Nodes in ad hoc networks often self-organize into clusters in which a node need anonymously prove the membership in some scenarios. For a self-organized cluster, any node should have the capacity to act as the cluster manger and use varying pseudonyms to keep privacy while the procedure of reissuing key is not desirable. Dynamic group signature schemes provide a probable solution, but are inappropriate because no incorruptible online TA (Trusted Authority) exists to run a group-key generation algorithm in the corruptible clusters of an ad hoc network, the opening capability are not absolutely necessary for a temporary cluster, and how to generate pseudonyms are not specified. To resolve the above problem, this paper proposes a pseudonym-based signature scheme where pseudonyms can be self-generated and messages can be bound to the self-generated pseudonyms. After the TA offline issues keys to all nodes, cluster managers can be dynamically elected and compute the public cluster-keys, which allow a node to dynamically join or leave the cluster by updating its restriction pseudonym. Then, only cluster members can sign messages on behalf of the cluster. Because the pseudonyms are self-updated and not directly bound to certificates, the signature scheme based on them must satisfy some new requirements. Hence, we formalize a security model for pseudonym-based signature schemes. The security of our scheme is proved in the random oracle model.
