CN115860750A - Electric vehicle power transaction identity authentication privacy protection method - Google Patents
Electric vehicle power transaction identity authentication privacy protection method Download PDFInfo
- Publication number
- CN115860750A CN115860750A CN202310165002.5A CN202310165002A CN115860750A CN 115860750 A CN115860750 A CN 115860750A CN 202310165002 A CN202310165002 A CN 202310165002A CN 115860750 A CN115860750 A CN 115860750A
- Authority
- CN
- China
- Prior art keywords
- electric vehicle
- identity authentication
- signature
- privacy protection
- protection method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000008569 process Effects 0.000 claims abstract description 32
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 17
- 238000009827 uniform distribution Methods 0.000 claims abstract description 5
- 238000012795 verification Methods 0.000 claims description 16
- 230000004044 response Effects 0.000 claims description 6
- 230000014509 gene expression Effects 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 230000011664 signaling Effects 0.000 claims description 3
- 238000007599 discharging Methods 0.000 abstract description 14
- 238000005457 optimization Methods 0.000 abstract description 6
- 238000004458 analytical method Methods 0.000 abstract description 4
- 238000004364 calculation method Methods 0.000 description 17
- 238000004891 communication Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- NAXKFVIRJICPAO-LHNWDKRHSA-N [(1R,3S,4R,6R,7R,9S,10S,12R,13S,15S,16R,18S,19S,21S,22S,24S,25S,27S,28R,30R,31R,33S,34S,36R,37R,39R,40S,42R,44R,46S,48S,50R,52S,54S,56S)-46,48,50,52,54,56-hexakis(hydroxymethyl)-2,8,14,20,26,32,38,43,45,47,49,51,53,55-tetradecaoxa-5,11,17,23,29,35,41-heptathiapentadecacyclo[37.3.2.23,7.29,13.215,19.221,25.227,31.233,37.04,6.010,12.016,18.022,24.028,30.034,36.040,42]hexapentacontan-44-yl]methanol Chemical compound OC[C@H]1O[C@H]2O[C@H]3[C@H](CO)O[C@H](O[C@H]4[C@H](CO)O[C@H](O[C@@H]5[C@@H](CO)O[C@H](O[C@H]6[C@H](CO)O[C@H](O[C@H]7[C@H](CO)O[C@@H](O[C@H]8[C@H](CO)O[C@@H](O[C@@H]1[C@@H]1S[C@@H]21)[C@@H]1S[C@H]81)[C@H]1S[C@@H]71)[C@H]1S[C@H]61)[C@H]1S[C@@H]51)[C@H]1S[C@@H]41)[C@H]1S[C@H]31 NAXKFVIRJICPAO-LHNWDKRHSA-N 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 241000764238 Isis Species 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000011028 process validation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
Abstract
The invention discloses an electric vehicle power transaction identity authentication privacy protection method, which comprises the following steps: leader node selection of security parameters
Running a group generation algorithm of the symmetric prime order bilinear pairs and generating public parameters, and selecting an anti-collision hash function by the leader node and issuing the public parameters; randomly selecting a main key and a public key which meet the requirement of uniform distribution from a collision-resistant hash function by the electric automobile; according to the identity authentication privacy protection scheme for the electric vehicle in the optimized charging and discharging transaction process, the anonymous certificate and the block chain are combined, and the credible third scheme is not relied onThe method uses pseudonyms to represent identities in the processes of charging/discharging optimization scheduling and identity authentication, the legality is endorsed by CL signatures and zero knowledge certificates, and security analysis shows that the proposed model does not reveal any privacy information to potential internal attackers such as block chain nodes and charging piles and any other external attackers and can resist some common attacks.
Description
Technical Field
The invention relates to the technical field of identity privacy protection, in particular to an electric vehicle power transaction identity authentication privacy protection method.
Background
With the large-scale popularization of electric vehicles, online electric power transaction between the electric vehicles and charging piles is more frequent, the traditional online transaction mode only allows the electric vehicles which are subjected to identity verification and authorization to access a system and participate in transaction, otherwise, security risks such as identity embezzlement, data tampering and information stealing are easy to occur;
in addition, the transaction information can also be collected and stored in a database for transaction information query, arbitration and the like, some private information of the electric vehicle user, such as the position, the available charging period, the license plate number, the driver's license and other private information, can be inevitably revealed in the process, and through analyzing the private information, an attacker can further reveal the track, the living habits and the like of the electric vehicle user and share the track, the living habits and the like with a marketer, an insurance company and the like.
Disclosure of Invention
The invention aims to provide an electric vehicle power transaction identity authentication privacy protection method to solve the defects in the background technology.
In order to achieve the above purpose, the invention provides the following technical scheme: an electric vehicle power transaction identity authentication privacy protection method comprises the following steps:
s1: leader node selection of security parameters
Running a group generation algorithm of symmetric prime order bilinear pairs
Generating a common parameter, the leader node selects an anti-collision hash function>
Issuing a common parameter->
, wherein />
Is a random prime number, is selected>
Is prime-graded>
G is belonging to>
Is selected, is selected and is selected>
For a bilinear map, in conjunction with a look-up table>
Is a number>
A finite field of (a);
s2: electric automobile
,/>
Slave->
Randomly selecting a private key that satisfies a uniform distribution>
And the public key->
ω represents the number of electric vehicles served by each block link point, and the block link node ≥ h>
,
For issuing a certificate, signing a list of attributes, wherein ≥ is present>
Is a random integer;
S3:
proof key for a given credential paradigm, the zero knowledge proof expression is:
in the formula ,
is a safety parameter>
In the possession of a credential>
Are all number->
Is determined by the random number in the finite field of,
,/>
selecting its private key>
And the corresponding public key->
。
Preferably, the electric vehicle
The method comprises the following steps: setting each block link point to serve>
Electric automobile
And the electric automobile acquires the certificate from the block link point in a zero-knowledge proof mode and proves that the secret attribute corresponding to the certificate is known to the charging pile.
Preferably, in step S2, the block link points
The detailed process of generating the proof is:
s2.1: selecting random numbers
,/>
And generates a random value
;
S2.2: generating challenges
, wherein />
For marking the validity period of the proof of the article, device for selecting or keeping>
Is a block link point>
Identity information of (2);
s2.3: computing responses
, wherein 
,/>
,/>
The operation is left-over operation;
s2.4: retention
As its public key->
The method (1) is carried out.
Preferably, the electric vehicle
The method comprises the following steps: is arranged and/or is>
The secret attribute set is formed by the secret attributes of the certificate
,m ji For each attribute information, the same master secret is included as a special attribute in ≧>
In the certificate of (4), the private key->
Is->
Help bind different credentials to the same identity.
Preferably, the secret attribute verification process is:
using public keys
Before generating a commitment>
Will request->
Sending>
Certifying and verifying public keys
;
calculating a random value
;
Calculating out
;
Satisfy the requirement of
Then the acceptance public key +>
Otherwise, rejecting.
Preferably, the electric vehicle
Use according to the Pedersen commitment scheme +>
In conjunction with a public key (C;)>
To the secret attribute pick>
Generating a commitment>
,/>
Proof commitment is that correctly generating corresponding zero knowledge proof expression: />
selecting random numbers
,/>
And generates random values>
;
Generating challenges
wherein />
Is the current timestamp;
computing responses
, wherein />
;
Sending
To>
。
Preferably, the block link point
Pair { [ MEANS FOR SIGNALING ]) Using CL-SIGNALING ALGORITHM>
Committed commitment>
Signing to issue a credential ≧>
。
Preferably, the block link point
Generates the factor->
And calculate->
,/>
Calculating out
And calculate->
,/>
Intermediate parameters which are all CL signature algorithms are finally->
Calculated to obtainTo signature->
And is sent to->
Directly on a commitment using a CL signature algorithm>
The signature generated pick>
Valence directly to->
The signature result of (2).
Preferably, the block link point
Verifying the credential signature includes:
Preferably, the first and second liquid crystal materials are,
presenting a blinded version of a credential to participate in an optimized charge-discharge transaction>
Selecting random numbers
And computes the blinded version of the credential as:
wherein ,
is further blinded to +>
Uniformly distributed, independent of all parameters, will->
To do so>
In a transaction, the pseudonym used in each transaction>
Along with transaction information is recorded in the blockchain for transaction inquiry and transaction arbitration.
In the technical scheme, the invention has the following technical effects and advantages:
according to the identity authentication privacy protection scheme of the electric vehicle optimization charging and discharging transaction process, an anonymous certificate and a block chain are combined, a trusted third party is not relied on, the identity is represented by using a pseudonym in the charging/discharging optimization scheduling and identity authentication process, the pseudonym has anonymity and unlinkability, the legality is endorsed by CL signature and zero knowledge certificate, and security analysis shows that the proposed model does not leak any privacy information to potential internal attackers such as block chain nodes and charging piles and any other external attackers and can resist some common attacks.
Drawings
In order to more clearly illustrate the embodiments of the present application or technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a system architecture diagram of the present invention.
Fig. 2 is a flow chart of the system setup of the present invention.
FIG. 3 is a flow chart of anonymous attribute verification in accordance with the present invention.
Fig. 4 is a flowchart of credential issuance according to the present invention.
Fig. 5 is a flowchart illustrating the charging authentication of the electric vehicle according to the present invention.
FIG. 6 is a graph showing the calculation overhead of blockchain nodes according to the number of secret attributes
And the number of electric vehicles served thereby>
Schematic diagram of the variation of (1).
FIG. 7 shows the calculation of the electric vehicle and the charging pile according to the present inventionOverhead follow-up
Schematic diagram of the variation of (1).
FIG. 8 shows the secret attribute numbers of the electric vehicle according to the present invention
Total number of electric vehicles served by each block link point
Schematic diagram of the variation.
FIG. 9 shows the communication overhead between the charging pile and the electric vehicle according to the present invention
Schematic diagram of the variation of (1).
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1 and fig. 2, in the present embodiment, a method for protecting privacy of electric vehicle power transaction identity authentication includes the following steps:
(1) Block chain node:
is a set of nodes that make up a distributed blockchain network, where τ is a random integer. On one hand, all the blockchain nodes commonly maintain the normal operation of the blockchain network, including transaction generation, consensus, blockchain packaging and uplink and the like. On the other hand, the area block chain node also serves as a certificate issuing mechanism and issues a digital certificate to a group of attributes of the electric automobile in a distributed mode, and the digital certificate is called belowIs a credential.
In addition, the block chain system is built by the HyperledgerFabric, and the used Raft consensus algorithm has a mature, efficient and high-reliability leader node (leader) selection mechanism. Considering that a single node can be invaded by an attacker to cause a single point of failure, the leader node is a dynamically selected reliable node which is responsible for initializing system setting, issuing system common parameters and providing registration service for the nodes.
(2) Charging pile: the charging pile firstly verifies whether the electric automobile obtains charging permission or not, and then provides charging/discharging service for the electric automobile in a distributed mode. The built-in smart electric meter of charging pile can record the charge and discharge data of the electric automobile in real time.
(3) Electric automobile: assuming that each block link point is at most serviceable
Electric automobile
. The electric automobile obtains the certificate from the block link point in a zero-knowledge proof mode and proves to the charging pile that the secret attribute corresponding to the certificate is known. Therefore, the electric automobile obtains charge and discharge permission and completes charge and discharge transaction under the condition that no additional information is disclosed to the block link points and the charging pile, and the electric automobile and the block link points are communicated with each other through the internet.
1. Initialization
Leader node selects appropriate security parameters
And runs a symmetric prime order bilinear pair group generation algorithm Setup (@ v)>
) Generating common parameters, and selecting an anti-collision hash function->
And finally, the leader node issuesPublic parameter->
, wherein />
Is a random prime number, is combined with a plurality of combinations of at least two different combinations>
Is prime-graded>
Is g belongs to->
Is selected, is selected and is selected>
For a bilinear map, in conjunction with a look-up table>
Is a number of
A finite field of (2).
2. Key generation
Electric automobile
,/>
Slave/slave unit>
Randomly selecting a private key that satisfies a uniform distribution>
And public key &>
. Block link node->
,/>
Is used for issuing a certificate, i.e. for signing a list of attributes. />
Selects its own private key->
And corresponding public key
,/>
Are all number->
Is determined by the random number in the finite field of,
。
3. generating a zero knowledge proof
In addition to this, the present invention is,
the key pair needs to be certified as correct for a given credential paradigm (defining the size of a message block-equivalent to the number of attributes of the credential). This zero knowledge proves to be as follows:
in the formula ,
is a safety parameter>
Is a credential.
The identity authentication privacy protection scheme of the electric vehicle optimization charging and discharging transaction process combined with the anonymous certificate and the block chain is designed, a trusted third party is not relied on, the identity is represented by using a pseudonym in the charging/discharging optimization scheduling and identity authentication process, the pseudonym has anonymity and unlinkability, the legality of the pseudonym is endorsed by CL signature and zero knowledge certificate, and security analysis shows that the proposed model cannot reveal any privacy information to potential internal attackers such as block chain nodes, charging piles and the like and any other external attackers and can resist some common attacks.
(1) Selecting random numbers
,/>
And generates a random value->
。
(2) Generating challenges
, wherein />
For marking the validity period of the proof of the certificate, device for selecting or keeping>
Is a block link point>
Identity information of (2).
(3) Computing responses
, wherein />
,/>
,
,/>
,/>
The operation is left-over operation.
(4) Final reservation
As its public key +>
The method (1) is carried out.
Anonymous attribute verification:
it is desirable to register a credential for a set of attributes it owns (e.g., master key, driver's license expiration date, vehicle principal name, vehicle owner's nationality, vehicle owner ID, vehicle model number, account balance, charging post address, and charging post number);
to hide secret attributes such as master key, charging post number, etc., block chain nodes may be used
Signing the commitment of the secret attribute set instead of the original attribute without loss of generality;
suppose that
All attributes in the credential of (a) need to be kept secret, constituting a secret attribute set @>
,m ji For each attribute information, in particular, the designation->
I.e. the same master secret is included as a special attribute in all
In the certificate of (1);
can be considered as a private key
Act as->
Help bind different credentials to the same identity, based on the identity of the subscriber>
Is the number of other secret attributes than the master key, based on the key value>
In or>
Prior to obtaining a signature on a commitment, it is necessary to provide a zero knowledge proof that he does know the secret attribute ≧ corresponding to the commitment submitted>
。
The whole process is shown in figure 3: the detailed anonymous attribute validation process is as follows:
1) Verifying the correctness of the public key: in using public keys
Before generating a commitment>
Will request->
Sending
And verifies it.
(1) Calculating a random value
。
(2) Calculating out
。
(3) If it is satisfied with
Then the acceptance public key +>
Otherwise, rejecting.
2) Generating a secret property commitment: in order to hide the properties from view,
use according to the Pedersen commitment scheme +>
Of (2) a public key
To the secret attribute pick>
Generates a commitment>
The Pedersen commitment solves the problem based on discrete logarithms, allowing a message submitter to submit a message to a certain verifier without revealing the committed message details.
3) And (3) generating a commitment certificate:
his commitment must be proven to be correctly generated, corresponding to the following zero-knowledge proof:
(1) Selecting random numbers
,/>
And generates a random value->
;
(2) Generating challenges
wherein />
Is the current timestamp;
(3) Computing responses
, wherein />
,/>
;
(4) Sending
To>
。
4) Verifying the acceptance certification: received from
After the assertion of (4), is selected>
Acts as proof that the verifier verifies the commitment by indirectly proving that the electric vehicle really knows the secret property ≥ corresponding to the commitment>
:
(1) Computing
;
(2) Computing
;
(3) If it is satisfied with
Then accepts the commitment>
Otherwise, rejecting.
Example 2
As shown in fig. 4: in the present example, the description is given
Pair { [ MEANS FOR SIGNALING ]) Using CL-SIGNALING ALGORITHM>
Committed commitment>
Signing to issue a credential ≧>
。
1) And (3) generating a certificate signature:
firstly, a factor is randomly generated>
And calculate->
Then->
Counting/or>
,/>
,/>
And calculate->
,
Are all intermediate parameters of the CL signature algorithm. Finally->
Calculating to obtain the signature
And is sent to->
. Directly committing/validating using CL signature algorithm>
Generated signature
Equivalent direct pair->
Because->
The following can be demonstrated:
to pair
In particular, the pair->
Submitted->
Signature and direct set of attributes thereof>
The security of the signature is the same. This is because->
The validity of the commitment corresponding attribute is proved in a zero-knowledge mode. Is paired and/or matched>
In speaking, is>
Can only be slave>
Pick up an association>
The privacy information of (1). But is known according to the Pedersen commitment>
Is a safety commitment whose information is theoretically independent of &>
So that the information theoretically hides the secret set of attributes ≥>
。
2) Verifying the certificate signature: receive a
After the transmitted signature, is/are>
It is necessary to check its signature->
Is valid and then combines with the attribute set>
And packaging into a signature certificate and storing. The specific signature verification process is as follows:
2.1)
whether or not it can correctly pass>
To make a judgment. The correctness of this equation verifies as follows:
2.2)
and />
Can respectively pass through>
And
and (6) judging. The correctness verification of the two equations is shown as (7) and (8), respectively:
2.3)
whether or not it can correctly pass>
To judge. The correctness of this equation verifies as follows:
as shown in fig. 5, once
Reach the charging station and connect with the stake of charging within a specified period of time, it needs to verify oneself and carry out charging and discharging. />
Instead of simply sending an account and corresponding master key or key hash to the charging post for authentication, a different pseudonym (a special cryptographic token, derived non-deterministically from the credentials) is used to interact with the charging post. />
It is necessary that the corresponding set of attributes for a pseudonym is not revealed>
The pseudonym is proved to be owned by the charging pile on the premise of (1). Finally->
The validity of the identity of the user is verified under the condition that privacy information is not leaked, so that the charging/discharging service provided by the charging pile is obtained.
In order not to reveal the credentials,
presenting a blinded version of the credential to participate in optimizing the charging and discharging transaction. />
Selecting a random number->
And computes a blinded version of the credential as follows:
wherein 
Is further blinded to >>
The uniform distribution is independent of all other parameters. Can therefore combine +>
To do so>
The pseudonym of (1). Due to the non-tamperable and traceable security features of the blockchain, the pseudonym used in each transaction is->
Along with other transaction information may be recorded in the blockchain for transaction inquiry and transaction arbitration.
3) Generating a certificate proof:
it needs to be proven that he knows the set of attributes that the voucher corresponds to->
The corresponding zero knowledge is demonstrated below.
wherein 
,/>
,/>
,/>
All are intermediate parameters of the CL signature.
computing
、/>
、/>
and />
;
Selecting random numbers
,/>
And calculates->
;
Computing challenge
, wherein />
Is a current timestamp, which is used to resist potential replay attacks;
calculate the corresponding
, wherein />
,/>
,/>
;
Sending
,/>
And finally, charging the electric pile.
4) And (3) verification certificate certification: received from
After the information is received, the charging pile firstly compares the current time with the timestamp &>
To preliminarily judge the validity of the proof. Then, it is verified by judging whether the formulas (5-11) - (5-13) are satisfied or not
,/>
The validity of (2).
The correctness of equations (11) - (13) are proved to be similar to equations (6) - (8), and are not described in detail here.
Finally, the charging pile completes the pairing through the following zero knowledge proving process
Validation of submitted information and authorization to begin on a false name @>
The electric automobile->
And charging and discharging are carried out.
(1) Computing
、/>
、/>
and />
;
(2) Calculating out
;
(3) Computing
;
(4) If it is satisfied with
The credential is accepted, otherwise it is rejected.
it can be concluded from the above procedure that the cryptographic pseudonym derived therefrom has the property that on the one hand no entity can determine whether two pseudonyms are from the same master secret, and on the other hand if the master secret and other attributes corresponding to the pseudonym are not known, it is not possible for the electric vehicle to successfully authenticate itself by means of the pseudonym.
The attack mode of identity privacy protection comprises the following steps:
1. block link point attack
The electric automobile verifies that the anonymous secret attribute corresponding to the promise is known to the block link point in a zero-knowledge proof mode. The process does not require the electric vehicle to present its own true identity. And finally, the block chain node can only know that an anonymous electric vehicle requests for carrying out charge and discharge optimization scheduling, and cannot know privacy information such as charging habits, positions, personal information and the like from the process.
2. Attack of charging pile
The proposed scheme generates an electric vehicle pseudonym by CL signature and authenticates it with zero knowledge proof. The pseudonym is anonymous and unrelated to the true identity of the electric car. And finally, the charging pile can only know that a legal electric automobile completes charging and discharging in the distributed time period, and the real identity of the electric automobile cannot be known in the process.
3. Federation chain ledger attack
In the proposed scheme, the transaction information of the electric automobile and the charging pile stored on the alliance chain is transparent to users of the alliance chain. But a different electric vehicle pseudonym is saved in each newly generated transaction. Pseudonyms are randomly generated and evenly distributed, and it is difficult for an attacker to distinguish pseudonyms and associate them with a single identity.
4. Man-in-the-middle attack
Because the scheduling request information sent by the electric vehicle to the blockchain node can be encrypted by using the public key of the blockchain node. Even if an attacker were able to capture the data, it would not have access to the information inside. And even if an attacker hijacks the blockchain node and acquires the plaintext information of the scheduling request, the attacker can only know when and where a certain electric automobile is to be charged and discharged and cannot know the real identity of the electric automobile and associate the real identity with the future charging and discharging behaviors because the information is only bound with one pseudonym. In addition, the electric automobile needs to send the certification to the block link points in the identity authentication process. Since the proof is zero knowledge, the attacker cannot obtain any private information about the electric vehicle from the proof.
5. Replay attacks
The verifier finally judges the validity of the proof by detecting that the current time is within the valid period of the proof and verifying the cryptographic validity of the proof.
6. Denial of service attacks
The system can require a pre-paid deposit to resist denial of service attacks when the electric vehicle applies for charge and discharge scheduling transactions. Thus, initiating a large number of scheduling requests may be costly and reduce the aggression of an attacker.
The scheme mainly considers the identity privacy of the electric automobile and jointly considers the privacy of positions, charging habits and the like based on the identity privacy. The above security analysis may show that the proposed scheme does not reveal this private information to other internal or external attackers. The blockchain nodes cannot be exposed to private information, but are still able to authenticate the electric vehicle and issue a certificate to it with zero knowledge proof. It is difficult to link two certificates that result from the same credential with a charging post or block link point. The charging post can verify the validity of the electric vehicle by means of a credential (anonymous and not linkable to the real identity) and a corresponding proof without having to access other private information. Any attacker cannot acquire the scheduling request information and the personal information from the communication channel or the alliance chain ledger and match the scheduling request information and the personal information with the real electric vehicle identity. Therefore, the scheme can protect the privacy of the electric vehicle users in a distributed environment.
Example 3
This example is mainly used to evaluate the protection methods in examples 1 and 2, including:
1) Simulation setting: the scheme implements CL signature algorithm and SchnorrNIZKP protocol based on TypeAparing of JPBC (JavaPair-based cryptography) Library. The performance of the scheme was evaluated on an Intel (R) 4CoreCPU @2.80GHz8GB memory virtual machine running the CentOS7.4 computing system. In addition, the federation chain system is built based on HyperLegendr Fabricv2.3.2, and a client program and an intelligent contract are developed based on the fabric-sdk-java and the fabric-chaincode-java respectively.
In particular, bilinear pairings are in the field
An upper configuration in which>
A bit. />
Is formed by an elliptic curve>
A large prime order of a group of points which is->
Has a bit length of 160, i.e.>
A bit. />
2) And (3) analyzing the calculation cost: and (4) considering the calculation overhead of the block chain nodes, the electric automobile and the charging pile in the aspects of signature, signature verification, zero knowledge proof generation and verification.
Order to
,/>
Respectively represent->
and />
Computation overhead of medium exponent operation, where->
Is a prime numberA multiplication loop group of order q. Make->
Representing the computational overhead of the pair operation in a bilinear pair.
The computational overhead of other operations (e.g., random number generation, multiplication, and hash value calculation) is negligible compared to the computational overhead of exponential operations and operations. Is measured by experiments
,/>
,
。
Verifying commitment certification needs of an electric vehicle for a blockchain node
Is/are>
The exponential operation in (1). Block link point calculation of probable need ∑ for signature of an electric vehicle>
Number of or>
The exponential operation in (1). So that one block chain node serves all->
Total calculation cost of individual electric vehicles is ^ greater than ^ equal>
。
For an electric vehicle, EV validation
Need for correctness>
Is/are>
Is generated based on the exponent operation in (1), the generation of a commitment needs->
Is/are>
Generating a commitment proof need->
Is/are>
The calculation overhead is
。
Electric vehicle inspection
、/>
and />
Need to be respectively>
and />
A plurality of pairs of operations, checking->
Need to->
A pair-wise arithmetic sum->
Is/are>
Is based on an exponent operation in (4), with a calculation overhead of->
。
The electric automobile needs about calculation certification
A plurality of pairs of arithmetic operations, based on the evaluation result>
Is/are>
Is based on an exponent operation in (4), with a calculation overhead of->
. The total calculation cost of an electric vehicle is thus
。
For a charging pile, the charging pile needs to be paired first
,/>
Signature verification requires->
And (4) carrying out pair operation. The charging post then verifies that SchnorrNIZKF requires about >>
A sum of pairs
Is/are>
The exponential operation in (1).
So that a charging pile serves the totality of an electric vehicleThe calculation cost is
。
FIG. 6 shows the computational overhead of a blockchain node as a function of the number of secret attributes
And the number of electric vehicles served thereby>
Of the cell.
When in use
,/>
I.e. only the attribute->
When secret keeping is carried out, the minimum calculation cost of the block chain link point is ^ greater than or equal to>
. When/is>
,/>
The maximum computation overhead of the time zone blockchain node is obtained
s。
Therefore, a blockchain node can issue anonymous certificates for all the served electric vehicles in less than half a minute.
FIG. 7 shows the calculation cost of an electric vehicle and a charging pile as a function of time
The variation of (2). When +>
Electric vehicle andcharging pile respectively obtains minimum calculation cost of ^ greater than or equal to>
and />
. When/is>
In time, the electric automobile and the charging pile respectively obtain the maximum calculation expense of ^ and/or greater than>
and />
. Therefore, the electric automobile and the charging pile can complete the identity authentication process in less than 1 s. />
3) Analyzing communication overhead: secure hash function in SchnorrinZKP is implemented using SHA-256 algorithm
Hash value thereof is greater or less>
. Each +, as set forth in the simulation>
The size of the element is
. Each->
The size of the element in (B) is->
。
Consider the communication overhead between the block link node and the electric vehicle. Each electric automobile
Sending proofs
,/>
To the block link point. Challenge->
Is greater or less than>
. Each->
Is in the size >>
,/>
Has a total size of->
。/>
Is big or small>
。/>
And can be ignored. />
Send signature pickand place>
,/>
Give/pick>
。/>
All sizes areIs->
. Each one of which is
Is big or small>
,/>
And &>
Is all big or small>
. So that the block chain node serves all->
Total communication overhead of an electric vehicle is
Bytes。
Consider the communication overhead between a charging pile and an electric vehicle. Each electric vehicle sends
,/>
Give and fill electric pile. Challenge->
Is greater or less than>
. Each->
Is greater than or equal to>
And therefore->
Has a total size of->
. Blinded signature->
Comprising +>
Medium element, thus->
A size of
Bytes。/>
Can be ignored. Therefore, the total communication cost of one charging pile and 1 electric vehicle served by the charging pile is ≥ based on>
Bytes。
FIG. 8 shows the number of secret attributes associated with an electric vehicle
Total number of electric vehicles served by each block link point
And the total communication overhead of one blockchain node is changed. When/is>
,/>
Block chaining point taking minimum communication overhead->
. When/is>
,/>
At that time, the block chain node point gets the maximum communication overhead->
。
FIG. 9 shows communication overhead between a charging pile and an electric vehicle
The variation of (2). When the temperature is higher than the set temperature
In the meantime, the minimum communication overhead of the charging pile and the electric automobile is
. When in use
In the meantime, the maximum communication overhead between the charging pile and the electric automobile is
。
As can be seen from fig. 8 and 9, both the process of issuing anonymous certificates to all the served electric vehicles by the blockchain node and the charging and discharging authentication process of the electric vehicles occupy less communication resources.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions described in accordance with the embodiments of the present application are produced in whole or in part when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, data center, etc., that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists singly, A and B exist simultaneously, and B exists singly, wherein A and B can be singular or plural. In addition, the "/" in this document generally indicates that the former and latter associated objects are in an "or" relationship, but may also indicate an "and/or" relationship, which may be understood with particular reference to the former and latter text.
In this application, "at least one" means one or more, "a plurality" means two or more. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a variety of media that can store program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. An electric vehicle electric power transaction identity authentication privacy protection method is characterized by comprising the following steps: the protection method comprises the following steps:
s1: leader node selection of security parameters
Running a group generation algorithm of symmetric prime order bilinear pairs->
Generating a common parameter, the leader node selecting an anti-collision hash function>
Publishing public parameters
, wherein />
Is a random prime number, is selected>
Is prime-graded>
Is g belongs to->
In a generating unit of (2), in a manner known per se>
Is a bilinear map, is asserted>
Is a number>
A finite field of (a);
s2: electric automobile
,/>
Slave->
Randomly selecting a privacy key that satisfies a uniform distribution>
And public key
,/>
Represents the number of electric vehicles served by each block link point, and the block link node->
,
For issuing vouchers, signing an attribute list, wherein &>
Is a random integer;
S3:
proof key for a given credential paradigm, the zero knowledge proof expression is:
in the formula ,
for a safety parameter, <' >>
In the possession of a credential>
Are all number->
Is determined by the random number in the finite field of,
,/>
selecting its private key>
And the corresponding public key->
。
2. The electric vehicle power transaction identity authentication privacy protection method according to claim 1, characterized in that: the electric automobile
The method comprises the following steps: setting each block link point to serve>
Electric automobile>
And the electric automobile acquires the certificate from the block link point in a zero-knowledge proof mode and proves that the secret attribute corresponding to the certificate is known to the charging pile.
3. The electric vehicle power transaction identity authentication privacy protection method according to claim 2, characterized in that: in step S2, block link points
The detailed process of generating the proof is:
s2.1: selecting random numbers
,/>
And generates a random value->
;
S2.2: generating challenges
, wherein />
For marking the validity period of the proof of the certificate, device for selecting or keeping>
Is a block link point>
Identity information of (2);
s2.3: computing responses
, wherein 
,/>
,
The operation is left-over operation;
s2.4: retention
As its public key->
The method (1) is carried out. />
4. The electric vehicle power transaction identity authentication privacy protection method according to claim 3, characterized in that: the electric automobile
The method comprises the following steps: is arranged and/or is>
The secret attribute set is formed by the secret attributes of the certificate
,m ji For each attribute information, the same master secretMi is included as a special attribute in +>
In the certificate, the private key &>
Is->
Help bind different credentials to the same identity.
5. The electric vehicle power transaction identity authentication privacy protection method according to claim 4, characterized in that: the secret attribute verification process is as follows:
using public keys
Before generating a commitment>
Will request->
Send>
Proves and verifies that the public key->
;
calculating a random value
;
Computing
;
Satisfy the requirement of
Then the public key is accepted>
Otherwise, rejecting.
6. The electric vehicle power transaction identity authentication privacy protection method according to claim 5, characterized in that: the electric automobile
Use according to the Pedersen commitment scheme +>
Is greater than or equal to the public key>
To the secret attribute pick>
Generates a commitment>
,/>
Proof commitment is that correctly generating corresponding zero knowledge proof expression is:
selecting random numbers
,/>
And generates a random value->
;
Generating challenges
wherein />
Is the current timestamp;
computing responses
, wherein />
(ii) a Sending
To>
。
7. The electric vehicle power transaction identity authentication privacy protection method according to claim 1, characterized in that: the block chain node
Pair { [ MEANS FOR SIGNALING ]) Using CL-SIGNALING ALGORITHM>
Committed commitment>
Signing to issue a credential ≧>
。
8. The electric vehicle power transaction identity authentication privacy protection method according to claim 7, characterized in that: the block chain node
Is randomly generated>
And calculate->
,/>
Computing
And calculate->
,/>
Are intermediate parameters of the CL signature algorithm, finally->
Calculates to obtain a signature pick>
And send to +>
Directly on a commitment using a CL signature algorithm>
The signature generated pick>
Valence direct pair>
The signature result of (1).
9. The electric vehicle power transaction identity authentication privacy protection method according to claim 8, characterized in that: the block chain node
Verifying the credential signature includes:
10. The electric vehicle power transaction identity authentication privacy protection method according to claim 9, characterized in that:
presenting a blinded version of a credential to participate in an optimized charge-discharge transaction>
Selecting a random number->
And computes the blinded version of the credential as:
wherein ,
is further blinded to >>
Uniformly distributed, independent of all parameters, will->
To do so>
Pseudonyms of eachPseudonym used in a sub-transaction>
Along with transaction information is recorded in the blockchain for transaction inquiry and transaction arbitration. />
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165002.5A CN115860750B (en) | 2023-02-27 | 2023-02-27 | Electric automobile electric power transaction identity authentication privacy protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165002.5A CN115860750B (en) | 2023-02-27 | 2023-02-27 | Electric automobile electric power transaction identity authentication privacy protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115860750A true CN115860750A (en) | 2023-03-28 |
| CN115860750B CN115860750B (en) | 2023-05-30 |
Family
ID=85658848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310165002.5A Active CN115860750B (en) | 2023-02-27 | 2023-02-27 | Electric automobile electric power transaction identity authentication privacy protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115860750B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108769020A (en) * | 2018-05-29 | 2018-11-06 | 东北大学 | A kind of the identity attribute proof system and method for secret protection |
| CN109614820A (en) * | 2018-12-06 | 2019-04-12 | 山东大学 | Intelligent contract authentication data method for secret protection based on zero-knowledge proof |
| CN110728576A (en) * | 2019-08-19 | 2020-01-24 | 湖南科技学院 | Decentralized anonymous data transaction method based on zero knowledge proof |
| CN110958110A (en) * | 2019-12-09 | 2020-04-03 | 趣派(海南)信息科技有限公司 | Block chain private data management method and system based on zero knowledge proof |
| CN113098838A (en) * | 2021-02-21 | 2021-07-09 | 西安电子科技大学 | Trusted distributed identity authentication method, system, storage medium and application |
| CN113177225A (en) * | 2021-03-16 | 2021-07-27 | 深圳市名竹科技有限公司 | Block chain-based data storage certification method, device, equipment and storage medium |
| CN114615280A (en) * | 2022-03-24 | 2022-06-10 | 国网河南省电力公司电力科学研究院 | Anonymous credential based power block chain privacy protection method and system |
| CN114710294A (en) * | 2022-04-20 | 2022-07-05 | 电子科技大学 | Novel block chain privacy protection method |
| CN115564434A (en) * | 2022-09-23 | 2023-01-03 | 西南交通大学 | Block chain supervision privacy protection method based on zero knowledge proof |
| US20230043852A1 (en) * | 2021-07-13 | 2023-02-09 | Zhengzhou University Of Light Industry | Blockchain-based privacy protection method for content centric network (ccn) |
-
2023
- 2023-02-27 CN CN202310165002.5A patent/CN115860750B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108769020A (en) * | 2018-05-29 | 2018-11-06 | 东北大学 | A kind of the identity attribute proof system and method for secret protection |
| CN109614820A (en) * | 2018-12-06 | 2019-04-12 | 山东大学 | Intelligent contract authentication data method for secret protection based on zero-knowledge proof |
| CN110728576A (en) * | 2019-08-19 | 2020-01-24 | 湖南科技学院 | Decentralized anonymous data transaction method based on zero knowledge proof |
| CN110958110A (en) * | 2019-12-09 | 2020-04-03 | 趣派(海南)信息科技有限公司 | Block chain private data management method and system based on zero knowledge proof |
| CN113098838A (en) * | 2021-02-21 | 2021-07-09 | 西安电子科技大学 | Trusted distributed identity authentication method, system, storage medium and application |
| CN113177225A (en) * | 2021-03-16 | 2021-07-27 | 深圳市名竹科技有限公司 | Block chain-based data storage certification method, device, equipment and storage medium |
| US20230043852A1 (en) * | 2021-07-13 | 2023-02-09 | Zhengzhou University Of Light Industry | Blockchain-based privacy protection method for content centric network (ccn) |
| CN114615280A (en) * | 2022-03-24 | 2022-06-10 | 国网河南省电力公司电力科学研究院 | Anonymous credential based power block chain privacy protection method and system |
| CN114710294A (en) * | 2022-04-20 | 2022-07-05 | 电子科技大学 | Novel block chain privacy protection method |
| CN115564434A (en) * | 2022-09-23 | 2023-01-03 | 西南交通大学 | Block chain supervision privacy protection method based on zero knowledge proof |
Non-Patent Citations (2)
| Title |
|---|
| YIFAN WANG: "A blockchain-based conditional privacy-preserving authentication scheme for edge computing services", JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, vol. 70 * |
| 王震;范佳;成林;安红章;郑海彬;牛俊翔;: "可监管匿名认证方案", 软件学报, no. 06 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115860750B (en) | 2023-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xu et al. | EVchain: An anonymous blockchain-based system for charging-connected electric vehicles | |
| Baza et al. | Privacy-preserving blockchain-based energy trading schemes for electric vehicles | |
| Gabay et al. | Privacy-preserving authentication scheme for connected electric vehicles using blockchain and zero knowledge proofs | |
| Eskandarian et al. | Certificate transparency with privacy | |
| US9768962B2 (en) | Minimal disclosure credential verification and revocation | |
| CN113129518B (en) | Electric vehicle charging system and resource management method thereof | |
| Li et al. | BCSE: Blockchain-based trusted service evaluation model over big data | |
| Chen et al. | A novel electronic cash system with trustee-based anonymity revocation from pairing | |
| CN112291062B (en) | Voting method and device based on block chain | |
| CN105187405A (en) | Reputation-based cloud computing identity management method | |
| Bhargav-Spantzel et al. | Multifactor identity verification using aggregated proof of knowledge | |
| Tajmohammadi et al. | LSPP: Lightweight and secure payment protocol for dynamic wireless charging of electric vehicles in vehicular cloud | |
| CN115277010A (en) | Identity authentication method, system, computer device and storage medium | |
| Zhang et al. | A novel privacy protection of permissioned blockchains with conditionally anonymous ring signature | |
| CN112733192B (en) | Judicial electronic evidence system and method based on union chain homomorphic encryption | |
| CN116390092A (en) | Internet of vehicles fine-granularity access control method based on multi-strategy access tree | |
| CN115765983A (en) | Group signature method and signature center group administrator node | |
| CN115860750B (en) | Electric automobile electric power transaction identity authentication privacy protection method | |
| Mandal et al. | Design of electronic payment system based on authenticated key exchange | |
| CN114417389A (en) | Method for storing user asset limit through addition homomorphic encryption in block chain | |
| Lian et al. | A practical solution to clone problem in anonymous information system | |
| Yang et al. | Security analysis and improvement of a privacy-preserving authentication scheme in VANET | |
| Dzurenda et al. | Privacy-preserving solution for vehicle parking services complying with EU legislation | |
| AU2021106388A4 (en) | A secure public cloud system for preserving privacy | |
| Zhao et al. | Publicly Accountable Data-sharing Scheme Supporting Privacy Protection for Fog-enabled VANETs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |