<p>This contest is <ahref="https://telegram.org/blog/cryptocontest-ends">over</a>, but the <ahref="https://core.telegram.org/bug-bounty">Telegram Bug Bounty Program</a> is <strong>always open</strong>.</p>
<p><strong>Security researchers</strong> are welcome to submit any issues they find in the Telegram <strong>apps</strong> or <strong>protocol</strong> to us at <strong>security@telegram.org</strong>. All submissions which result in a change of code or configuration are eligible for bounties, ranging from <strong>$100</strong> to <ahref="https://telegram.org/blog/crowdsourcing-a-more-secure-future"><strong>$100,000</strong></a> or more, depending on the severity of the issue.</p>
<p>Earlier this year we had a <ahref="/blog/winter-contest-ends">contest</a> to decipher intercepted Telegram messages, that did not produce a winner. Today we announce a new contest with an easier task and a larger prize — <strong>$300,000</strong> for cracking <ahref="https://core.telegram.org/api/end-to-end">Telegram's encryption</a>, and this time contestants can not only monitor traffic, but also act as the Telegram server and use active attacks, which vastly increases their capabilities.</p>
<p>In this contest you assume the role of a malicious entity in full control of both the communication lines and the Telegram servers themselves.</p>
<blockquote>
<p><strong>UPD</strong> The current round of the contest is over. <ahref="https://telegram.org/blog/cryptocontest-ends"><strong>Go to results »</strong></a></p>
</blockquote>
<p>Your goal is to extract sensitive data (a secret email address) from a Secret Chat between two users — Nick and Paul. You control the entire process, from chat creation to the sending of each individual message and can perform various active attacks, including MITM, KPA, CPA, replay attacks, etc.</p>
<p>In order to facilitate the task, we have created an interface, using which you can act as the server and determine which side gets what data. For more details, please check out the <strong><ahref="https://core.telegram.org/contest300K">Cracking Contest Description</a></strong>.</p>
<p>In order to confirm that Telegram crypto was indeed cracked and claim your <strong>$300,000</strong>, you'll need to send an email to the secret email address that you've extracted from one of the messages exchanged by Paul and Nick.</p>
<p>Your email must contain:<br>- The entire text of the message that contained the secret email.<br>- Session logs for the successful attempt with your user_id.<br>- A detailed explanation of the attack on the protocol.<br>- Your bank account details to receive the $300,000 prize.</p>
<p>There is also a bonus objective with an independent prize of <strong>$100,000</strong>.<br><ahref="https://core.telegram.org/contest300K#bonus-objective">See full description for details »</a></p>
<p>To prove that the competition was fair, we will add a command that returns the keys used for encryption as soon as a winner is announced. In case there is no winner by February 4, 2015, decryption commands will be added at that date.</p>
<div>
<ahref="/file/811140570/1/HuWOtUZqH3Y/ae540ee4fe9e565761"target="_blank"><imgsrc="/file/811140509/1/w7ub14yjRmE/857f9fc6bf21c49411"title="Click for print quality image"class="dev_page_image"/></a><br>
<ahref="https://t.me/share/url?url=https%3A%2F%2Ftelegram.org%2Fblog%2Fcryptocontest&text=%24300%2C000%20for%20cracking%20%23Telegram%20encryption"class="tl_telegram_share_btn"id="tl_telegram_share_btn"data-text="$300,000 for cracking #Telegram encryption"data-url="https://telegram.org/blog/cryptocontest"><iclass="tl_telegram_share_icon"></i><spanclass="tl_telegram_share_label"target="_blank">Forward</span></a>
<ahref="https://twitter.com/share"class="tl_twitter_share_btn"id="tl_twitter_share_btn"data-text="$300,000 for cracking #Telegram encryption"data-url="https://telegram.org/blog/cryptocontest"data-via="Telegram">Tweet <spanclass="tl_twitter_share_cnt"></span></a>
<divclass="dev_blog_card_lead">With this update, you can have a Telegram account without a SIM card and set up a global timer to automatically delete messages in all…</div>
<h4class="dev_blog_card_title">Infinite Reactions, Emoji Statuses and Much More</h4>
<divclass="dev_blog_card_lead">Telegram's previous update revolutionized emoji, adding an open platform for creating custom animated emoji. This update gives you even…</div>