Cryptology ePrint Archive: Report 2009/624

Security Analysis of the PACE Key-Agreement Protocol

Jens Bender and Marc Fischlin and Dennis Kuegler

Abstract: We analyze the Password Authenticated Connection Establishment (PACE) protocol for authenticated key agreement, recently proposed by the German Federal Office for Information Security (BSI) for the deployment in machine readable travel documents. We show that the PACE protocol is secure in the real-or-random sense of Abdalla, Fouque and Pointcheval, under a number-theoretic assumption related to the Diffie-Hellman problem and assuming random oracles and ideal ciphers.

Category / Keywords: cryptographic protocols / Password-based Key Agreement

Publication Info: Information Security Conference (ISC) 2009

Date: received 18 Dec 2009

Contact author: marc fischlin at gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: A preliminary and abridged version has appeared at Information Security Conference (ISC) 2009, Lecture Notes in Computer Science, Volume 5735, pp. 33-48, Springer-Verlag, 2009.

Version: 20091226:162659 (All versions of this report)

Short URL: ia.cr/2009/624

Discussion forum: Show discussion | Start new discussion