Password-based protocol secure against server's dictionary attack

The present invention discloses a password-based authentication protocol wherein an authentication key is generated with an individual private key of the key servers and a public key of the group of the key servers, which do not store the user's password, and thereby it is possible to protect against a camouflaging server's dictionary attack for accessing the user's password.