Paper 2011/058

Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping

Jean-Sébastien Coron, Aline Gouget, Thomas Icart, and Pascal Paillier


We describe and analyze the password-based key establishment protocol PACE v2 Integrated Mapping (IM), an evolution of PACE v1 jointly proposed by Gemalto and Sagem Sécurité. PACE v2 IM enjoys the following properties: patent-freeness3 (to the best of current knowledge in the field); full resistance to dictionary attacks, secrecy and forward secrecy in the security model agreed upon by the CEN TC224 WG16 group; optimal performances. The PACE v2 IM protocol is intended to provide an alternative to the German PACE v1 protocol, which is also the German PACE v2 Generic Mapping (GM) protocol, proposed by the German Federal Office for Information Security (BSI). In this document, we provide a description of PACE v2 IM, a description of the security requirements one expects from a password-based key establishment protocol in order to support secure applications, and a security proof of PACE v2 IM in the so-called Bellare-Pointcheval-Rogaway (BPR) security model.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. This paper has not been submitted yet in a conference/workshop
public-key cryptographypassword-based key exchange
Contact author(s)
aline gouget @ gemalto com
2011-06-07: revised
2011-02-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jean-Sébastien Coron and Aline Gouget and Thomas Icart and Pascal Paillier},
      title = {Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping},
      howpublished = {Cryptology ePrint Archive, Paper 2011/058},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.