Provided are a key establishment method and system using commutative linear functions. In the method, a server defines a set of linear functions that use elements of a first finite field as coefficients and satisfy a commutative rule, selects a first linear function from the set, and selects a predetermined element from a second finite field. Next, the server selects a second linear function corresponding to each of nodes from the set, generates a predetermined combination function based on the first and second linear functions, generates a value of the second linear function using the selected element as a factor, and transmits the combination function and the value of the second linear function to a corresponding node. Each node receives the value of the second linear function from a server, exchanges the received values with the other nodes, computes a value using the exchanged value as a factor of the combination function, and establishes the computed value as a shared key between the nodes. Therefore, each node can perform key establishment with a small amount of computation and low memory consumption, while guaranteeing end-to-end security.