Me standing in a grain field, playing the violin.

vanitasvitae's blog

Using Emoji for fingerprint verification

The messaging app Telegram recently introduced end-to-end encrypted voice calls. As most of you probably know, encryption without verification is pretty useless since there is the risk of man-in-the-middle attacks. I don’t want to get too much into details about this. The point I want to make is, that you should verify your partners fingerprint (hash of the used key) in order to be secure.

The interesting part of Telegrams new feature is the way they verify fingerprints. Traditionally you are presented with a String of (typically hexadecimal – 0-9,A-F) characters. In the case of Conversations the fingerprint are 64 hexadecimal characters. Telegram on the other hand introduced the way of displaying 4 out of a set of 333 emojis (1). Note that this is only used to verify that the current voice call is secure. The next call would have a different fingerprint, so keep in mind, that we are talking about two different use cases here.

Still, how do those two methods compare? Could we use emoji in conversations to verify the fingerprint of identity keys?

With telegrams emoji encoding, there are 333⁴ = 12.296.370.321 possible hash values. This is tiny compared to the number of possibilities with the conventional fingerprint encoding (64 hex characters), which sum up to 16⁶⁴ = 115.792.089.237.316.195.423.570.985.008.687.907.853.269.984.665.640.564.039.457.584.007.913.129.639.936 unique hash values. This is far more secure than the system used by telegram. To be precise, it is 9.416.769.844.639.765.662.078.012.249.277.305.077.454.163.692.443.706.456.867.173.918.282 times more secure (theoretically).

But could we use emoji in eg. Conversations?

Lets say, we want to use emojis for fingerprint verification without trading away security. We’d have to display 31 emojis in order to be as secure as displaying 64 hex chars. Since most people are more familiar with numbers and the letters A-F, I doubt that this brings any benefits (we just cut the length of the string in half).

But what if we chose from a bigger set of emojis?

Lets say we want the fingerprint to be as short as the one in telegram (4 characters), but have the same security properties as the conventional 64 digit hex string. In order to encode the same amount of information in 4 symbols as we could in 64 hex characters, we’d have to use a pool of 18.446.744.073.709.551.616 symbols. Unfortunatelly there aren’t so many characters, let alone emojis.

But what would be the middle ground?

If we want our fingerprint to be 16 characters long, our character pool would be 65536 symbols. Thats the whole unicode space. Since there are many unicode characters that look alike and there are also a lot of “holes” in the unicode space, there are fewer usable characters.

In conclusion, it is not really possible/valuable to use emojis for fingerprint representation without trading away security.

(1): https://core.telegram.org/techfaq#q-how-are-voice-calls-authenticated

vanitasvitae

Leave a Reply

Your email address will not be published. Required fields are marked *