And the social graph IS sent to servers by Signal. It's protected only by hashing (trivial to circumvent) and by the Intel SGX technology (a bit harder to circumvent, but I doubt that the US govt can't do it).
I didn't want to claim that Telegram's crypto was better or as good as Signal's. But saying that Telegram rolled their own crypto while Signal did not is misleading as both designed their own protocols.
Also, Telegram uses SHA256 now in the places relevant for security, so that point was resolved.
My (limited) understanding is numbers are queried to see if accounts exist, but those queries are not connected to the users sending them (and they are obscured in transit).
Am I wrong?
Signal’s cryptography has also gotten a ton of attention, I don’t think the same is true for competitors.
Transit encryption is employed by other services as well. Whether there is de-correlation on the cloud backend I don't know. Maybe there is, but you can't really verify that and it's easy to correlate them again, especially if clients use ipv6 or non-CGNAT ipv4.
Signal did the same thing. They invented their own cryptographic algorithms. https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm
And the social graph IS sent to servers by Signal. It's protected only by hashing (trivial to circumvent) and by the Intel SGX technology (a bit harder to circumvent, but I doubt that the US govt can't do it).