We describe and analyze the password-based key establishment protocol PACE v2 Integrated Mapping (IM), an evolution of PACE v1 jointly proposed by Gemalto and Sagem Sécurité. PACE v2 IM enjoys the following properties:
patent-freeness (to the best of current knowledge in the field);
full resistance to dictionary attacks, secrecy and forward secrecy in the security model agreed upon by the CEN TC224 WG16 group;
The PACE v2 IM protocol is intended to provide an alternative to the German PACE v1 protocol, which is also the German PACE v2 Generic Mapping (GM) protocol, proposed by the German Federal Office for Information Security (BSI). In this document, we provide
a description of PACE v2 IM,
a description of the security requirements one expects from a password-based key establishment protocol in order to support secure applications,
a security proof of PACE v2 IM in the so-called Bellare-Pointcheval-Rogaway (BPR) security model.