A novel authentication scheme based on edge computing for blockchain-based distributed energy trading system

Distributed energy trading system is a new business model of energy industry. Applying blockchain technology, energy supply contracts can be communicated directly between producers and consumers. However, blockchain is without any identity authentication and legitimate user identities are possibly forged if there is not any user identity authentication procedure in a trading system. In this paper, we design an authentication scheme for blockchain-based energy trading systems by using edge computing, including journalizing processes, registration, and identity authentication. In our scheme, each node has computing power, which can ensure the meter data can be processed locally or on the edge. In addition, the correctness and security analysis of the scheme are also given in this paper. The analysis shows that our scheme is unforgeability and can protect users’ privacy.


Background and motivation
Blockchain is a shared distributed ledger that records transactions in a public or private peer-to-peer network. The ledger is distributed to all member nodes in the network, and the history of asset transactions occurring between peer nodes in the network is permanently recorded in the block. As the core technology of distributed ledger technology (DLT) system, blockchain is considered to have broad application prospects in many fields such as finance, Internet of Things, commercial trade, credit reporting, and asset management [1].
As a new generation of energy supply mode, distributed energy system is a powerful supplement to centralized energy supply system. A distributed trading system should be designed to adapt multiple energy suppliers and consumers. Blockchain technology can be applied to construct a distributed energy trading system. Actually, there are many researches on blockchain-based energy trading systems [2][3][4][5][6][7][8][9][10]. The literature [2] conducted a preliminary economic evaluation of the market mechanism of blockchain (2020) 2020:152 Page 2 of 15 application in the local energy market. In [3], the author compares the business model and characteristics of P2P power transaction and emphasizes the sustainable development of P2P ICUE 2018 green energy. In [4], the author demonstrated a blockchain implementation that can be used for energy auctions in the campus environment. The authors discuss the components of the microgrid energy market related to the Brooklyn microgrid project in [5]. The authors discuss business models that ensure transparency for energy consumers in [6]. Blockchain technology has also realized several other energy-related applications, such as the use of blockchain in island microgrids to identify energy losses [7] and the application supporting emissions trading [8]. In [9], the authors review the way blockchain technology works in the context of the Internet of Things (IoT). A secure energy trading system was proposed in [10]. In addition, many enterprise projects are also focused on the application of blockchain technology in the field of energy [11][12][13][14][15][16][17][18][19][20], such as the PowerLedger project which provides a peer-to-peer marketplace for renewable energy [11]. Its white paper [12] continues to discuss system architecture and ecosystems. The Brooklyn Microgrid Project developed by New York startup LO3 Energy [13] is dedicated to creating a blockchain-based P2P trading system that delivers electricity to hospitals, shelters, and community centers when needed. Dajie project in [14] provides a blockchain-based platform that allows P2P energy exchange, redeems carbon credits for consumers, and pays for energy companies' energy and services. The Shared Charging Project [15] provides a solution for charging electric vehicles on an open network developed on the Ethereum blockchain [16], which provides seamless access to charging poles in different countries. NRGcoin project [17] provides incentives for the production of green energy. The concept is similar to the solar coin project [18], where one of the solar coins represents 1 MWh of solar power. The solar exchange program [19] allows individuals to purchase or lease solar battery by using bitcoin or local currency. An electronic project initiated by the UK in the literature [20], which runs on Ethereum, provides a flexible block-based trading platform that supports electricity, natural gas, and community energy. Enerchain project [21] focuses on the use of blockchain technology for P2P transactions in the wholesale energy market.
However, many security issues such as identity authentication, the realization of consensus mechanism, and privacy protection are not mentioned in these systems. This paper focus on the identity authentication of users for the blockchain-based energy trading systems.

Related work
Currently, there are some blockchain-based identity authentication schemes [22][23][24][25][26][27]. These researches can be divided into two categories. One is based on government platforms. The goal is to create a blockchain-based world or national identity registration system and provide some government services [22][23][24][25]. Another one is for companies; its aim is to complete the identity registration authentication services with blockchain [26,27]. Moreover, several blockchain-based authentication schemes for smart grid were proposed over the last several years [28][29][30][31]. A blockchain identity management system based on public identities ledger is discussed in [32]. Unfortunately, among these schemes, the important node is the smart grid. They only considered how to complete the certification for smart grid. In the general energy trading system, there is no smart grid, and more participants are users. We focus on how to implement user identity authentication in such a system.
Edge computing is a way of processing data that is physically close to where the data is generated. Edge computing is relative to cloud computing. There is much literature on the application of edge computing [33][34][35][36][37][38][39][40][41][42][43][44][45][46][47]. In an edge computing-based blockchain system, each device needs to pay a certain amount of deposit. Each device is a node, a witness, a trusted oracle, and a judge with clear rewards and punishments. No one even needs to participate. People just need to enjoy a credible society, and the rest is done by the marginal computing block chain.

Our contribution
In order to solve the problem of identity authentication in blockchain-based energy trading system, we design an edge computing-based authentication scheme for blockchainbased distributed energy trading systems (ECAS-BDETS), which includes three processes named as journalizing, registration, and identity authentication. Our scheme can ensure unforgeability and privacy. In addition, the correctness and security analysis of the scheme are also given in this paper. The main contributions of this paper include: 1. In the process of journalizing, we use the proof of stake (PoS) plus credit score to complete the bookkeeper selection. To avoid regional managers with more transactions which tend to get higher credit score, we randomly select one of the regional managers with honor values greater than or equal to k each time. 2. In the process of user registration, we ensure that the user's identity cannot be forged by processing and storing the user identity information in the block chain based on the tag and Merkle tree principle. 3. In the process of identity authentication, the user's identification is realized by using digital signature technology and time stamp.

Organization of this paper
The rest of the paper is organized as follows. Preliminaries are given in Section 2. In Section 3, we formally define the framework and security requite for blockchain-based authentication scheme for energy trading system. The proposed scheme is presented in Section 4. An example of our scheme will be presented in Section 5. We analyze the security of the proposed scheme and compare it with other related schemes in Section 6. In Section 7, our scheme is compared with some existing schemes in terms of function. Finally, conclusions and future work are given in Section 8.

Preliminaries
In this section, we briefly introduce some knowledge of Merkle tree and signature, which are necessary for the subsequent development.

Merkle tree
Merkle Tree, also known as a "Hash Tree," as the name implies, is a tree that stores hash values. A leave node of a Merkle tree is attached the hash value for a data block. A non-leaf node is attached the cryptographic hash of its corresponding child nodes.
H is a hash function. In the nodes inside, each of H 0 and H 1 has a left child denoted by (i, 0) and a right child denoted by (i, 1). A hash value, which is computed by H(i) = H(Hash(i0), Hash(i1)) is stored by each internal node. Top Hash denotes the root node. It stores a hash value computed by H(H(0), H(1)).

Signature scheme
Digital signature is a digital string that can only be generated by the sender of the information and cannot be forged by others. This digital string is also an effective proof of the authenticity of the information sent by the sender. It is based on public key cryptography and can be used for identification. In general, a digital signature scheme is a tuple of three probabilistic polynomial time (PPT) algorithms Sig = (Sig.Gen, Sig.Sign, Sig.Vrf ) such that: • SIG.Gen: Sig.Gen(1 λ ) takes in a security parameter and outputs a verification key vk and a signing key sk. A complete digital signature should include the following three mechanisms: • The signer cannot deny his signature after signing.
• Others cannot forge a signature.
• If the parties dispute the authenticity of the signature, the validity of signature can be verified by a fair arbitrator.
(2020) 2020:152 Page 5 of 15 Fig. 2 The system structure. The system of our scheme consists regional manager, the communities and users 3 Security model

The system structure
The system of our scheme consists of two parts, i.e., regional manager and the communities and users. Figure 2 shows the system structure.
The regional manager, conducted as the energy management center of a certain region, is responsible for the management and transaction information of the blockchain. It completes the registration of new users and the identity authentication of users in the process of transaction and can trade with other regional managers according to the electricity consumption in the region.
Communities and users can send transaction requests to the regional manager, including buy, sell, and so on, depending on their situation. Because the community and the user have the same functional needs, we treat the community as a user in our system.

Security requirement
In ECAS-BDETS, we assume the user and the regional manager are semi-honest. It means that they will run the protocol honestly, but they will collect information from other users maliciously for forged identity. According to the requirements of the identity authentication scheme, we present security goals for a blockchain-based energy trading system.
• Correctness. We require that the identity authentication process is correct. Namely, if both of the user and the regional manager follow the proposed protocol, the identity authentication can be verified. • Unforgeability. In our scheme, the identity of a legitimate user will not be forged. A forged identity will not pass verification.
• Privacy. User identity information will be hidden. The identity of the user in our scheme is replaced by the value of the root node of a Merkle tree. Neither the regional manager nor other users will know the true identity of the user.

Our construction
ECAS-BDETS consists of two parts: one is the regional manager, anthrone is user. Both the regional manager and the user are considered nodes. We assume that every regional manager has a key pair (Pk M , Sk M ) and the user has a key pair (Pk i , Sk i ). Three operating steps namely, process of journalizing, the user registration, and identity authentication are described as follows.

Process of journalizing
In the accounting process, the consensus mechanism is the most important. In bitcoin, the proof of work (PoW) and the proof of stake (PoS) are used for gaining the right to account. Since our scheme is based on edge calculations, we regard the participants in the blockchain as nodes and use the credit score to obtain the accounting permission. In order to avoid some people have more opportunities to get higher credit score, we randomly select one of the nodes with honor values greater than or equal to k each time.
1. The initial credit score for each transportation is n. In the first round of voting, because the credit score is the same, each node randomly selects a node as the accounting node, and the one with the most votes will be the bookkeeper.
2. If there is a transaction, in the end of every transaction, both parties give each other a score s according to each other's performance in this activity. The score range is 3. Node generates the signature Sign(s, t) for the credit score and sends the signature to bookkeeper, where t is the current time.
4. Bookholder receives the signature; he first checks if the signature is valid. If it is valid, he broadcasts the credit score computed below in the blockchain.
where n is the credit score before this transaction, s is the score in the current accounting period and α is a number with range [ 0, 1], representing a weight value.

Remark 3
This value can be adjusted as needed. If you think the previous credit is more important, you can take a larger value. If you think the current credit score is more important, you can take a smaller value.

User registration
Firstly, a new user should choose a manager which she belongs to and sends the registration request to the regional manager. The regional manager helps her register with her identification through an interactive protocol. The sketch of the protocol as shown in Fig.  3 and detail described as follows.

• User
User O does the following: 1. O generates a tag Tag = tag(name, sk) for her name by using her private key. 2. Then, she encrypts the detailed identity information (i.e. tag, address, email address, phone no.) with the manager's public key, obtained φ 1 = E PK M (Tag,address,emaiaddress,phoneNO.) .
3. Next, O computes the signature Sig(Tag, t r ), where t r is the current time. 4. Finally, O sends the φ 1 and the signature Sig to the manager M.
• Regional manager The regional manager (M) does the flowing while receiving the request: 1. M decrypts the φ 1 and obtains the user's information including: {Tag, address, emaiaddress, phoneNO.}.

2.
Then, M checks if t r and the signature Sig are valid. Fig. 3 Sketch of the protocol. This is an interactive protocol between the regional manager and the user The user's registration process is shown in Fig. 4.

Remark 4
In order to protect the privacy of user, we hide the user's name by using Tag. The user generates a Tag for her name by using her private key.

Remark 5
There are many details information of the user. For the sake of simplicity, we have only selected four parameters Tag, address, emaiaddress, phoneNO.. The case of multiple parameters can be obtained in the same way.

Remark 6
For the sake of simplicity, we only generated tag for name to hide user's name information. In fact, one can create tags for any information to be hidden.

Identity authentication process
When a transaction is made between the user and the region manager, the region manager first authenticates the user's identity. To this end, we construct the following protocol. The main idea is shown in Fig. 5.
If all valid, user authentication is verified. The transaction can be done with this user.

An example
Any secure encryption and signature scheme, such as identity-based, attribute-based, lattice-based, and encoding-based signature schemes, can be used in our authentication scheme. We take the encryption and signature scheme based on elliptic curve based on discrete logarithm as an example to illustrate the workflow of our scheme.

Key generation algorithm
Let G be the generator of the elliptic curve. The key pairs are generated for users and managers as follows: The public key is K, and the private key is k.
Assume that user O has the public/private key pair (k O , K O ) and manager M has the bookkeeping authority and has the public/private key pair (k M , K M ). The details of user registration and identity authentication process are as follows.

User registration
• User

Calculate
where r ∈ Z q is random number. 3. Generate where r ∈ Z q is random number. Then, Sig = (R, S). 4. Finally, O sends the φ 1 and the signature Sig to the manager M.
• Regional manager The regional manager (M) does the flowing while receiving the request: (2020) 2020:152 Page 13 of 15 -TagQuery Assume that C can make query on Tag, F maintains the list L Tag to store the answers. When C makes a query on Tag, F checks if the query can found in the list L Tag ; if yes, return the answer to C ; otherwise, F returns the random value. -SignQuery C also makes signature query on Tag. F can simulate the signature. Then, the adversary can output a forged signature σ * on Tag * . -Finally, F can solve the hard problem that the signature schemes depend on.

• Identity authentication process
We consider it in two cases.
-The adversary C can forge a signature This is similar to the user registration process. If the adversary can output a forged signature σ * on Tag * . Then, F can solve the hard problem that the signature schemes depend on. -The adversary C can forge a Hash value It is well known that hash functions are collision resistant. So, no adversary can forge the H 0 unless the hash function can be solved.

Theorem 3
The proposed scheme can realize the privacy protection of user identity.
Proof In our scheme, the user's name is hidden in the Tag. Everyone only knows the tag, but they do not know the user's true identity. If the adversary C can obtain the name of the user, it means that the encryption scheme has been breached. That is impossible since the user generates a Tag for her name by using her private key. Therefore, our scheme can protect the privacy of our users.

Results and discussion
In terms of function, our scheme is compared with some existing schemes. The authors used a variety of patterns that provide authentication only in a centralized manner in [28][29][30][31], and third parties are used in a variety of applications. In our scheme, we use blockchain technology to provide authentication and can used for all engine trading systems. Also, our scheme is independent of third party and is a peer-to-peer network. The brief summary of this comparison is given in Table 1. Table 1, tech. and app. mean the technique used and the application scenario of these schemes, respectively.

Conclusion and future work
In this paper, we proposed a general authentication scheme to solve the problem of identity authentication in blockchain-based energy trading system. The digital signature technology, time stamp, and Merkle tree are used to ensure that the identity of legitimate users cannot be forged in our scheme. Moreover, to avoid regional managers with more transactions which tend to get higher credit score, we use the proof of stake (PoS) plus credit score to complete the bookkeeper selection and randomly select one of the managers with honor values greater than or equal to k each time in the process of journalizing.
In future work, we will continue to study the application of the scheme in other areas.
Abbreviations DLT: Distributed ledger technology; P2P: Peer-to-peer; IoT: Internet of Things; PoW: Proof of work; Pos: Proof of stake