCE081A0C335E29F5D371100A03B9669DAB46CA31ACB2F38849EA
tmp_aes_key = A778250F36205F1D35B7BAC3E0FFA72E1435191B6D2C34B2A7C5C7B4F254E75D
tmp_aes_iv = 23C60FE71C305F5760D20935ADDFA0C14E7A1EDA7E844F561DEFD4929980D475

Yielding:

answer_with_hash = 7A8E9F9FDFF9861D601DB7BA4648620E68EDA42DBA0D89B575E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F503000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007D1326058B21BCDB95DC376331C5B47A1275A99F8F6F8112703207DF5F1118A3727B9F9D7F2930CEB4EE373E7C9C919C10AC6570EDD02D81431BFA757AF6F6C480834E2EFDAD9FF40395801CB21E9E40307631862C0D7BB3B3B9415EFECD513CF0AB2E9A3EE2D377BE21E599269A82B74E5977FE7A6587E0BD47047422AC6D2B0829AA031E1CE00DA0B778BB1CB066B9E44BFDED0578BC1D09508A0B5AA5707F68ECED74011CAD9B44CF965376EE22B90DC6A51C0EBB0A6D48B1CC0E5548F5983610DD05676FECA4D9DA1096B308621E3EB182C57A0E9F263F0A7C2EBA6224958AF68C8FBE931B46AD58F260F01360D1CDDF4D6FB614A6A46DF3EFD09EA5589421A97268CC27A5D224EE019E
answer = BA0D89B575E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F503000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007D1326058B21BCDB95DC376331C5B47A1275A99F8F6F8112703207DF5F1118A3727B9F9D7F2930CEB4EE373E7C9C919C10AC6570EDD02D81431BFA757AF6F6C480834E2EFDAD9FF40395801CB21E9E40307631862C0D7BB3B3B9415EFECD513CF0AB2E9A3EE2D377BE21E599269A82B74E5977FE7A6587E0BD47047422AC6D2B0829AA031E1CE00DA0B778BB1CB066B9E44BFDED0578BC1D09508A0B5AA5707F68ECED74011CAD9B44CF965376EE22B90DC6A51C0EBB0A6D48B1CC0E5548F5983610DD05676FECA4D9DA1096B308621E3EB182C57A0E9F263F0A7C2EBA6224958AF68C8FBE931B46AD58F260F01360D1CDDF4D6FB614A6A46DF3EFD09EA5589421A97268CC27A5D224EE019E

Generated payload (excluding transport headers/trailers):

0000 | BA 0D 89 B5 75 E6 22 F3 BC 7D 71 46 32 B8 33 82
0010 | 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47 5B 45 7B AF
0020 | 44 5B 49 F5 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 7D 13 26 05 8B 21 BC DB 95 DC 37 63 31 C5 B4 7A
0140 | 12 75 A9 9F 8F 6F 81 12 70 32 07 DF 5F 11 18 A3
0150 | 72 7B 9F 9D 7F 29 30 CE B4 EE 37 3E 7C 9C 91 9C
0160 | 10 AC 65 70 ED D0 2D 81 43 1B FA 75 7A F6 F6 C4
0170 | 80 83 4E 2E FD AD 9F F4 03 95 80 1C B2 1E 9E 40
0180 | 30 76 31 86 2C 0D 7B B3 B3 B9 41 5E FE CD 51 3C
0190 | F0 AB 2E 9A 3E E2 D3 77 BE 21 E5 99 26 9A 82 B7
01A0 | 4E 59 77 FE 7A 65 87 E0 BD 47 04 74 22 AC 6D 2B
01B0 | 08 29 AA 03 1E 1C E0 0D A0 B7 78 BB 1C B0 66 B9
01C0 | E4 4B FD ED 05 78 BC 1D 09 50 8A 0B 5A A5 70 7F
01D0 | 68 EC ED 74 01 1C AD 9B 44 CF 96 53 76 EE 22 B9
01E0 | 0D C6 A5 1C 0E BB 0A 6D 48 B1 CC 0E 55 48 F5 98
01F0 | 36 10 DD 05 67 6F EC A4 D9 DA 10 96 B3 08 62 1E
0200 | 3E B1 82 C5 7A 0E 9F 26 3F 0A 7C 2E BA 62 24 95
0210 | 8A F6 8C 8F BE 93 1B 46 AD 58 F2 60 F0 13 60 D1
0220 | CD DF 4D 6F B6 14 A6 A4 6D F3 EF D0 9E A5 58 94
0230 | 21 A9 72 68

Payload (de)serialization:

server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;

Parameter	Offset, Length in bytes	Value	Description
%(server_DH_inner_data)	0, 4	`ba0d89b5`	server_DH_inner_data constructor number from TL schema
nonce	4, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	20, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
g	36, 4	`03000000` (3 in decimal)	Value received from server in Step 2
dh_prime	40, 260	`FE000100C71CAEB9C6B1C9048E6C522F` `70F13F73980D40238E3E21C14934D037` `563D930F48198A0AA7C14058229493D2` `2530F4DBFA336F6E0AC925139543AED4` `4CCE7C3720FD51F69458705AC68CD4FE` `6B6B13ABDC9746512969328454F18FAF` `8C595F642477FE96BB2A941D5BCD1D4A` `C8CC49880708FA9B378E3C4F3A9060BE` `E67CF9A4A4A695811051907E162753B5` `6B0F6B410DBA74D8A84B2A14B3144E0E` `F1284754FD17ED950D5965B4B9DD4658` `2DB1178D169C6BC465B0D6FF9CA3928F` `EF5B9AE4E418FC15E83EBEA0F87FA9FF` `5EED70050DED2849F47BF959D956850C` `E929851F0D8115F635B105EE2E4E15D0` `4B2454BF6F4FADF034B10403119CD8E3` `B92FCC5B`	2048-bit prime, in big-endian byte order, to be checked as specified in the auth key docs
g_a	300, 260	`FE0001007D1326058B21BCDB95DC3763` `31C5B47A1275A99F8F6F8112703207DF` `5F1118A3727B9F9D7F2930CEB4EE373E` `7C9C919C10AC6570EDD02D81431BFA75` `7AF6F6C480834E2EFDAD9FF40395801C` `B21E9E40307631862C0D7BB3B3B9415E` `FECD513CF0AB2E9A3EE2D377BE21E599` `269A82B74E5977FE7A6587E0BD470474` `22AC6D2B0829AA031E1CE00DA0B778BB` `1CB066B9E44BFDED0578BC1D09508A0B` `5AA5707F68ECED74011CAD9B44CF9653` `76EE22B90DC6A51C0EBB0A6D48B1CC0E` `5548F5983610DD05676FECA4D9DA1096` `B308621E3EB182C57A0E9F263F0A7C2E` `BA6224958AF68C8FBE931B46AD58F260` `F01360D1CDDF4D6FB614A6A46DF3EFD0` `9EA55894`	`g_a` diffie-hellman parameter
server_time	560, 4	`21A97268` (1752344865 in decimal)	Server time

7) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message

First, generate a secure random 2048-bit number b:

b = 26D1249FAA87403379951DF6ABEB262F4D2A6BC4B59655FDE2275B9851CC4722F631EF29FCFDE3F1C72F0282DBD36E4A45CEB6D64BADCCC26FAE3529B78A7E8067698CD5812EB47613EC562C09F6698293214ED0268CD8A87218336F338BEA9AB72056AA0CAC9B52CD7D96EDF851923C53276567F3AEEBB83081897B1EE57A0F2EDFD0E1FC70EE3050D285574AFE6B64F482A884A3A8D5ABA71FBD10BC0A59B5E15E0A58F17D7E85417BD730B29B817402035FFD329EB292820012E36F01852B59A1640BB739310BB408E0FBC30F6B00AA93D261EDC7BEAB61F6CDBE645E5E58D74EA8856010418F66AB0C60E30093A4EA75019654C70CE024ABC4102EEF47A2

Then compute g_b = pow(g, b) mod dh_prime

g_b = 2DDFD3127F3027E815116B580669DC0A4B1B104CCCF97A0460E9AF7617DC7A571ECDF0FA98545C0309E53FF99C34B5DA33363A4270E9BEF97BB6D207CA639EE609B499A708A97E2F2440C7770FF902C165C14641A1340F835CEC5096F231755042C06E8E5A01F65A0CDB3294C7AC2DFF29B8E9331CC80B87B4F9824252BA12AA8BBD645D923C55AB18392DAE57A80BD6626093FD229DF0BC6C7312FBC7B2651267BA6F6DA04F47376E92EA451C702618A3B22897FD7066B211C7B3967027AF5E9FC9E003F1F558E574E0BEB154DC059321DC21D85AE136E046962FE6C1D8EC8B35845AB133D90F9FF73C112508DD660AAAE1BA1B235039C966CD40B19C0885C8

7.1) generation of encrypted_data

Generated payload (excluding transport headers/trailers):

0000 | 54 B6 43 66 75 E6 22 F3 BC 7D 71 46 32 B8 33 82
0010 | 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47 5B 45 7B AF
0020 | 44 5B 49 F5 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 2D DF D3 12 7F 30 27 E8 15 11 6B 58 06 69 DC 0A
0040 | 4B 1B 10 4C CC F9 7A 04 60 E9 AF 76 17 DC 7A 57
0050 | 1E CD F0 FA 98 54 5C 03 09 E5 3F F9 9C 34 B5 DA
0060 | 33 36 3A 42 70 E9 BE F9 7B B6 D2 07 CA 63 9E E6
0070 | 09 B4 99 A7 08 A9 7E 2F 24 40 C7 77 0F F9 02 C1
0080 | 65 C1 46 41 A1 34 0F 83 5C EC 50 96 F2 31 75 50
0090 | 42 C0 6E 8E 5A 01 F6 5A 0C DB 32 94 C7 AC 2D FF
00A0 | 29 B8 E9 33 1C C8 0B 87 B4 F9 82 42 52 BA 12 AA
00B0 | 8B BD 64 5D 92 3C 55 AB 18 39 2D AE 57 A8 0B D6
00C0 | 62 60 93 FD 22 9D F0 BC 6C 73 12 FB C7 B2 65 12
00D0 | 67 BA 6F 6D A0 4F 47 37 6E 92 EA 45 1C 70 26 18
00E0 | A3 B2 28 97 FD 70 66 B2 11 C7 B3 96 70 27 AF 5E
00F0 | 9F C9 E0 03 F1 F5 58 E5 74 E0 BE B1 54 DC 05 93
0100 | 21 DC 21 D8 5A E1 36 E0 46 96 2F E6 C1 D8 EC 8B
0110 | 35 84 5A B1 33 D9 0F 9F F7 3C 11 25 08 DD 66 0A
0120 | AA E1 BA 1B 23 50 39 C9 66 CD 40 B1 9C 08 85 C8

Payload (de)serialization:

client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;

Parameter	Offset, Length in bytes	Value	Description
%(client_DH_inner_data)	0, 4	`54b64366`	client_DH_inner_data constructor number from TL schema
nonce	4, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	20, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
g_b	36, 260	`FE0001002DDFD3127F3027E815116B58` `0669DC0A4B1B104CCCF97A0460E9AF76` `17DC7A571ECDF0FA98545C0309E53FF9` `9C34B5DA33363A4270E9BEF97BB6D207` `CA639EE609B499A708A97E2F2440C777` `0FF902C165C14641A1340F835CEC5096` `F231755042C06E8E5A01F65A0CDB3294` `C7AC2DFF29B8E9331CC80B87B4F98242` `52BA12AA8BBD645D923C55AB18392DAE` `57A80BD6626093FD229DF0BC6C7312FB` `C7B2651267BA6F6DA04F47376E92EA45` `1C702618A3B22897FD7066B211C7B396` `7027AF5E9FC9E003F1F558E574E0BEB1` `54DC059321DC21D85AE136E046962FE6` `C1D8EC8B35845AB133D90F9FF73C1125` `08DD660AAAE1BA1B235039C966CD40B1` `9C0885C8`	Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding
retry_id	296, 8	`0000000000000000`	Equal to zero at the time of the first attempt; otherwise, it is equal to `auth_key_aux_hash` from the previous failed attempt (see Item 7).

The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:

data = 54B6436675E622F3BC7D714632B833821FD7BB0C8EC53EC050CB2D475B457BAF445B49F50000000000000000FE0001002DDFD3127F3027E815116B580669DC0A4B1B104CCCF97A0460E9AF7617DC7A571ECDF0FA98545C0309E53FF99C34B5DA33363A4270E9BEF97BB6D207CA639EE609B499A708A97E2F2440C7770FF902C165C14641A1340F835CEC5096F231755042C06E8E5A01F65A0CDB3294C7AC2DFF29B8E9331CC80B87B4F9824252BA12AA8BBD645D923C55AB18392DAE57A80BD6626093FD229DF0BC6C7312FBC7B2651267BA6F6DA04F47376E92EA451C702618A3B22897FD7066B211C7B3967027AF5E9FC9E003F1F558E574E0BEB154DC059321DC21D85AE136E046962FE6C1D8EC8B35845AB133D90F9FF73C112508DD660AAAE1BA1B235039C966CD40B19C0885C8
padding = 30E1F5763705C068F13EF090
tmp_aes_key = A778250F36205F1D35B7BAC3E0FFA72E1435191B6D2C34B2A7C5C7B4F254E75D
tmp_aes_iv = 23C60FE71C305F5760D20935ADDFA0C14E7A1EDA7E844F561DEFD4929980D475

Process:

data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);

Output:

encrypted_data = BCDB4AA96F0AA9061B0F831D64A6955BC3AC837416462721DDAA16E4D7D3DCE6DC5C3DE1A16F880012D7D6030B73629DD2B3F08F983B2F0D5F94AC041053DDAAA67A8A8DC8C12C61595C8A1F86F45E78552021143BD9DE8ECAA4DC5B9D635721E2581506C1D1A80D662FC782B686702CA644E7173EE38F98875B7B5EADBE44D6FD1E3D0FDB54B44E31CB249F5CC75308DD0B10E434B74D5613BA1E4FBA7C3A3F867BBEE466FE2B29E7DE20151EAA65502E664CF6F1ABFEE1649DCEE6C61A77068D38F8C6814FCE8AF0690A0D6DA3AE7AC04D17D32669331F3884DCADF151CF0C9A125D19520DBA6C81F229687A63832448A5C36B51F5CC2C3208C12655C1802BA0EC367B2C7E1D126F72773D51C9E3F43EE8C3F05E46A038B1A2DD5BC66E853688B15CAEEA69B6FC2D6D02CA5C9BA78F8A14181A27B9BDA47E546F49DB94835841BEF6A7D7C4B70A34BD8FEE25619A15

The length of the final string is 336 bytes.

7.2) set_client_DH_params query

Sent payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 E8 D1 0C 00 21 A9 72 68
0010 | 78 01 00 00 1F 5F 04 F5 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 FE 50 01 00 BC DB 4A A9
0040 | 6F 0A A9 06 1B 0F 83 1D 64 A6 95 5B C3 AC 83 74
0050 | 16 46 27 21 DD AA 16 E4 D7 D3 DC E6 DC 5C 3D E1
0060 | A1 6F 88 00 12 D7 D6 03 0B 73 62 9D D2 B3 F0 8F
0070 | 98 3B 2F 0D 5F 94 AC 04 10 53 DD AA A6 7A 8A 8D
0080 | C8 C1 2C 61 59 5C 8A 1F 86 F4 5E 78 55 20 21 14
0090 | 3B D9 DE 8E CA A4 DC 5B 9D 63 57 21 E2 58 15 06
00A0 | C1 D1 A8 0D 66 2F C7 82 B6 86 70 2C A6 44 E7 17
00B0 | 3E E3 8F 98 87 5B 7B 5E AD BE 44 D6 FD 1E 3D 0F
00C0 | DB 54 B4 4E 31 CB 24 9F 5C C7 53 08 DD 0B 10 E4
00D0 | 34 B7 4D 56 13 BA 1E 4F BA 7C 3A 3F 86 7B BE E4
00E0 | 66 FE 2B 29 E7 DE 20 15 1E AA 65 50 2E 66 4C F6
00F0 | F1 AB FE E1 64 9D CE E6 C6 1A 77 06 8D 38 F8 C6
0100 | 81 4F CE 8A F0 69 0A 0D 6D A3 AE 7A C0 4D 17 D3
0110 | 26 69 33 1F 38 84 DC AD F1 51 CF 0C 9A 12 5D 19
0120 | 52 0D BA 6C 81 F2 29 68 7A 63 83 24 48 A5 C3 6B
0130 | 51 F5 CC 2C 32 08 C1 26 55 C1 80 2B A0 EC 36 7B
0140 | 2C 7E 1D 12 6F 72 77 3D 51 C9 E3 F4 3E E8 C3 F0
0150 | 5E 46 A0 38 B1 A2 DD 5B C6 6E 85 36 88 B1 5C AE
0160 | EA 69 B6 FC 2D 6D 02 CA 5C 9B A7 8F 8A 14 18 1A
0170 | 27 B9 BD A4 7E 54 6F 49 DB 94 83 58 41 BE F6 A7
0180 | D7 C4 B7 0A 34 BD 8F EE 25 61 9A 15

Payload (de)serialization:

set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;

Parameter	Offset, Length in bytes	Value	Description
auth_key_id	0, 8	`0000000000000000`	0 since the message is in plain text
message_id	8, 8	`E8D10C0021A97268`	Message ID generated as specified here » (unixtime() << 32) + (N*4)
message_length	16, 4	`78010000` (376 in decimal)	Message body length
%(set_client_DH_params)	20, 4	`1f5f04f5`	set_client_DH_params constructor number from TL schema
nonce	24, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	40, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
encrypted_data	56, 340	`FE500100BCDB4AA96F0AA9061B0F831D` `64A6955BC3AC837416462721DDAA16E4` `D7D3DCE6DC5C3DE1A16F880012D7D603` `0B73629DD2B3F08F983B2F0D5F94AC04` `1053DDAAA67A8A8DC8C12C61595C8A1F` `86F45E78552021143BD9DE8ECAA4DC5B` `9D635721E2581506C1D1A80D662FC782` `B686702CA644E7173EE38F98875B7B5E` `ADBE44D6FD1E3D0FDB54B44E31CB249F` `5CC75308DD0B10E434B74D5613BA1E4F` `BA7C3A3F867BBEE466FE2B29E7DE2015` `1EAA65502E664CF6F1ABFEE1649DCEE6` `C61A77068D38F8C6814FCE8AF0690A0D` `6DA3AE7AC04D17D32669331F3884DCAD` `F151CF0C9A125D19520DBA6C81F22968` `7A63832448A5C36B51F5CC2C3208C126` `55C1802BA0EC367B2C7E1D126F72773D` `51C9E3F43EE8C3F05E46A038B1A2DD5B` `C66E853688B15CAEEA69B6FC2D6D02CA` `5C9BA78F8A14181A27B9BDA47E546F49` `DB94835841BEF6A7D7C4B70A34BD8FEE` `25619A15`	Encrypted client_DH_inner_data generated previously, serialized as a TL byte string

8) Auth key generation

The client computes the auth_key using formula g_a^b mod dh_prime:

auth_key = 3EA4F4C36CEF29D4A96ACAA74C1CE1C36CCAB5BC275FFCBB345E58F8EDEA888E20CB36721C6006801F6059462AE5994FB37AFEEC208F798FAF71BE00108B564283119AD26B8256BC4BF673E250256AF1B8BBE9950488BDBDC8FF39B04294FA5E3ECE61075F662C9B23C8838B9111090ED035597878E9A50C2FE3FFB6A0869877D0304EE6CBE7B1DDF57304A326A1FA3DC8E024C476D1EEF60977ED46CDC34557AFDE09BBA2B29DB850331BEB26608332EBB7533E23324C45CA973874619E42E6A5799AEC48E13C7BB09D8CE6527D232A4F1EDC99B87886934B26048C22B7FC6D61140BC15660AC1F1EBBE14FED805F2C4B7C7605FE465CC16CDE6FAE2603DB1C

9) Final server reply

The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:

Received payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 01 54 C4 A1 22 A9 72 68
0010 | 34 00 00 00 34 F7 CB 3B 75 E6 22 F3 BC 7D 71 46
0020 | 32 B8 33 82 1F D7 BB 0C 8E C5 3E C0 50 CB 2D 47
0030 | 5B 45 7B AF 44 5B 49 F5 9C C1 B8 00 4E 5E 07 A0
0040 | E1 5B 6E 0F D7 FF 61 17

Payload (de)serialization:

dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;

Parameter	Offset, Length in bytes	Value	Description
auth_key_id	0, 8	`0000000000000000`	0 since the message is in plain text
message_id	8, 8	`0154C4A122A97268`	Message ID generated as specified here » (unixtime() << 32) + (N*4)
message_length	16, 4	`34000000` (52 in decimal)	Message body length
%(dh_gen_ok)	20, 4	`34f7cb3b`	dh_gen_ok constructor number from TL schema
nonce	24, 16	`75E622F3BC7D714632B833821FD7BB0C`	Value generated by client in Step 1
server_nonce	40, 16	`8EC53EC050CB2D475B457BAF445B49F5`	Value received from server in Step 2
new_nonce_hash1	56, 16	`9CC1B8004E5E07A0E15B6E0FD7FF6117`	The 128 lower-order bits of SHA1 of the byte string derived from the `new_nonce` string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with `auth_key_aux_hash`. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry.

Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.

Auth key generation example

DH exchange initiation

1) Client sends query to server

2) Server sends response of the form

Proof of work

3) Client decomposes pq into prime factors such that p < q.

Presenting proof of work; Server authentication

4) `encrypted_data` payload generation

5) Send req_DH_params query with generated `encrypted_data`

6) Server responds with:

7) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message

7.1) generation of encrypted_data

7.2) set_client_DH_params query

8) Auth key generation

9) Final server reply

Telegram

About

Mobile Apps

Desktop Apps

Platform

About

Blog

Press

Moderation

Auth key generation example

DH exchange initiation

1) Client sends query to server

2) Server sends response of the form

Proof of work

3) Client decomposes pq into prime factors such that p < q.

Presenting proof of work; Server authentication

4) encrypted_data payload generation

5) Send req_DH_params query with generated encrypted_data

6) Server responds with:

7) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message

7.1) generation of encrypted_data

7.2) set_client_DH_params query

8) Auth key generation

9) Final server reply

Telegram

4) `encrypted_data` payload generation

5) Send req_DH_params query with generated `encrypted_data`