Paper 2009/624

Security Analysis of the PACE Key-Agreement Protocol

Jens Bender, Marc Fischlin, and Dennis Kuegler

Abstract

We analyze the Password Authenticated Connection Establishment (PACE) protocol for authenticated key agreement, recently proposed by the German Federal Office for Information Security (BSI) for the deployment in machine readable travel documents. We show that the PACE protocol is secure in the real-or-random sense of Abdalla, Fouque and Pointcheval, under a number-theoretic assumption related to the Diffie-Hellman problem and assuming random oracles and ideal ciphers.

Note: A preliminary and abridged version has appeared at Information Security Conference (ISC) 2009, Lecture Notes in Computer Science, Volume 5735, pp. 33-48, Springer-Verlag, 2009.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Information Security Conference (ISC) 2009
Keywords
Password-based Key Agreement
Contact author(s)
marc fischlin @ gmail com
History
2009-12-26: received
Short URL
https://ia.cr/2009/624
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/624,
      author = {Jens Bender and Marc Fischlin and Dennis Kuegler},
      title = {Security Analysis of the {PACE} Key-Agreement Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/624},
      year = {2009},
      url = {https://eprint.iacr.org/2009/624}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.