基于零知识证明的虚拟电厂多场景下用户属性隐私保护  

作　　者：杨如侠 石聪聪 费稼轩 王向群 陈磊 肖云杰 YANG Ruxia;SHI Congcong;FEI Jiaxuan;WANG Xiangqun;CHEN Lei;XIAO Yunjie(China Electric Power Research Institute,Haidian District,Beijing 100192,China;State Grid Shanghai Municipal Electric Power Company,Pudong New Area,Shanghai 200122,China)

机构地区：[1]中国电力科学研究院有限公司,北京市海淀区100192 [2]国网上海市电力公司,上海市浦东新区200122

出　　处：《电力信息与通信技术》2024年第9期33-44,共12页Electric Power Information and Communication Technology

基　　金：国家重点研发计划项目“规模化灵活资源虚拟电厂聚合互动调控关键技术”(2021YFB2401200)。

摘　　要：虚拟电厂采集存储了海量电力用户数据,涉及查询、交易、测试、共享等不同业务场景,给用户信息安全带来了巨大风险。现有的用户隐私保护方案大多采用传统的属性基加密(attribute-basedencryption,ABE),不需要为每个接收者单独进行加密操作,支持细粒度的访问控制需求。然而使用ABE方法需要访问者输入自身属性,数据共享的过程是公开的,用户的属性隐私、加密数据的访问策略和其他用户私人信息可能通过分析相关记录而被泄露。为此,文章提出基于零知识证明的用户属性隐私保护。该方案基于分布式属性基加密(distributed attribute-basedencryption,DABE)技术,引入Merkel树聚合用户属性,使用Merkel根构建承诺,用于零知识证明验证,在不暴露用户属性和文件访问策略的前提下实现属性基加密的访问控制策略。同时,将属性与用户地址绑定,有效避免中间人攻击和重放攻击。通过安全性分析,证明本方案具有属性不可分辨性和属性防篡改性。将所提方案与现有方法进行实验比较,结果表明,所提方案在时间成本和空间占用方面性能更好。Virtual power plants collect and store massive amounts of electricity user data.These data involve various business scenarios such as queries,transactions,tests,and sharing,which pose significant risks to user information security.Most existing user privacy protection solutions use traditional attribute-based encryption(ABE),which does not re-quire encryption operations for each recipient individually and supports fine-grained access control requirements.However,using the ABE method requires visitors to input their own attributes.The process of data sharing is public.User attribute privacy,access policies for encrypted data,and other users'private information may be leaked through the analysis of relevant records.Therefore,we propose user attribute privacy protection based on zero-knowledge proof.This scheme is based on distributed attribute-based encryption(DABE)technology.We introduce Merkel tree to aggregate user attributes,use Merkel root to construct commitments,and use them for zero-knowledge proof veri-fication.This method implements access control policies for attribute-based encryption without exposing user attrib-utes and file access policies.At the same time,attributes are bound to user addresses,effectively preventing man-in-the-middle attacks and replay attacks.Through security analysis,it is proven that this solution has attribute indistinguishability and attribute tamper resistance.We compare this scheme with existing methods in experiments.The results show that this scheme performs better in terms of time cost and space occupation.

关 键 词：零知识证明 属性隐藏 虚拟电厂 隐私保护 属性基加密 

分 类 号：TM73[电气工程—电力系统及自动化] TP309[自动化与计算机技术—计算机系统结构]