We propose and discuss an anonymous password-based authenticated key exchange scheme that allows a user in a group to establish a session key with a server in an anonymous way. In our scheme, each user in a legitimate group and the server share a human-memorable password, and they can authenticate each other. The scheme is secure against the dictionary attack. Furthermore, we extend this to the scheme that allows any subgroup of at least k-out-of-n users of the group to establish a session key with the server in an anonymous way.
展开▼