Disclosed are a system and method for exchanging a key based on user authentication information. The system for exchanging a key based on user authentication information includes a terminal configured to generate an ID-based ciphertext corresponding to authentication information of a user of the terminal using a terminal-side random number and a server ID and a server configured to decrypt the ID-based ciphertext that is received from the terminal using a server-side private key corresponding to the server ID to restore the authentication information, authenticate the terminal using the restored authentication information, and generate a server-side session key corresponding to the authenticated terminal.