Privacy and Security Analysis of PACE GM Protocol
              Miroslaw Kutylowski, Przemyslaw Kubiak

   Wroclaw University of Science and Technology,  Wroclaw, Poland 
   Xidian University, School of Cyber Engineering, Xi'an, P.R. China


Abstract.
We analyze PACE - a password authenticated key
establishment protocol adopted by ICAO for travel documents.
PACE has been developed having in mind privacy protection
goals - such as resistance to tracing by active adversaries.
So far, the authors of PACE presented a draft proof only
of some its security properties (ISC'2009) (and we believe that
there is a gap in a critical proof step). Our goal is to provide
a thorough analysis, regarding both the confidentiality and the
privacy features. We show that the parties establish a session
with the same shared key iff they share the same password, and
that there is no active attack to learn the chip's password other
than password probing via test executions.

Index Terms.
travel document, ICAO, PACE, password authentication, GDPR,  privacy, 
session key, active adversary