MTProto: Telegram mobile protocol
Protocol overview
MTProto is Telegram's cryptographic transport protocol designed for secure and reliable delivery in unstable mobile networks.
It provides confidentiality, integrity, and endpoint authentication while remaining lightweight enough for high-latency connections.
MTProto 2.0
MTProto 2.0 replaces SHA-1 with SHA-256, improves key derivation, and adds randomized padding to reduce traffic fingerprinting.
Terminology
| Term | Description |
|---|---|
auth_key | Long-term authorization key negotiated during client-server handshake. |
msg_key | Message key derived from payload hash and part of auth_key. |
server_salt | Temporary 64-bit salt used to protect against replay attacks. |
session_id | Session identifier that binds messages to a specific client session. |
Encryption
Messages are encrypted with AES-256-IGE; the key and IV are derived from auth_key and msg_key.
Authorization keys
The handshake is based on Diffie-Hellman with RSA key verification to prevent man-in-the-middle attacks.
VPN comparison
| Feature | MTProxy | VPN | SOCKS5 |
|---|---|---|---|
| Scope | Telegram only | All traffic | Configured apps |
| Setup | One click | Client app + config | Manual setup |
| Traffic camouflage | FakeTLS/HTTPS | Protocol dependent | No |
Usage
Telegram clients support MTProxy natively. Opening a tg://proxy link adds and enables the proxy in a few taps.
Using a secret with FakeTLS parameters helps disguise traffic as normal HTTPS and improves resilience against DPI blocking.