Public key based authentication and key exchange protocols are not usually designed with privacy in mind and thus involve cleartext exchanges of identities and certificates before actual authentication. In contrast, an AffiliationHiding Authentication Protocol, also called a Secret Handshake, allows two parties with certificates issued by the same organization to authenticate each other in a private way. Namely, one party can prove to the other that it has a valid organizational certificate, yet this proof hides the identity of the issuing organization unless the other party also has a valid certificate from the same organization. We consider a very strong notion of Secret Handshakes, namely Affiliation-Hiding Authenticated Key Exchange protocols (AH-AKE), which guarantee security under arbitrary composition of protocol sessions, including man-in-the-middle attacks. The contribution of our paper is three-fold: First, we extend existing notions of AH-AKE security to Perfect Forward Secr...