A method of authenticating a pair of correspondents C,S to permit the exchange of information therebetween, each of the correspondents having a respective private key, e, d and a public key, Q.sub.u, and Q.sub.s derived from a generator element of a group and a respective ones of the private keys e,d, the method comprising the steps of: a first of the correspondents C generating a session value x; the first correspondent generating a private value t, a public value derived from the private value t and the generator and a shared secret value derived from the private value t and the public key Q.sub.s of the second correspondent; the second correspondent generating a challenge value y and transmitting the challenge value y to the first correspondent; the first correspondent in response thereto computing a value h by applying a function H to the challenge value y, the session value x, the public value an of the first correspondent; the first correspondent signing the value h utilizing the private key e; the first correspondent transmitting to the second correspondent the signature including the session value x, and the private value t; and the second correspondent verifying the signature utilizing the public key Q.sub.u of the first correspondent and whereby verification of the signature authenticates the first correspondent to the second correspondent.