Our solution. All the security requirements are accomplished by applying cryptographic primitives. In order to identify students pseudonyms are employed.
A student at the beginning of his studies should possess a secret key, and for each exam a new pseudonym is generated deriving from this original master key, hence it should be kept secret.
Since at the end of the exam grades should be inserted into the on-line database, thus general identity of the student should be able to retrieve. This is managed with a timed-release solution, meaning before a certain time no one can connect the pseudonym to the student, but after the deadline students' identication information is revealed that gives a connection between a pseudonym and the corresponding student. We do not assume that the Exam Authority is honest. During the process neither the teacher, nor the Exam Authority knows the real identity of the student and neither the authority, nor the student knows who corrects the student's paper. The proposed scheme possesses all the necessary requirements without applying a Trusted Third Party. Only Registry, which is responsible for generating key pairs and system parameters during the setup stage, is honest. There are servers (NET) provide the timed-release service, in order to achieve anonymity, these servers compose a Mix net, too. Since there are complete conversations between the participants an anonymous return channel is applied.