[Feature Request] Secret Chats in Telegram Desktop

[marcovelon]

This issue is a continuation of https://github.com/telegramdesktop/tdesktop/issues/871 and https://github.com/telegramdesktop/tdesktop/issues/16835 and is dedicated to the code bounty campaign related to lack of implementation of a Secret Chat feature (end-to-end encryption in private messages) in Telegram Desktop.

The objective is to implement the Secret Chats feature into this Telegram client: https://github.com/telegramdesktop/tdesktop

It is possible to do it with 3 different ways (but not limited to):

• Migrating tdesktop to TDLib / Including TDLib to Telegram Desktop and using its Secret Chat API partly comment from @lukejohnsonrp
• Extracting the Secret Chats code from TDLib or telegram-api (https://github.com/vysheng/tg / https://github.com/vysheng/tgl) and reimplementing it into tdesktop
• Reimplementing it from scratch based on the official public specification available here https://core.telegram.org/api/end-to-end and https://core.telegram.org/schema/end-to-end
• Only protocol handlers need to be implemented, because all the cryptographic functions are already present in the Telegram Desktop (source)

This code bounty doesn't limit the programmer to any specific way of implementation, as soon as the final result will make possible to use Secret Chats on the open source Telegram Desktop (tdesktop) client on Linux and Windows in the exactly same way as it's done in mobile clients.

UPDATE 04/2022 / Funds distribution scheme:

There will be 3 payouts based on completion of the following stages:

• [1/3] Estabilishing Secret Chats via DH key exchange (ability to send and accept Secret Chat requests) [COMPLETE] in https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012d
• [2/3] Ability to send and receive encrypted messages in estabilished Secret Chats [COMPLETE] in https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012d
• [3/3] Re-keying (PFS) and media sharing in Secret Chats

The developer(s) will receive 1 ETH for completing one of the stages from the list above, totalling 3 ETH for all stages. The source code should be available and compilable.

The adjacent functionality such as deleting and configuring Secret Chat options can be done during any phase of the work progress described in the list above, however it must be done before or with 3/3.

I have created a verified signature for my Ethereum address containing the funds for this issue: https://etherscan.io/verifySig/4431 (https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc)

Any voluntary donations are welcome. You can send them to the address above.

My email for communication is marcovelon@protonmail.com

CURRENT PROJECT FUNDING:

The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)

[sergiotarxz]

The second phase is completed and commited.

[ilya-fedin]

Does it means that I am supposed to keep asking Preston without it annoying him?

He saw your GH issue today and he says he doesn't even remember that you wrote him, when I remembered him that he answered 'idk', he said he didn't understand what you wrote.

[sergiotarxz]

Does it means that I am supposed to keep asking Preston without it annoying him?

He saw your GH issue today and he says he doesn't even remember that you wrote him, when I remembered him that he answered 'idk', he said he didn't understand what you wrote.

His response is very useful for the third phase.

[sergiotarxz]

[marcovelon]

[1/3] Estabilishing Secret Chats via DH key exchange (ability to send and accept Secret Chat requests) [COMPLETE] [2/3] Ability to send and receive encrypted messages in estabilished Secret Chats [COMPLETE]

@sergiotarxz, congratulations. Cryptography-related part of SC is now complete.

It took only around 3 weeks to finish the part that was considered most difficult by official devs. @lukejohnsonrp's predicted timing on this was also correct.

1 ETH sent.

[arch-btw]

Just want to confirm that it works! Thank you for this @sergiotarxz great job! 👍 and also thank you @marcovelon for organizing this 👍 Quick screenshot:

[sergiotarxz]

I am so happy right now, thanks for the payment and the encouragements to both @arch-btw and @marcovelon

I think the difference between I may be able to do this and I can do this have been already surpassed.

Third part is going to be hard job because I have to join all the pieces to do it functional, but it isn't a job that may not be doable or over-complicated and instead it is job that has been already done in different ways in tdesktop.

Let's go!

[ilya-fedin]

was considered most difficult by official devs

That's false

[sergiotarxz]

Hi, I had a hard day because the elections in my region and I am getting this day off.

I have not started yet with the third phase.

[marcovelon]

was considered most difficult by official devs

That's false

No, it's not: https://github.com/telegramdesktop/tdesktop/issues/8071#issuecomment-648264481

Also, it was considered a "sensible request" in 871

Also #871 #777 #68 #118 #619 #8071 #17216 #16938 #16878 #16772 #16409 #16388 #10162 and https://github.com/telegramdesktop/tdesktop/issues?q=is%3Aissue+secret+chat and 8 years of an official client without a core feature...

[ilya-fedin]

No, it's not:

As you can see, this message doesn't say anything about that part. It just says that the entire feature is difficult.

[marcovelon]

It doesn't need to say about that part because it's quite obvious and doesn't make my point "false" either, specially considering that those messages I showed aren't only ones existing. There are a lot more similar messages and even one where he states that it's an "impossible task" at some point. Can't remember the exact issue number but you can find it yourself if you go through and review around ~100 issues on this subject.

There are also a lot of messages of him where he says that the task is hard unless TDLib is used, and as a developer you should know that relying on TDLib for SC means using only cryptographic and protocol implementation, since UI still must be implemented. This fact also supports quite accurately what I said previously, because obviously UI was never the hardest part of this issue.

[ilya-fedin]

It doesn't need to say about that part because it's quite obvious

Well, you made an false assumption. See https://github.com/marcovelon/tdesktop/issues/2#issuecomment-1151847910.

means using only cryptographic and protocol implementation

It also implements local message database, doesn't it? I believe it also implements other features related to secret chats that are required for an implementation in an official client.

[marcovelon]

Well, you made an false assumption.

No I didn't and already explained why it's not false, meanwhile you only claim that it's false without giving any valid logical explanation. Sorry, but that's not how discussion works and until now you weren't able to refute any of my claims.

Also, the comment you have pointed to and all your your other responses in this subject prove even more my previous points, since none of your messages were helpful in the context of implementing SC. Your first post here is full of nonsensical excuses and acting like you are a personal assistant of john-preston, not even sure why you are speaking on his behalf that much, which only proves (yet again) that most of tdesktop contributors are incapable of having their own opinion.

It also implements local message database, doesn't it?

Also not the hardest part of SC, since it's just a local storage. Local storage is already implemented in Telegram Desktop and can be used for SC.

[ilya-fedin]

meanwhile you only claim that it's false without giving any valid logical explanation

'quite obvious' is not an logical explanation in my opinion, too. Something is obvious for ones, but not obvious for others. We can only guess which part is actually the hardest as preston never publicly said that.

since none of your messages were helpful in the context of implementing SC

I don't quite understand why every my comment should be helpful in your opinion. I'm free not only to help, but also to talk about other things, e.g. dispute wrong assumptions.

Your first post here is full of nonsensical excuses and acting like you are a personal assistant of john-preston, not even sure why you are speaking on his behalf that much, which only proves (yet again) that most of tdesktop contributors are incapable of having their own opinion.

I don't see anything bad in saying something I knew from preston. And, yeah, there's nothing bad in not having own opinion in something you don't know. It's better than transmit your own opinion when you don't even know what are you talking about.

We should also remember that we all are humans and sometimes we need excuses.

[ilya-fedin]

It would be nice if you prove the difficulty wrong. But according to what I know from preston, you haven't reached the hardest part yet. It seems that you don't even have it in your 3 stages. You will only know it when you will try to PR it to tdesktop and preston will say what your implementation lacks to be included in an official client.

[marcovelon]

Ok @ilya-fedin you have all the right to stick to that opinion and keep believing in preston's postulates, I don't really mind, but please refrain from further commenting here unless you have something useful to say in regards of helpful contribution to this specific issue.

Your amount of helpful contribution here is still zero at this moment and everything you said until now was already known, not even mentioning that half of that is false.

Also I would kindly ask you to stop speaking on behalf of john-preston, because most people here are already familiar with his opinions and don't need to re-read them from you. If he got something to say, he can come here and say. There is no need to pull your infantile "busy person" excuse, because anyone else here is not less busy than him.

The secret chat is almost done and it started only because I strongly disagree with preston's postulates, and therefore with you (since you are just his replica in this context), otherwise, without this action it would take some another 8 years to be implemented. Your obvious attempts to gaslight me are pointless.

[ilya-fedin]

Your amount of helpful contribution here is still zero at this moment

Why are you keep repeating that? Is this some kind of self-affirmation? :thinking:

The secret chat is almost done and it started only because I strongly disagree with preston's postulates, and therefore with you (since you are just his replica in this context), otherwise, without this action it would take some another 8 years to be implemented. Your obvious attempts to gaslight me are pointless.

It's really nice that this is happening, I don't understand why are you saying that to me though. I also don't understand where you see gaslighting.

[arch-btw]

@ilya-fedin you've been asked to stop, so please stop. You're not being helpful at all and now you're insulting people. Preston is a grown man and can speak for himself. He doesn't need a personal assistant to glorify him.

[ilya-fedin]

You're not being helpful at all and now you're insulting people

Again this helpful... Why are you repeating that? I don't understand. I also didn't insult anyone.

Preston is a grown man and can speak for himself. He doesn't need a personal assistant to glorify him.

I don't glorify him. And I don't speak for him, I only say what I heard.

[dm17]

It would be nice if you prove the difficulty wrong. But according to what I know from preston, you haven't reached the hardest part yet. It seems that you don't even have it in your 3 stages. You will only know it when you will try to PR it to tdesktop and preston will say what your implementation lacks to be included in an official client.

You clearly don't know the difference between constructive criticism and acting like an agent of Telegram trying to disincentivize people from having & being able to analyze E2EE+FOSS.

[ilya-fedin]

You clearly don't know the difference between constructive criticism and acting like an agent of Telegram trying to disincentivize people from having & being able to analyze E2EE+FOSS.

As you can see, I didn't criticize the work, I really like what @sergiotarxz does and it's really nice to see that the community is finally doing something! The only thing I did is stated that the hardest part is not reached yet. I don't think this can prevent anyone from analyzing E2EE, tho.

[dm17]

You clearly don't know the difference between constructive criticism and acting like an agent of Telegram trying to disincentivize people from having & being able to analyze E2EE+FOSS.

As you can see, I didn't criticize the work, I really like what @sergiotarxz does and it's really nice to see that the community is finally doing something! The only thing I did is stated that the hardest part is not reached yet. I don't think this can prevent anyone from analyzing E2EE, tho.

Isn't implementation just a more thorough, verifiable analysis?

[ilya-fedin]

Isn't implementation just a more thorough, verifiable analysis?

The hardest part will most likely be not in E2EE, but in surrounding code. And even this I guess is not a big deal as merging the code upstream is not the main goal as far as I understand.

[marcovelon]

@redhatlg @Nihal247 @vahid9 @franzalex @pwseo @kgizdov @ifree @brantje @animalillo @ender-null @DerRidda @Brawl345 @ZFake @ntrlshrp @rene-s @topkecleon @Tiim @MACSOMIC @lkhrs @AAljmiai @leshow @fbis251 @aphirst @bladeSk @ribeirobreno @Madh93 @JacobCZ @0cjs @diazbastian @benbenolson @ksmirenko @val108 @matthiasbeyer @rhyven @BernardGoldberger @Dark-Mind @0xferit @paoletto @Geobert @nestor-santana @gingerCodeNinja @DmitriyYukhanov @three3q @edmundlaugasson @danger89 @phjr @ThelloD @ScottRFrost @kleuter @vaso123 @Xalalau @Paviluf @vsg24 @LavirtheWhiolet @savec80 @AOmelaienko @Salkin2 @psamim @tomcpc @deXter9009 @Mr-TechX @j-nicolas @neelygenet @8227846265 @laloshifrin @charley008 @freemangilgamesh @ddobrev @Nokia808 @Neustradamus @andriusign @sasha-x @superorc @Khomyak-sibiryak @personal-assembly-required @fcore117 @DevAlone @221V @TuralAsgar @dmxt @kgizdov @wenssh @hous3m4ster @proton-byte @intika @brasslan @mostav02 @AmericanNomad @Jeronimo17 @stormcloud-gnu @Lehmax

Guys you were mentioned because all of you expressed interest in Secret Chats feature around Telegram Desktop repository issues in the past. Sorry if some of you no more maintain the interest and were mistakenly mentioned.

For now we have finished encryption and protocol handling for Secret Chats on tdesktop, so in case any of you want to test it or work on it, the source code is present here: https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012d

[kleuter]

Thank you!

Any chance to have pre-compiled binaries (windows) to save some time?

[sergiotarxz]

Thank you!

Any chance to have pre-compiled binaries (windows) to save some time?

Hi, kleuter.

Unfortunately I do not use Windows, so I cannot provide you with those binaries unless somebody makes a cross compilation script from GNU/Linux to Windows.

[sergiotarxz]

Hi, I am currently doing a work for a client which requires my full attention for a week.

I will delay the start of the third phase, sorry for the incovenience.

[melroy89]

@redhatlg @Nihal247 @vahid9 @franzalex @pwseo @kgizdov @ifree @brantje @animalillo @ender-null @DerRidda @Brawl345 @ZFake @ntrlshrp @rene-s @topkecleon @Tiim @MACSOMIC @lkhrs @AAljmiai @leshow @fbis251 @aphirst @bladeSk @ribeirobreno @Madh93 @JacobCZ @0cjs @diazbastian @benbenolson @ksmirenko @val108 @matthiasbeyer @rhyven @BernardGoldberger @Dark-Mind @0xferit @paoletto @Geobert @nestor-santana @gingerCodeNinja @DmitriyYukhanov @three3q @edmundlaugasson @danger89 @phjr @ThelloD @ScottRFrost @kleuter @vaso123 @Xalalau @Paviluf @vsg24 @LavirtheWhiolet @savec80 @AOmelaienko @Salkin2 @psamim @tomcpc @deXter9009 @Mr-TechX @j-nicolas @neelygenet @8227846265 @laloshifrin @charley008 @freemangilgamesh @ddobrev @Nokia808 @Neustradamus @andriusign @sasha-x @superorc @Khomyak-sibiryak @personal-assembly-required @fcore117 @DevAlone @221V @TuralAsgar @dmxt @kgizdov @wenssh @hous3m4ster @proton-byte @intika @brasslan @mostav02 @AmericanNomad @Jeronimo17 @stormcloud-gnu @Lehmax

Guys you were mentioned because all of you expressed interest in Secret Chats feature around Telegram Desktop repository issues in the past. Sorry if some of you no more maintain the interest and were mistakenly mentioned.

For now we have finished encryption and protocol handling for Secret Chats on tdesktop, so in case any of you want to test it or work on it, the source code is present here: sergiotarxz@41fcaa8

Why not submit an upstream pr?

[sergiotarxz]

Why not submit an upstream pr?

Hi, @danger89

The code is still far from complete, it has the ability to decrypt/encrypt messages, but the functionality is not yet integrated into the UI.

When the code is in a mergeable state a pull request will be done, but many things have to be done before and talking with Preston will be needed in order to know what the code will need to be merged.

About the conflict between Telegram developers and the users waiting to get the feature done in this issue:

Due my best interests I decided to presume the best from both sides so I want to think there was a misunderstanding from both sides which stopped effective communication so I can both continue claiming the bounty and hopefully get the code merged.

I will remain neutral in the conflict for the good of all parties, I hope this is an acceptable position in this case because is the best one I could find.

I will not hesitate to seek for help where it can be offered to me in order to achieve this bounty purpose and the best for the whole Telegram Desktop community.

[sergiotarxz]

I am still super busy, sorry for the wait, I do not really know when I am going to get spare time.

[dmxt]

Secret chat in Telegram seems to be working well on both PC (macOS) and mobile.

However it only works on one device which you accepted the chat, which is fair, I think.

[melroy89]

However it only works on one device which you accepted the chat, which is fair, I think.

I expect to support some kind of multi-sign? Or approve other clients using existing active clients. Just like how Matrix works.

[mostav02]

Thank you @marcovelon for tagging me and I agree with most of your claims about Telegram concerning this issue. Inactivity of official devs on this indeed makes Telegram to look suspicious.

I am also curious whether a so-called "anti-authoritarian activist" @durov will reward @sergiotarxz for implementing this important feature once it's finished, or at least give him some credit, given that Telegram wasn't able to implement it themselves for so many years.

I have dropped using Telegram Desktop a long time ago because it represents zero value to me without a most important security feature (E2EE chats), however I would be interested in using it once it's implemented.

[marcovelon]

@mostav02 apparently he won't. He recently announced a 50000$ bounty for Telegram iOS development. This issue here is being systematically ignored and even those who were accusing me of spreading conspiracy theories earlier (off-github) have a solid proof now that I was correct about everything. Durov is well informed on this issue here, by the way.

@sergiotarxz are you still in this project? Any head up would be appreciated.

There is 1 ETH left on this bounty to be sent, however I am adding more 3000$ to the stake making it 1 ETH + 3000$ (in ETH or any stablecoin, rate determined at a moment of transaction).

We only need to finish UI for now, followed by some subordinate functionality that is left to do (storing secret chats, re-keying and media sharing).

The financial scheme is the following:

• 1 ETH just for the finished UI for the already existing secret chat functionality

• 3000$ for completing everything else

[sergiotarxz]

Hi @marcovelon

I am currently busy with other client which has a tight schedule to complete a migration, but I have plans to resume the development in January 2023.

I have been contacted recently by a Telegram user who says he will also pay for the completed feature plus portable Windows builds 4000$ so the reward is getting increasingly attractive.

I know this is a feature which is coming with a lot of delay and I am sad for asking you for more patience, I think this milestone needs complete dedication because of its complexity.

Once I get my hands on the development I calculate 2 months before builds for GNU/Linux and Windows start reaching the interested users and an indeterminate time to merge upstream if it is possible at all.

Before starting this phase I will at least try to talk with Preston to see if he can provides me with tips for the merge if he is willing to dedicate time to help this reaching upstream.

Merging upstream is not needed to completion of the milestones wanted, but I have been pointed that for a successful merge talking with Preston as soon as possible is required

I am sorry that my response is not "I am doing it right now", but I would really like to complete the final milestone myself.

[fcore117]

@sergiotarxz thank you for your service and please make it in C++ if you plan to begin with this in future. Thank you.

[sergiotarxz]

@fcore117 There are no other possible choices of programming languages since tdesktop is written in C++ itself and static linked.

[melroy89]

@fcore117 There are no other possible choices of programming languages since tdesktop is written in C++ itself and static linked.

You can use C 🤣.

[dm17]

So many threads in the official repository about this and they locked them all quite quickly to stop people from being able to work on it. Ominous! How it going? Think a crowdfunding page would help get the necessary resources?

[thewh1teagle]

Guys, I see that you haven't mention very important thing Unigram - another Open source Telegram Desktop client, already implemented this feature - secret chats in Telegram desktop. Unfortunately it's written in .NET so we can't use their implementation directly, but we can follow their logic, their UI, and just translate it to this client - which written in C++.

Another important thing - I'm not sure how secret chat works behind the scenes, but I know that you can't use the same secret chat on several devices, So we need to solve it to make this feature more usable One Idea I have about - is to give the options to migrate secret chat from one device to another with maybe exporting the relevant key and importing, something like that.

[sergiotarxz]

Hi, @dm17, more money is always welcomed, but really the resource I am lacking currently is time.

@thewh1teagle I am using Android as reference implementation when I have doubts while I stick with the docs most of the time, to being able to migrate secret chats a standard should be made for they to be compatible with every application so that is in the Telegram's roof. Also I heard that there are plans from Telegram to rework the entire way E2EE is done so I expect they will address problems as the lack of a protocol that allows multiple clients to use secret chats.

[thewh1teagle]

@sergiotarxz Telegram always have planes, I don't think it's a reason to wait instead of finish this features. Does android implementation uses the same library that tdesktop use? Do you need help with that? I can try.

[sergiotarxz]

Telegram Android may share some libraries with Tdesktop I didn't check for matches, but that is not relevant since the protocol handling in Tdesktop is hand written and almost impossible to port to tdlib (Also out-of-scope) really the hard thing is done at protocol level, I figured out all pieces and adapted the Telegram Desktop protocol library to understand secret chat entities.

Now what has to be done is modify the UI accordingly so the previous work is useful for users, it is hard but a different kind of hard where more than inspire from other projects is more relevant to understand the insides of Tdesktop and being able to adapt them to our benefit while keeping the code clean.

Some refactor will also be needed in the current Secret Chat support and of course some way of serialization of the keys and histories so they can be preserved between reboots, that all will be worked out with patience.

What I did until now will help me a lot in the implementation since I kind of understand now the status-quo of the code.

@thewh1teagle

[thewh1teagle]

Another thing There's another official telegram desktop for MacOS that has secret chat too. See https://github.com/telegramdesktop/tdesktop/issues/16412 Maybe we can use the same implementation from there. Anyway, I don't think this feature is too complicated, it should be simple compared to general features The UI parts of this feature are super basic there's only few things in the UI related to that

[sergiotarxz]

Hi @thewh1teagle

The implementation of the encryption protocol as I said it is already implemented so we cannot benefit from using other project's implementations at the current state.

At the current state the only project suitable to take inspiration is Telegram for Android since is the only one I can compile and try, I do not have MacOS nor Windows, but I do have a Android phone and the Android SDK, also I think Android is a pretty good reference implementation since Telegram itself put more effort into Android and IOS implementations than in any other project.

I think you underestimate the complexity behind the UI changes, keep in mind that the entities currently the UI represents for messages are completely different that the ones for encrypted messages, encrypted messages should be stored client side since the server won't sent it again so persistent storage will be needed, the profile menu for secret chats should be reworked to handle all the secret chats features as the deletion time.

A pretty hard part of the UI is already done, a new kind of chat has been created for Secret Chats.

I recommend you that if you do not believe that this feature is complex for a programmer new to the tdesktop codebase that you give a look to the tdesktop code.

I warn you that it is written in Qt in a way that it is not even recommended today and it is not easy to find documentation for it, I struggled a lot since it is my first time writing in that framework.

I would like to know what do you mean when you talk about general features if you can elaborate.

Regards, Sergio

[sergiotarxz]

I do not plan to go out of scope in third phase, the objective is to do what Telegram for Android client can do in Secret Chats nothing less, nothing more, create a way to compile portables for Windows to match the other bounty and talk with Preston about the chance of merging if any.

I think the @marcovelon plan for the steps to do is pretty good and I know that going out of the proposed scope by Marco has never gone well, I know that the current state of secret chats in Telegram in multiple clients is far from ideal, but only Telegram can fix that since the server code is privative.

Let's talk about the exporting secret chat feature.

Telegram sends to every client only the messages from the secret chats they exchanged keys with, so it is plain impossible unless you make your client look like it was the initial client so assuming that is possible with api keys and those fun things, the first client should stop using that identity.

We also would not have any way to know using only Telegram Servers when the other client has already got the "migration file".

It is at least hacky and I do not think that such thing is desirable for a first implementation of secret chats into a client if it is desirable at all.

[GoldenQueen52]

Well, you made an false assumption.

No I didn't and already explained why it's not false, meanwhile you only claim that it's false without giving any valid logical explanation. Sorry, but that's not how discussion works and until now you weren't able to refute any of my claims.

Also, the comment you have pointed to and all your your other responses in this subject prove even more my previous points, since none of your messages were helpful in the context of implementing SC. Your first post here is full of nonsensical excuses and acting like you are a personal assistant of john-preston, not even sure why you are speaking on his behalf that much, which only proves (yet again) that most of tdesktop contributors are incapable of having their own opinion.

It also implements local message database, doesn't it?

Also not the hardest part of SC, since it's just a local storage. Local storage is already implemented in Telegram Desktop and can be used for SC.

How did you get Message signature hash to verify on Etherscan.io ?

[sergiotarxz]

Hi the promised is debt I am coming back for the development of the last part of the secret chats on Telegram Desktop.

I would like to know if funds after everything that happened in the crypto market are still there and how much are worthy currently.

Happy new year to you all!!! @marcovelon

[sergiotarxz]

Yesterday I started the development trying to merge the upstream changes in my branch and I found an error I was not capable to solve related with the submodules so I asked in the development channel, I got some tips and finally I am again capable to compile the code.

When I achieve a compilable merge of both secret chats development and current tdesktop development I will make a commit to https://github.com/sergiotarxz/tdesktop and that will be the starting point for this phase development.