CN114547677A - Multi-party electric power department collaborative user privacy protection and tracing method and system - Google Patents
Multi-party electric power department collaborative user privacy protection and tracing method and system Download PDFInfo
- Publication number
- CN114547677A CN114547677A CN202210111803.9A CN202210111803A CN114547677A CN 114547677 A CN114547677 A CN 114547677A CN 202210111803 A CN202210111803 A CN 202210111803A CN 114547677 A CN114547677 A CN 114547677A
- Authority
- CN
- China
- Prior art keywords
- data
- organization node
- organization
- node
- chain network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000008520 organization Effects 0.000 claims abstract description 115
- 230000007246 mechanism Effects 0.000 claims abstract description 29
- 230000008569 process Effects 0.000 claims abstract description 22
- 238000012795 verification Methods 0.000 claims abstract description 20
- 230000008447 perception Effects 0.000 claims abstract description 11
- 238000005304 joining Methods 0.000 claims abstract description 9
- 230000006399 behavior Effects 0.000 claims description 35
- 238000012163 sequencing technique Methods 0.000 claims description 18
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 2
- 238000012797 qualification Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 10
- 230000003993 interaction Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000011160 research Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 239000004744 fabric Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 150000001875 compounds Chemical group 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Economics (AREA)
- Bioethics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Water Supply & Treatment (AREA)
- Primary Health Care (AREA)
- Human Resources & Organizations (AREA)
- Tourism & Hospitality (AREA)
- Public Health (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Entrepreneurship & Innovation (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Finance (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a method and a system for protecting and tracing privacy of a cooperative user of a multi-party power department, wherein the method comprises the following steps: s1: the alliance link network is established through a distributed account book, each electric power department is used as an organization node to join the alliance link network, and the alliance link network realizes dynamic joining of the organization node through a consensus authentication mechanism; s2: an ID intersection algorithm for identity privacy perception is carried out based on a Paillier addition homomorphic encryption algorithm and a block chain, so that data among all power departments can be selectively shared; s3: designing a tracing mechanism based on a block chain, wherein the tracing mechanism comprises the following steps: the reliability verification during data uploading and the data tracing after the data uploading which occur during the data sharing are carried out, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of a malicious user is prevented and avoided. The method provided by the invention can prevent the privacy leakage from threatening the system in the cooperation process of the power department.
Description
Technical Field
The invention relates to the field of district security and privacy protection, in particular to a method and a system for protecting and tracing the privacy of a cooperative user of a multi-party power department.
Background
With the arrival of the intelligent era, the construction of the intelligent power grid is developed in various countries, and the good construction of the intelligent power grid is beneficial to promoting the national economic development and the reasonable utilization of resources. The smart power grid collects power supply of the power grid and power use conditions of users by utilizing a communication technology, adjusts power production and distribution, adjusts energy consumption of each department of families and enterprises, and aims to achieve the purposes of saving energy, reducing loss, improving power grid reliability and the like. The coverage of the smart grid is further expanded by the generation of various novel electrical devices, more and more data are generated in the processes of processing inside the smart grid and interacting with the outside, the complexity of the power grid is increased, and thus the safety of the power grid faces a serious challenge. The smart grid needs to collect the electricity utilization information and interaction data of the power users, which causes serious threat to the privacy of the users of the power departments participating in the smart grid activities. The connection of multiple intelligent devices and the infrastructure further expands the exposed surface of user information. The privacy of the smart grid mainly comprises four aspects: identity information, personal privacy, behavior privacy and communication privacy bring various problems which cannot be ignored for the privacy of the power department along with the refinement of the information acquisition data granularity by the smart grid and the promotion of artificial intelligence to network attack. The existing protection method for the privacy of the users in the power department mainly comprises the following steps: 1) the load hiding method based on physical disturbance excessively depends on battery endurance, and the economy of a high-capacity battery and the protection degree of the environment are not worth advocating; 2) the method based on the cryptography mainly comprises public key encryption and homomorphic encryption, but the technology depends on a trusted third party, and the selection of the third party is a problem to be researched for a system; 3) the differential privacy method based on centralization can be classified into centralization differential privacy or local differential privacy, but the traditional centralization privacy too depends on a credible central node, and a differential privacy disturbance mechanism causes the reduction of data usability.
Aiming at the problems, many parties continuously research and innovate by combining the prior art to find a safe and reliable power system safety and privacy protection method. The patent "an identity privacy protection method and system in electric power transaction system" (CN109447646A) provides an identity privacy protection method and system in electric power transaction system which can realize user anonymity, and the invention is applied to a certificate authentication system by using various encryption algorithms, but the calculation cost in data interaction is increased to a certain extent; under the condition that the patent 'user identity privacy encryption method based on blockchain technology' (CN111881482A) ensures real transaction information, the privacy of the user can be effectively protected in the transportation process of decentralized blockchain and logistics, but the specific application direction of a power system is not involved, and the pertinence of the system application is different from that of the invention.
In the aspect of privacy protection of an electric power system, the traditional cryptography technology can be divided into public key encryption and homomorphic encryption-based researches, the existing researches provide privacy protection protocols supporting regional statistics and personal history record inquiry, and the power consumption fine-grained monitoring of a certain user by a power grid company is avoided. The cryptography method can better protect the identity information and personal privacy of the users participated in by the power department, but the problems faced by the cryptography method are gradually exposed, and the cryptography method is mainly represented in two aspects: 1) cryptographic techniques are often accompanied by large computational and communication overhead; 2) most methods based on the cryptographic technology depend on a trusted third party, are difficult to realize under a complex power system, and are not suitable for data privacy protection of users in a power department.
The nodes in the blockchain network are distributed in different regional locations, and the transactions in the network can be recorded by blocks to form a decentralized database, namely a distributed account book. The storage of the block chain network has the characteristics of being unforgeable, having trace in the whole process, being traceable, being publicly transparent, being maintained in a collective mode and the like. The characteristics enable the block chain to have a good application prospect in the aspect of privacy protection, data sharing and transmission among all power departments in the power system are linked up through an intelligent contract, and a user cannot cancel or deny own behaviors, so that bad behaviors of malicious users are avoided.
In summary, the prior art has the following disadvantages and shortcomings: 1) some privacy protection researches based on traditional encryption modes, such as Brakerski-Gentry-Vaikunttanathan encryption system, increase the calculation cost during data interaction to a certain extent; 2) in the scheme of privacy protection by using a block chain as a basic framework, source tracing and supervision are mostly not set for a single step, so that a user maliciously leaks or destroys system data, and the privacy safety of the whole system is greatly threatened.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method and a system for protecting and tracing the privacy of a cooperative user of a multi-party power department.
The technical solution of the invention is as follows: a multi-party electric power department collaborative user privacy protection and tracing method comprises the following steps:
step S1: establishing a alliance chain network through a distributed account book, wherein each electric power department is used as an organization node to join the alliance chain network, and the alliance chain network realizes dynamic joining of the organization node through a consensus authentication mechanism;
step S2: based on a Paillier addition homomorphic encryption algorithm and an ID (identity) intersection algorithm for identity privacy perception of a block chain, data among all power departments can be selectively shared, data which do not meet the sharing requirement are prevented from being leaked, and meanwhile privacy of user identities of participating departments is guaranteed;
step S3: designing a tracing mechanism based on a block chain, wherein the tracing mechanism comprises the following steps: the reliability verification during data uploading and the data tracing after the data uploading which occur during the data sharing are carried out, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of a malicious user is prevented and avoided.
Compared with the prior art, the invention has the following advantages:
1. the invention discloses a cooperative user privacy protection and tracing method for a multi-party power department, which is realized by using a Paillier addition homomorphic encryption technology to perform ID intersection algorithm for identity privacy perception, so that data among all departments of a power system can be selectively shared, data which does not reach the sharing requirement cannot be leaked to another party, and the privacy of the identity of users participating in the departments is ensured.
2. The method carries out forward supervision and reverse tracing on user behaviors, each process is recorded in the ID (identity) transaction process of a power department, and sensitive data leakage is prevented by verifying the records between uplink chains through a verifier; if the final result of the deal is in a problem, the behavior of the department user can be checked through the tracing process, the user cannot deny own behavior, and the identity privacy of the participating user is not revealed in the data interaction process.
Drawings
FIG. 1 is a flowchart of a method for protecting and tracing privacy of a cooperative user of a multi-party power department according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a federation chain network constructed based on Fabric in an embodiment of the present invention;
FIG. 3 is a schematic flow chart of an ID interleaving algorithm based on a Paillier addition homomorphic encryption algorithm in the embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a forward supervision and backward tracing process of a record chain according to an embodiment of the present invention;
fig. 5 is a block diagram of a structure of a system for protecting and tracing privacy of a multi-party power department in cooperation with a user in an embodiment of the present invention.
Detailed Description
The invention provides a privacy protection and tracing method for cooperative users of a multi-party power department, aiming at preventing the privacy disclosure from threatening a system in the cooperative process of the power departments.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.
Example one
As shown in fig. 1, a method for protecting and tracing privacy of a multi-party power department in cooperation with a user according to an embodiment of the present invention includes the following steps:
step S1: the alliance link network is established through a distributed account book, each electric power department is used as an organization node to join the alliance link network, and the alliance link network realizes dynamic joining of the organization node through a consensus authentication mechanism;
step S2: based on a Paillier addition homomorphic encryption algorithm and an ID (identity) intersection algorithm for identity privacy perception of a block chain, data among all power departments can be selectively shared, data which do not meet the sharing requirement are prevented from being leaked, and meanwhile privacy of user identities of participating departments is guaranteed;
step S3: designing a tracing mechanism based on a block chain, wherein the tracing mechanism comprises the following steps: the reliability verification during data uploading and the data tracing after the data uploading which occur during the data sharing are carried out, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of a malicious user is prevented and avoided.
In one embodiment, the step S1: the alliance chain network is constructed through a distributed account book, each electric power department organizes nodes as block chains to join the block chain network, and the alliance chain network realizes dynamic joining of the nodes through a consensus authentication mechanism, and the alliance chain network specifically comprises the following steps:
step S11: each power department is added into the alliance chain network as an organization node, the power department has an entity with data uplink requirement, and one or more organization nodes are maintained in the alliance chain network;
step S12: the sequencing organization node performs transaction sequencing and block creation in the alliance chain network; the sequencing organization node maintains a sequencing node cluster consisting of a plurality of sequencing nodes by adopting an RAFT consensus algorithm, and is used for receiving transactions, generating blocks and sending the blocks;
step S13: the member organization node and the sequencing organization node both comprise a membership MSP, and the MSP can be used for participating in network consensus on behalf of the organization node in a alliance chain network; admission procedures for organizational nodes are implemented through MSP-centric Channel membership management.
The alliance-link network is a relatively open distributed system, and verification and auditing are required for the joining of each node. The alliance chain network is generally applied among enterprises, and has high requirements on safety and data consistency, so that a consensus mechanism needs to consider not only fault nodes in the network but also rogue nodes in the alliance chain network, and needs to ensure final consistency and strong consistency.
In the power system, each power department owns its own private data, specifically, power system business data, power equipment related data, power department data, data of supply financial chain, and the like, and joins the blockchain network with the data owner as a node, as shown in fig. 2, the alliance chain network constructed based on Fabric in the embodiment of the present invention includes 3 member organization nodes A, B, C and one sort organization node D. The sequencing organization node D is responsible for transaction sequencing and block creation in the alliance chain network, the node is usually operated and maintained by an initiator or a monitoring mechanism of the alliance chain network, the alliance chain network endows a single organization with the block output right of the network, the block output efficiency and data monitoring in the alliance can be effectively improved, the organization adopts an RAFT consensus algorithm, maintains a sequencing node cluster consisting of a plurality of sequencing organization nodes, and is responsible for receiving transactions, generating blocks and sending the blocks.
In one embodiment, the step S13: the member organization node and the sequencing organization node both comprise a membership MSP, and the MSP can be used for participating in network consensus on behalf of the organization node in a alliance chain network; the admission process of the organization node is implemented around MSP-centric Channel membership management, and specifically includes:
step S131: MSP adopts PKI system, before each organization node joins the alliance chain network, the CA certificate authority maintains the CA certificate belonging to the organization node;
step S132: the method comprises the steps that a to-be-linked chain organization node needs to use an identity account thereof to show a certificate to the to-be-linked chain organization node, if the to-be-linked chain organization node passes signature verification of the to-be-linked chain organization node, the to-be-linked chain organization node obtains admission qualification, meanwhile, the verification is transmitted into a alliance chain network through the to-be-linked chain organization node, and the to-be-linked chain organization node can join the alliance chain network until other to-be-linked chain organization nodes pass the verification.
For example, if an organization member node E to be linked needs to present a certificate to an organization member node B in the chain using its identity account, the organization member node E will gain admission eligibility if the organization member node B passes the signature verification of the organization member node E. Meanwhile, the information of the organization member node B is transmitted to the alliance chain network after passing the verification, and the organization member node E can join the alliance chain network after all other organization nodes on the chain pass the verification.
When data sharing is needed among organization nodes in a alliance chain network, the embodiment of the invention adopts the Paillier addition homomorphic encryption technology and the block chain technology to carry out ID intersection algorithm for identity privacy perception, namely, only when all the parties needing data sharing have the same ID data, whether all or part of intersection data is shared can be selected.
Homomorphic encryption is a special asymmetric encryption method that processes homomorphic encrypted data to obtain an output, decrypts the output, and has the same result as the output obtained by processing unencrypted original data in the same way. By using a homomorphic encryption algorithm, the block chain nodes can perform related operation on the ciphertext under the condition of not decrypting the data, and whether the data is reliable and safe is verified. By using homomorphic encryption, the intelligent contract running on the block chain can process the ciphertext but cannot obtain real data, so that the privacy security of the data is improved to a great extent. For the parties participating in the alliance chain network, the data submitted into the blockchain is safe, especially the safety of important data, and malicious data leakage or tampering is avoided.
The Paillier encryption algorithm is an addition homomorphic encryption algorithm based on the difficult problem of compound residue class, and comprises three steps: 1) generating a secret key; 2) encrypting; 3) decrypting;
in the key generation phase, two large prime numbers p and q are randomly selected to satisfy gcd (pq, (p-1) (q-1)) ═ 1. The purpose is to ensure that the lengths of two prime numbers are equal, and the gcd is to solve the greatest common divisor of the two numbers; calculating n ═ pq and λ ═ lcm (p-1, q-1), lcm being the least common multiple of the two numbers; the random integer g is selected to be the integer,
such that gcd (L (g)λmod n2) N) is 1, defined
Calculating μ ═ L (g)λmod n2))-1mod n, public key (n, g), private key (λ, μ);
in the encryption stage, m is a plaintext, and m is more than or equal to 0 and less than or equal to n; selecting a random number r, wherein r is more than 0 and less than n,
and gcd (r, n) ═ 1, the result of the encryption is c ≡ gm*rn mod n2;
Decryption stage, decryption result m ≡ L (C)λmod n2)*mod n;
Addition homomorphism attribute satisfaction certification for plaintext m1,m2The result after P encryption is
The identity privacy security can be ensured by using the homomorphic encrypted ciphertext calculation to be equal to the plaintext calculation characteristic and solving the intersection of the data of the two parties of the organization needing the joint modeling, and random values can be introduced in each encryption process, so that the ciphertexts encrypted by the same ciphertext are different, and the violent enumeration attack is effectively prevented.
In addition, the embodiment of the invention also adopts an intelligent contract technology when the ID intersection algorithm is carried out. Smart contracts are contracts that allow for the execution of traceable, irreversible, and secure transactions under the terms of the smart contract without the need for a trusted third party. The trigger condition is set in the intelligent contract in the form of codes, and result operation can be executed only after the requirements are met. The intelligent contract can realize that two strangers can perform safe transaction without a trusted center. In essence, an intelligent contract is a piece of code that can be automatically executed, and when a trigger condition is met, the intelligent contract can be automatically executed.
In one embodiment, the step S2: ID quadrature algorithm based on identity privacy perception is carried out to Paillier addition homomorphic encryption algorithm and block chain for data between each electric power department can selectively share, guarantee that the data that does not reach the sharing requirement are not revealed, guaranteed the privacy nature of participation department user's identity simultaneously, specifically include:
step S21: sample alignment is required, namely an organization node A and an organization node B which need to obtain ID intersection are added into the alliance chain network;
step S22: the organization node B generates a public key { n, g } and a private key lambda based on a Paillier algorithm, and transmits the public key { n, g } to a alliance chain network through an intelligent contract, so that the organization node A can obtain the public key;
step S23: based on lagrange interpolationThe method organizes the node B to set all privacy ID sets IDs _ B ═ ID _ B1,id_b2,id_b3,...,id_bnIs constructed as a polynomial as shown in equation (1):
(id_b1-x)*(id_b2-x)*...*(id_bn-x)=b0+b1x+b2x2+…+bnxn (1)
step S24: organizing node B uses public key n, g to combine coefficient B of polynomial in step S230,b1,b2,b3,…,bnGenerating a corresponding ciphertext enc _ b0,enc_b1,enc_b2,enc_b3,…,enc_bn(ii) a The ciphertext is transmitted to a alliance chain network through an intelligent contract, so that an organization node A can obtain the ciphertext;
step S25: after the organization node A receives the ciphertext and the public key of the organization node B through the alliance chain account book of the alliance chain network, each privacy identity ID set IDs of the organization node A is encrypted by using the Paillier homomorphic encryption characteristicA={id_a1,id_a2,id_a3,…,id_amAnd (3) calculating a function value ciphertext by using a ciphertext function shown as formula (2), and aiming at any enc _ A (id _ a)j) If the decrypted value is 0, the ID also exists in the corresponding organization node B;
enc_A(id_aj)=enc_b0+enc_b1id_aj+…+enc_bnid_aj n,1≤j≤m (2)
step S26: organization node A uses public key n, g to set its privacy ID { ID _ a }1,id_a2,id_a3,…,id_amEncrypting, calculating an encrypted ID ciphertext combination by using formulas (3) to (4) according to the generated random value r, and transmitting the ID ciphertext combination to a alliance chain network through an intelligent contract for an organization node B to use:
enc_A(ids_Am)={encA1,encA2,encA3,…,encAj,…,encAm} (3)
encAj=r*enc_A(id_aj)+enc_id_aj,1≤j≤m (4)
step S27: organizing node B uses the private key λ pair enc _ A (ids _ A)m) All data in the data stream are traversed and decrypted if the data stream is in enc _ A (ids _ A)m) In, for any one encAjIf enc _ A (id _ a) in the formula (4)j) If the decryption result is 0, the corresponding equation (4) is enc _ id _ ajAnd adding the ID into the aligned ID set of the organization node A and the organization node B until the traversal is finished to obtain the final aligned ID set of the organization node A and the organization node B, and uploading the set to the alliance chain network by the organization node B through an intelligent contract for the organization node A to use.
As shown in fig. 3, a schematic flow chart of the ID intersection algorithm based on the Paillier addition homomorphic encryption algorithm is shown.
In the ID transaction process, the phenomenon that a user maliciously reveals data possibly exists, the safety of the whole system is greatly threatened, uplink of supervision data and data tracing are important means for guaranteeing the credibility of the system, a verification mechanism is provided in the data uploading stage, a tracing mechanism is provided after the data uploading is finished, and multiple supervision and protection are achieved to achieve data sharing privacy. The participators of the whole ID transaction process comprise verifiers, publishers and requesters, and comprise main chains of the alliance chain network for the power department to directly perform privacy transaction, and the nodes of the departments are managed by a plurality of verifiers; each verifier manages an attached chain of logging data, named chain of logs.
In one embodiment, the step S3: designing a tracing mechanism based on a block chain, wherein the tracing mechanism comprises the following steps: the reliability verification during data uploading and the data tracing after the data uploading occur during data sharing, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of the malicious user is stopped and avoided, which specifically comprises the following steps:
step S31: when the organization node shares data, the organization node needs to verify the data before uploading, and a verifier is set to verify the integrity and the legality of the uploaded plaintext data; meanwhile, a record chain is set, and the verified data is transmitted to the record chain;
step S32: tracing and controlling data on the record chain, and setting a credible life cycle of the data;
step S33: setting authority control on data, and performing controllable access management on the data according to corresponding authorities given to users on the organization nodes according to different identities of the users;
step S34: the user behaviors are monitored, the behaviors of the user on the alliance chain network can be recorded, when the malicious behaviors are found, responsibility can be traced, and the implemented behaviors cannot be denied.
In one embodiment, the step S32: setting authority control on data, and giving corresponding authority according to different identities of users on an organization node to perform controllable access management on the data, wherein the method specifically comprises the following steps:
step S321: after plaintext data is transmitted to an organization node, the intelligent dating date is automatically called, and the transmission process of the data is verified;
step S321: if the data transmission process has no abnormal phenomenon and the data is legal, the data can be stored in the block chain, otherwise, the data stays in the record chain, the user behavior can be recorded in the record chain, and the existing behavior cannot be cancelled.
As shown in fig. 4, a schematic diagram of the forward supervision and backward tracing process of the record chain is shown.
The invention discloses a cooperative user privacy protection and tracing method for a multi-party power department, which is realized by using a Paillier addition homomorphic encryption technology to perform ID intersection algorithm for identity privacy perception, so that data among all departments of a power system can be selectively shared, data which does not reach the sharing requirement cannot be leaked to another party, and the privacy of the identity of users participating in the departments is ensured. According to the method, the user behaviors are subjected to forward supervision and backward tracing through the record chain, each process is recorded in the ID (identity) evaluation process of the power department, and sensitive data leakage is prevented by the verification of a verifier between record chains; if the final result of the deal is in a problem, the behavior of the department user can be checked through the tracing process, the user cannot deny own behavior, and the identity privacy of the participating user is not revealed in the data interaction process.
Example two
As shown in fig. 5, an embodiment of the present invention provides a multi-party power department collaborative user privacy protection and tracing system, including the following modules:
the alliance chain network building module 41 is used for building an alliance chain network through a distributed account book, each electric power department is used as an organization node to join the alliance chain network, and the alliance chain network achieves dynamic joining of the organization node through a consensus authentication mechanism;
the private data intersection module 42 is used for performing an ID intersection algorithm for identity privacy perception based on a Paillier addition homomorphic encryption algorithm and a block chain, so that data among all power departments can be selectively shared, data which do not meet the sharing requirement are ensured not to be leaked, and meanwhile, the privacy of the identity of users of the participating departments is ensured;
a supervision and source tracing module 43, configured to design a forward supervision and source tracing mechanism based on a block chain, where the forward supervision and source tracing mechanism includes: the reliability verification during data uploading and the data tracing after the data uploading which occur during the data sharing are carried out, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of a malicious user is prevented and avoided.
The above examples are provided only for the purpose of describing the present invention, and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalent substitutions and modifications can be made without departing from the spirit and principles of the invention, and are intended to be within the scope of the invention.
Claims (7)
1. A multi-party electric power department collaborative user privacy protection and tracing method is characterized by comprising the following steps:
step S1: establishing a alliance chain network through a distributed account book, wherein each electric power department is used as an organization node to join the alliance chain network, and the alliance chain network realizes dynamic joining of the organization node through a consensus authentication mechanism;
step S2: based on a Paillier addition homomorphic encryption algorithm and an ID (identity) intersection algorithm for identity privacy perception of a block chain, data among all power departments can be selectively shared, data which do not meet the sharing requirement are prevented from being leaked, and meanwhile privacy of user identities of participating departments is guaranteed;
step S3: designing a tracing mechanism based on a block chain, wherein the tracing mechanism comprises the following steps: the reliability verification during data uploading and the data tracing after the data uploading occur during data sharing are carried out, and the authority access control of the data and the behavior management of a user are realized at the same time; and the behavior of a malicious user is prevented and avoided.
2. The multi-party electric power department collaborative user privacy protection and source tracing method according to claim 1, wherein the step S1: an alliance chain network is established through a distributed account book, each electric power department organizes nodes as block chains to join the block chain network, the alliance chain network realizes dynamic joining of the nodes through a consensus authentication mechanism, and the alliance chain network specifically comprises the following steps:
step S11: each power department is added into the alliance chain network as an organization node, the power department has an entity with data uplink requirement, and one or more organization nodes are maintained in the alliance chain network;
step S12: the sequencing organization node performs transaction sequencing and block creation in the alliance chain network; the sequencing organization node maintains a sequencing node cluster consisting of a plurality of sequencing nodes by adopting an RAFT consensus algorithm, and is used for receiving transactions, generating blocks and sending the blocks;
step S13: the member organization node and the sequencing organization node both comprise a membership MSP, and the MSP can be used in the alliance chain network to participate in network consensus on behalf of the organization node; the admission process of the organization node is realized through MSP-centered Channel member management.
3. The multi-party power department collaborative user privacy protection and source tracing method according to claim 2, wherein the step S13: the member organization node and the sequencing organization node both comprise a membership MSP, and the MSP can be used in the alliance chain network to participate in network consensus on behalf of the organization node; the admission process of the organization node is implemented around MSP-centric Channel membership management, and specifically includes:
step S131: MSP adopts a PKI system, and before each organization node joins the alliance chain network, a CA certificate authority maintains a CA certificate belonging to the organization node;
step S132: the method comprises the steps that a to-be-linked chain organization node needs to use an identity account thereof to present a certificate to the to-be-linked chain organization node, if the to-be-linked chain organization node passes signature verification of the to-be-linked chain organization node, the to-be-linked chain organization node obtains admission qualification, meanwhile, the verification is transmitted to the alliance chain network through the to-be-linked chain organization node, and the to-be-linked chain organization node can join the alliance chain network until other to-be-linked chain organization nodes pass the verification.
4. The multi-party electric power department collaborative user privacy protection and source tracing method according to claim 1, wherein the step S2: ID (identity) intersection algorithm for identity privacy perception is carried out based on a Paillier addition homomorphic encryption algorithm and a block chain, so that data among power departments can be selectively shared, the data which do not reach the sharing requirement are guaranteed not to be revealed, and meanwhile, the privacy of the user identity of the participating department is guaranteed, and the method specifically comprises the following steps:
step S21: sample alignment is required, namely an organization node A and an organization node B which need to obtain ID intersection are added into the alliance chain network;
step S22: the organization node B generates a public key { n, g } and a private key lambda based on a Paillier algorithm, and transmits the public key { n, g } to the alliance chain network through an intelligent contract, so that the organization node A can obtain the public key;
step S23: based on Lagrange interpolation method, organizing node B sets all privacy identity ID sets IDs _ B to { ID _ B }1,id_b2,id_b3,...,id_bnIs constructed as a polynomial as shown in equation (1):
(id_b1-x)*(id_b2-x)*...*(id_bn-x)=b0+b1x+b2x2+…+bnxn (1)
step S24: organizing node B uses the public key { n, g }, and combines the coefficient B of the polynomial in step S230,b1,b2,b3,…,bnGenerating a corresponding ciphertext enc _ b0,enc_b1,enc_b2,enc_b3,…,enc_bn(ii) a Transmitting the ciphertext to the alliance chain network through the intelligent contract, so that an organization node A can obtain the ciphertext;
step S25: after receiving the ciphertext and the public key of the organization node B through the alliance chain account book of the alliance chain network, the organization node A utilizes the property of Paillier homomorphic encryption to collect IDs (identity) of each privacy identity of the organization node AA={id_a1,id_a2,id_a3,...,id_amAnd (3) calculating a function value ciphertext by using a ciphertext function shown as formula (2), and aiming at any enc _ A (id _ a)j) If the decrypted value is 0, the ID also exists in the corresponding organization node B;
enc_A(id_aj)=enc_b0+enc_b1id_aj+...+enc_bnid_aj n,1≤j≤m (2)
step S26: organization node A uses the public key n, g to set its privacy identity ID { ID _ a1,id_a2,id_a3,...,id_amEncrypting, calculating an encrypted ID ciphertext combination by using formulas (3) to (4) according to the generated random value r, and transmitting the ID ciphertext combination to the alliance chain network through an intelligent contract for an organization node B to use:
enc_A(ids_Am)={encA1,encA2,encA3,...,encAj,...,encAm} (3)
encAj=r*enc_A(id_aj)+enc_id_aj,1≤j≤m (4)
step S27: organizing node B uses the private key λ pair enc _ A (ids _ A)m) All data in the data stream are traversed and decrypted if the data stream is in enc _ A (ids _ A)m) In, for any one encAjIf enc _ A (id _ a) in the formula (4)j) If the decryption result is 0, the corresponding equation (4) is enc _ id _ ajAdding the ID into the aligned ID set of the organization node A and the organization node B until the traversal is finished to obtain the final aligned ID set of the organization node A and the organization node B, and uploading the set to the alliance chain network by the organization node B through an intelligent contract for the organization node A to use.
5. The multi-party electric power department collaborative user privacy protection and source tracing method according to claim 1, wherein the step S3: designing a tracing mechanism based on a block chain, wherein the tracing mechanism comprises the following steps: the reliability verification during data uploading and the data tracing after the data uploading occur during data sharing, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of the malicious user is stopped and avoided, which specifically comprises the following steps:
step S31: when the organization node shares data, the organization node needs to verify the data before uploading, and a verifier is arranged to verify the integrity and the legality of the uploaded plaintext data; meanwhile, a record chain is set, and the verified data is transmitted to the record chain;
step S32: performing source tracing management and control on the data on the record chain, and setting a trusted life cycle of the data;
step S33: setting authority control on data, and performing controllable access management on the data according to the corresponding authority given to the users on the organization nodes according to different identities of the users;
step S34: and (4) monitoring the user behaviors, recording the behaviors of the user on the alliance chain network, and tracing the responsibility when finding out the malicious behaviors, wherein the executed behaviors cannot be denied.
6. The multi-party power department collaborative user privacy protection and source tracing method according to claim 4, wherein the step S32: setting authority control on data, and performing controllable access management on the data according to the corresponding authority given to the users on the organization nodes according to different identities of the users, specifically comprising the following steps:
step S321: after plaintext data is transmitted to the organization node, the intelligent contract date is automatically called to verify the data transmission process;
step S321: if the data transmission process has no abnormal phenomenon and the data is legal, the data can be stored into the block chain, otherwise, the data stays in the record chain, the user behavior can be recorded into the record chain, and the existing behavior cannot be cancelled.
7. A multi-party power department collaborative user privacy protection and source tracing system is characterized by comprising the following modules:
the method comprises the steps that a alliance chain network module is built and used for building an alliance chain network through a distributed account book, each power department is used as an organization node to join the alliance chain network, and the alliance chain network achieves dynamic joining of the organization node through a consensus authentication mechanism;
the privacy data intersection module is used for carrying out an ID intersection algorithm for identity privacy perception based on a Paillier addition homomorphic encryption algorithm and a block chain, so that data among all power departments can be selectively shared, the data which do not meet the sharing requirement are prevented from being leaked, and meanwhile the privacy of the identities of users of the participating departments is ensured;
the system comprises a supervision and source tracing module, a block chain-based forward supervision and source tracing module and a block chain-based reverse source tracing module, wherein the forward supervision and source tracing module is used for designing a forward supervision and source tracing mechanism based on a block chain, and the forward supervision and source tracing mechanism comprises: the reliability verification during data uploading and the data tracing after the data uploading which occur during the data sharing are carried out, and meanwhile, the authority access control of the data and the behavior management of a user are realized; and the behavior of a malicious user is prevented and avoided.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210111803.9A CN114547677B (en) | 2022-01-29 | 2022-01-29 | Multiparty power department collaborative user privacy protection and tracing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210111803.9A CN114547677B (en) | 2022-01-29 | 2022-01-29 | Multiparty power department collaborative user privacy protection and tracing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114547677A true CN114547677A (en) | 2022-05-27 |
| CN114547677B CN114547677B (en) | 2024-06-14 |
Family
ID=81673825
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210111803.9A Active CN114547677B (en) | 2022-01-29 | 2022-01-29 | Multiparty power department collaborative user privacy protection and tracing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114547677B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114943038A (en) * | 2022-07-26 | 2022-08-26 | 阿里健康科技(杭州)有限公司 | Query method, server, query system, computer device, and storage medium |
| CN115801474A (en) * | 2023-02-13 | 2023-03-14 | 天聚地合(苏州)科技股份有限公司 | Privacy calculation-based power transaction method and system, power utilization end and power generation end |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111654363A (en) * | 2020-06-18 | 2020-09-11 | 福建师范大学 | Alliance chain privacy protection method based on group signature and homomorphic encryption |
| CN112219383A (en) * | 2018-06-07 | 2021-01-12 | 康维达无线有限责任公司 | Data anonymization for privacy of service subscribers |
| CN113645020A (en) * | 2021-07-06 | 2021-11-12 | 北京理工大学 | Alliance chain privacy protection method based on safe multi-party computing |
| CN113779594A (en) * | 2021-08-16 | 2021-12-10 | 中国人民解放军战略支援部队信息工程大学 | Data distribution sharing method and system based on block chain |
| US20220012806A1 (en) * | 2020-07-10 | 2022-01-13 | State Grid Zhejiang Hangzhou Xiaoshan Power Supply Company | Electricity market trading and evaluation method based on weak centralized consortium blockchain |
-
2022
- 2022-01-29 CN CN202210111803.9A patent/CN114547677B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112219383A (en) * | 2018-06-07 | 2021-01-12 | 康维达无线有限责任公司 | Data anonymization for privacy of service subscribers |
| CN111654363A (en) * | 2020-06-18 | 2020-09-11 | 福建师范大学 | Alliance chain privacy protection method based on group signature and homomorphic encryption |
| US20220012806A1 (en) * | 2020-07-10 | 2022-01-13 | State Grid Zhejiang Hangzhou Xiaoshan Power Supply Company | Electricity market trading and evaluation method based on weak centralized consortium blockchain |
| CN113645020A (en) * | 2021-07-06 | 2021-11-12 | 北京理工大学 | Alliance chain privacy protection method based on safe multi-party computing |
| CN113779594A (en) * | 2021-08-16 | 2021-12-10 | 中国人民解放军战略支援部队信息工程大学 | Data distribution sharing method and system based on block chain |
Non-Patent Citations (4)
| Title |
|---|
| 周俊;沈华杰;林中允;曹珍富;董晓蕾: "边缘计算隐私保护研究进展", 《计算机研究与发展》, 9 October 2020 (2020-10-09) * |
| 李达;王栋;阮倩昀;柏德胜;许洪华;霍冬冬: "电力供应链场景下智能合约个性化升级方法", 《信息技术与网络安全》, 10 September 2021 (2021-09-10) * |
| 杨琳;龚钢军;林红;王宝清;魏沛芳;: "基于区块链技术的能源电力特色数据库管理", 华电技术, no. 08, 25 August 2020 (2020-08-25) * |
| 范江东;高瞻;袁康培;沈海波;: "基于联盟链的电力物资全寿命周期管理体系研究", 农村电气化, no. 04, 10 April 2020 (2020-04-10) * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114943038A (en) * | 2022-07-26 | 2022-08-26 | 阿里健康科技(杭州)有限公司 | Query method, server, query system, computer device, and storage medium |
| CN114943038B (en) * | 2022-07-26 | 2022-11-01 | 阿里健康科技(杭州)有限公司 | Query method, server, query system, computer device and storage medium |
| CN115801474A (en) * | 2023-02-13 | 2023-03-14 | 天聚地合(苏州)科技股份有限公司 | Privacy calculation-based power transaction method and system, power utilization end and power generation end |
| CN115801474B (en) * | 2023-02-13 | 2023-06-20 | 天聚地合(苏州)科技股份有限公司 | Power transaction method and system based on privacy calculation, power utilization end and power generation end |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114547677B (en) | 2024-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Secure and efficient mutual authentication protocol for smart grid under blockchain | |
| Liu et al. | Enabling efficient and privacy-preserving aggregation communication and function query for fog computing-based smart grid | |
| Fan et al. | Consortium blockchain based data aggregation and regulation mechanism for smart grid | |
| Abdallah et al. | Lightweight authentication and privacy-preserving scheme for V2G connections | |
| Busom et al. | Efficient smart metering based on homomorphic encryption | |
| Li et al. | Preserving data integrity for smart grid data aggregation | |
| Ni et al. | Balancing security and efficiency for smart metering against misbehaving collectors | |
| CN114547677B (en) | Multiparty power department collaborative user privacy protection and tracing method and system | |
| Gong et al. | A data privacy protection scheme for Internet of things based on blockchain | |
| Qian et al. | The secure lattice-based data aggregation scheme in residential networks for smart grid | |
| Zhang et al. | Lightweight multidimensional encrypted data aggregation scheme with fault tolerance for fog-assisted smart grids | |
| Liu et al. | Fault‐Tolerant Privacy‐Preserving Data Aggregation for Smart Grid | |
| Zhang et al. | An efficient and robust multidimensional data aggregation scheme for smart grid based on blockchain | |
| Hu et al. | Smart contract assisted privacy-preserving data aggregation and management scheme for smart grid | |
| Wu et al. | A robust and lightweight privacy-preserving data aggregation scheme for smart grid | |
| Zhang et al. | Privacy‐preserving blockchain‐based contract signing with multi‐party supervision | |
| Lu et al. | Transactive energy system deployment over insecure communication links | |
| Qiao et al. | An Anonymous and Efficient Certificate-Based Identity Authentication Protocol for VANET | |
| Sedaghat et al. | An efficient and secure data sharing in Smart Grid: Ciphertext-policy attribute-based signcryption | |
| Qu et al. | Cryptanalysis of a privacy-preserving smart metering scheme using linkable anonymous credential | |
| Li et al. | An efficient privacy-preserving bidirectional friends matching scheme in mobile social networks | |
| Hu et al. | A secure and scalable data communication scheme in smart grids | |
| He et al. | A Blockchain-based carbon emission security accounting scheme | |
| Ibrahem et al. | FedSafe-No KDC Needed: Decentralized Federated Learning with Enhanced Security and Efficiency | |
| Wang et al. | A provable secure and lightweight ECC-based authenticated key agreement scheme for edge computing infrastructure in smart grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |