Data Sharing Scheme of Smart Grid Based on Identity Condition Proxy Re-Encryption

Abstract

A large amount of high-value data are stored in smart grid data centers, but since the resource diversity of a single data center is limited, data sharing becomes especially important in conducting an effective data mining process. However, traditional data-sharing models often use centralized schemes without authentication of the shared objects, making it difficult to establish trust relationships and ensure data privacy. This makes it difficult to break through the problem of data islands. To solve the above problems, this paper proposes a blockchain-based data-sharing incentive model for edge smart grid scenarios. First, the model uses blockchain and proxy re-encryption technology to achieve the security and traceability of the smart grid data-sharing process. Secondly, the data-sharing incentive algorithm is designed using game theory to maximize the willingness of data owners to share data. Finally, the model in this paper is compared and analyzed with other existing data-sharing models, and the designed performance test shows that the scheme in this paper has significant advantages over the other literature schemes in terms of functionality and computational overhead, and the increase in costs is not significant, and the model can meet the requirements for large-scale data sharing in edge smart grid scenarios.

1. Introduction

At present, smart grid, new power equipment, and electric power information systems are in a rapid development stage, but there are still great deficiencies in the security management of smart grid data. First, the source of smart grid data are complex, and the data structure is quite different [1]. For example, the smart grid includes a data acquisition and monitoring control system (SCADA), power production system (PPS), power dispatching system (PMS), and other independent smart grid data management systems that cover a series of processes of power transmission, transformation, distribution and sales of power grid enterprises [2,3,4]. In the face of these heterogeneous data from a wide range of sources, differentiated management is required. Secondly, the rapid development of big data applications has created increasingly high requirements for data sharing and transmission and poses more challenges to data security [5]. The above smart grid data management systems are used to collect and process various kinds of power data, which has high research value. However, these systems are developed and applied at different times, and they are in a relatively independent state in the operation. How to share data and information safely and traceably while protecting data privacy has become a current research hotspot. Finally, traditional data-sharing solutions focus on third-party organizations and face problems such as the untraceable authenticity of data sources, the opaque flow of data sharing, and easy disclosure or tampering of data. The above problems lead to extremely difficult data sharing within the power grid enterprises, forming the “information island” phenomenon of power data, which is not conducive to optimizing the power grid operation state and mining the potential value of data [6]. How to address these problems is the key challenge in designing the data-sharing system.

The emergence of blockchain technology provides a new solution for the safe sharing of smart grid data [7]. In essence, blockchain is a distributed database. First of all, the tamper-proof feature of the data on the blockchain ensures the transparency of the data-sharing process so that users can clearly know the sharing and transmission process of all data, which eliminates the possibility of illegal use of data [8]. Secondly, the combination of blockchain and proxy re-encryption (PRE) technology can achieve secure data sharing [9]. Finally, the incentive mechanism for data sharing is written into the blockchain smart contract, which can use the nature of automatic execution of the smart contract to standardize the entire process of data sharing and incentive [10]. Through the above description, building a smart grid data-sharing incentive platform based on the blockchain can effectively expand the scale of data management and standardize the process of data management.

In the traditional proxy re-encryption scheme, the proxy server has strong authority to convert ciphertext [11]. As long as the data holder generates the corresponding conversion key, the proxy server can convert all ciphertext uploaded by the data owner or even conspire to share data with other users. At the same time, the traditional proxy re-encryption scheme does not support the sharing of ciphertext data fineness [12], which is difficult to adapt to the needs of specific users. Therefore, the literature proposed a conditional proxy re-encryption to solve the above problem [13]. Specifically, a conditional parameter is embedded in the ciphertext and re-encrypted key to limit the proxy server’s ability to convert ciphertext. For the data holder, it can effectively resist the collusion attacks launched by the proxy server and other users, and the data sharing parties can embed different conditional parameters in the conversion key to achieve the designated sharing of ciphertext.

Therefore, we propose an identity-based proxy re-encryption-based smart grid data sharing scheme to overcome the security and privacy protection challenges in traditional smart grid data sharing schemes. By using identity information as a public key, generating private keys for users using a private key generator, and embedding conditional parameters in the ciphertext and re-encryption keys, this scheme enables fine-grained control over the data-sharing process, thereby enhancing the security and traceability of data-sharing. In addition, this scheme can effectively reduce the cost and improve the efficiency of data sharing, which is of great significance for the sharing and processing of large amounts of data in smart grids. Specifically, the contribution of the article is described below:

(1)

An innovative identity-based conditional proxy re-encryption scheme is adopted to simplify certificate management in PRE. This scheme treats identity information as a public key, eliminating the need for additional public key infrastructure.

(2)

Introduced a private key generator for identity verification, generating private keys for users and ensuring key security, avoiding reliance on traditional public key infrastructure.

(3)

Embedding a conditional parameter in the ciphertext and re-encryption key limits the proxy server’s ability to convert ciphertexts. Data-sharing parties can embed different conditional parameters in the conversion key to achieve specified shared ciphertexts, thereby supporting data granularity sharing.

(4)

Transfer part of the decryption cost to the user while proposing methods to reduce security risks and improve checkability. This scheme significantly reduces the cost of message initiators in the case of group member changes (i.e., condition value changes).

2. Related Works

2.1. Blockchain Technology in Secure Data Sharing

The decentralization, immutability, and transparency of blockchain technology ensure the security, reliability, and trustworthiness of data. Its application has gradually gained attention in the field of data security sharing, providing new ideas and methods for solving security and privacy issues in data sharing. Wang et al. [14] proposed a data security sharing network system using blockchain technology, but it adopts a centralized storage method with low storage efficiency. Li et al. [15] proposed a blockchain-based education record security storage and sharing scheme, which adopts a strict access mechanism for nodes, and smart contracts are used to regulate the data-sharing process between nodes. However, its off-chain storage still relies on centralized databases. The centralized data-sharing model often consumes a lot of communication overhead and computational cost, and its security basically depends on whether the central database complies with the agreement. Therefore, centralized data sharing is not suitable for a smart grid, and distributed data sharing based on blockchain is obviously a better choice.

Sun et al. [16] proposed a distributed data-sharing system for IoT based on blockchain, using distributed machine learning methods to classify and process different types of data, which reduces network complexity and improves system scalability. Wu et al. [17] proposed a secure storage and sharing system for smart grid data based on the federated chain, which realized the effective and secure storage of smart grid data, but there were efficiency problems caused by block “bloat” and data redundancy.

In the above scheme, repeated encryption of data are required whenever the access rights of blockchain transaction data change, which may increase the overhead and complexity of the system. Therefore, there is a need to explore and investigate further how to combine blockchain technology with more efficient encryption techniques to optimize the performance and security of data-sharing systems.

2.2. Proxy Re-Encryption Techniques in Data Sharing

In traditional encryption schemes [17], if the data owner wants to share encrypted data with other users, they need to inform the receiver of the decryption key. However, this approach poses security risks, as the receiver may abuse the decryption key or leak it to unauthorized users. Proxy re-encryption is a technique that allows a trusted third party (proxy) to re-encrypt encrypted data without decrypting the original data. This technique can be used to implement more fine-grained data access control and stronger data protection.

2.2.1. Proxy Re-Encryption

Proxy re-encryption (PRE) [18] is a public key encryption scheme. Data holder A entrusts data decryption capability to data requester B and re-encrypts the ciphertext according to the public key of data holder A in a semi-trusted proxy environment. Data requester B can use its private key to decrypt the re-encrypted ciphertext.

Proxy re-encryption has been favored by many scholars since it was proposed, and many improved schemes have been applied to data sharing. Lin et al. [18] proposed an outsourcing-oriented proxy re-encryption scheme for IoT cloud data security, which supports a bi-directional multi-hop function, the ciphertext length is independent of the number of IoT nodes, and the re-encryption process only requires one exponential calculation, which greatly saves the computational overhead. Gao et al. [19] proposed a blockchain-based IIoT data security sharing scheme in a pervasive edge computing environment, combined with an identity-based agent re-encryption scheme and designed a series of smart contracts to achieve secure data sharing among devices in an edge computing environment, and used blockchain to solve the problem of centralized SDN networks and suffering from a single point of attack.

2.2.2. Identity-Based Proxy Re-Encryption

Identity-based proxy re-encryption (IBPRE) [20] is an improvement on the PRE scheme. Data holder A takes the identity information as the public key, and no additional public key infrastructure is required. In this process, data holder A only needs to encrypt the data once to obtain the ciphertext. Later, whenever someone requests A’s data, A only needs to send the ciphertext and re-encryption key to the proxy server to perform the re-encryption step. Data holder A no longer needs to download and decrypt the ciphertext, which simplifies the data-sharing process.

Green et al. [20] introduced identity-based encryption (IBE) into proxy re-encryption and designed the first identity-based proxy re-encryption scheme, in which users en-crypt data using identity information, and the proxy transforms the ciphertext encrypted by the data holder’s identity information into the ciphertext encrypted by the data user’s identity information, which greatly simplifies the system structure. Shao et al. [21] proposed a conditional proxy re-encryption scheme that embeds a conditional parameter in the ciphertext and re-encryption key to limit the ciphertext conversion capability of the proxy server, which is effective for the data holder to resist collusion attacks launched by the proxy server and other users, and the data sharing parties can embed different conditional parameters in the conversion key to achieve specified sharing of ciphertexts. Paul et al. [22] proposed a provably secure bilinear pair-free conditional agent re-encryption scheme with fine-grained delegation control on the data, which greatly reduces the computational overhead and achieves modularity. Xiong et al. [23] proposed a one-way multi-hop conditional proxy re-encryption scheme with strong unforgeable signatures to achieve CCA security under the standard model while keeping the ciphertext length fixed. Yao et al. [24] proposed an identity-based conditional proxy re-encryption scheme for cloud data secure sharing scheme by adding a ciphertext evolution function to support updating the ciphertext after changing the identity key as well as implementing an authorization revocation function, and its efficiency and security do not become significantly lower, so the scheme is also applicable to other key update scenarios. Weiwei Ye et al. [25] proposed an identity-based conditional agent re-encryption scheme, which implements agent authority control at the delicate level, and the scheme is more efficient and secure. Li et al. [26] proposed a gated conditional anonymous agent re-encryption scheme, which verifies the conditions of ciphertext and re-encryption key simultaneously anonymizes sensitive information, and distributes the re-encryption to multiple agent nodes for completion using gating, which effectively resists collusion attacks, and in addition, this scheme also solves the problem of ignoring the re-encryption key validity in the scheme of Paul et al.

2.3. Summary and Analysis

Although blockchain technology and proxy re-encryption schemes have been widely applied in the field of data sharing, there is still a lack of effective solutions to combine the two in smart grid application scenarios to address data security and privacy issues in the process of data sharing. Therefore, this article adopts a distributed storage and verification mechanism based on blockchain technology to ensure the authenticity and integrity of data and introduces an identity-based proxy re-encryption scheme to achieve finer-grained data access control.

This paper uses the IBPRE algorithm for three reasons. First, the IBPRE scheme effectively guarantees the security and privacy of data sharing between two physical devices in heterogeneous and untrusted networks [24]. Secondly, the device encrypts its data through IBPRE and stores it in the ECS. When sharing with other devices, it does not need to download encrypted data, simplifying the data-sharing process [25]. Third, IBPRE is an improvement on PRE. It gets rid of PKI and simplifies certificate management in PRE [24]. However, IBPRE requires a private key generator (PKG) to authenticate users, generate private keys for users, and maintain keys [15].

If curious or malicious members control the PKG, they will be able to access the user’s data. In order to solve this problem, the identity center of the certificateless cryptosystem is used to provide identity certificates for various nodes in the system. With this identity certificate, various nodes involved in smart grid data sharing can authenticate the role in the request and reply. At the same time, the certificateless cryptosystem provides partial key pairs for various nodes in smart grid data sharing, synthesizes complete key pairs at the nodes, and publishes them in the blockchain. It is used for encrypting and decrypting information. The blockchain is used to manage the encryption key of the device data and record the access to the key to achieve accountability and enhance data security. The proxy re-encryption steps are as follows:

(1) A uses the public key as $p{k}_A$ its identity to encrypt its data M, and obtains the ciphertext C_A.

(2) When A wants to share data M with B, a heavily encrypted key $\mathrm{Re}key$ can be generated through its private key $s{k}_A$ and B’s public key $p{k}_B$.

(3) A sends C_A and $\mathrm{Re}key$ to proxy server, which can be an edge server.

(4) The proxy server $\mathrm{Re}key$ is re-encrypted C_A to obtain C_B, and will be C_B sent to B.

(5) B decrypts with its private key $s{k}_B$ and finally obtains the data M.

3. Re-Encryption Data Sharing Scheme Based on Blockchain and Identity Condition Agent

3.1. System Model

Taking the sharing between smart grid data centers as an example, this paper discusses a data-sharing model based on blockchain and identity conditional proxy re-encryption. The entities in the model include data owner A, data requester B, proxy server, Data Management Center, Hyperledger Fabric, and InterPlanetary File System. Before introducing the system model in detail, the main symbol definitions are first given. The symbols are shown in

Table 1. Symbol description table.

Symbol	Meaning
IBPRE	a data-sharing model based on blockchain and identity conditional proxy re-encryption
DMC	Data Management Center
Blockchain	Hyperledger Fabric
IPFS	InterPlanetary File System
CA	Certificate Authority
PKG	Private key generator
ECS	Elastic Compute Service

.

Data owner A: holds the data to be stored or shared. The smart grid data center scenario refers to all kinds of multi-source heterogeneous data collected by the edge server from various business systems of the smart grid.

Data requester B: data users from the same data center or other heterogeneous data centers. In the smart grid scenario, they are usually institutions such as electric power science academies or research institutes, or they can be other edge servers of homogeneous domains or heterogeneous domains in the edge environment.

Proxy server: The proxy server can be an ECS or an edge server with a certain storage capacity. As a semi-trusted third-party agent, it runs the re-encryption step in IBPRE. Specific functions include: (1) storing the ciphertext data and corresponding encryption parameters from data holder A, (2) searching the corresponding data according to the keywords provided by data requester B, and returning the address information and encryption parameters of data holder A to data requester B, (3) determining whether the data requester has the right to download data, and sending the address information and request information of the data requester to the blockchain. The blockchain verifies the permissions and generates logs of the request results to be uploaded.

Blockchain: Blockchain includes two functions in this model. First, the encryption key and other important data are stored to achieve system security; second, log records are maintained during sharing for auditing and sourcing.

DMC: DMC is a trusted authority that assigns identity to users entering the system, returns the private key and level information to users through a secure channel, executes algorithms to generate proxy re-encryption keys embedded in the shared condition set for users, and uploads user information to the proxy server. DMC needs to monitor the level information and revocation information of users in the system in real-time. Once the user level changes, it needs to update the identity information for users in a timely manner.

IPFS: a point-to-point distributed file system. The encrypted file uploaded to IPFS will get a unique hash string after hash calculation, through which data can be quickly retrieved. Because of the limitations of storage space and transaction speed on the blockchain, IPFS is usually selected to achieve permanent distributed power data storage and sharing.

In this framework, the IBPRE algorithm is combined with the Fabric platform, and IBPRE is used in complex networks to achieve safe data-sharing between two entities. Fabric is used to store the IBPRE encryption key and record all the events that occur during the sharing process. It manages the PKG in IBPRE through Fabric CA, which is controlled by the CA and is only responsible for generating the key for the user. At the same time, Fabric CA is used to verify the user’s identity, send requests to the PKG, and receive responses from the PKG. The smart grid data-sharing system framework is shown in Figure 1.

3.2. Security Mode

The security of the scheme in this paper is based on the proxy re-encryption algorithm. This section first constructs the security model of the algorithm, which is described as follows:

(1) Initialization: Challenger C creates the IND-CPA system and sends the public key to the adversary A.

(2) Query stage 1: The enemy has known all public parameters and can query the following process: $KeyGen$, $RKGen$, $ReEnc$.

① Key query: the enemy can query the key from user $i\in U,j\in V$, and can get the private key and the public key.

② Re-encryption key query: the enemy hand performs a re-encryption encryption key query to any two users.

③ Re-encryption query: the enemy re-encrypts any two users $i,j$, and the challenger runs the re-encryption algorithm to output the ciphertext C.

(3) Adversary A selects two plaintexts $m_0,m_1$ of the same length to send to Challenger C, and Challenger C randomly selects $b\in \left\{0,1\right\}$ and records the $m_b$ encryption as $C_b$, and then sends the ciphertext $C_b$ to Adversary A.

(4) Query phase 2: The enemy hand queries as shown in the query phase 1.

(5) Adversary A guesses whether the plaintext encrypted by challenger C in the previous step is $m_0$ or $m_1$, and outputs the guess result as $b^{\prime }$. If $b^{\prime }=b$, the Adversary A attack is successful. The advantage of an adversary’s attack can be defined as the following function:

$$Ad{v}_{\epsilon ,A}^{IND-CPA}\left(\omega \right)=\left|pr\left[b=b^{\prime }\right]-\frac{1}{2}\right|$$

where $\omega$ is the length of the encryption key. Since random guess has the probability of winning the IND-CPA game, it is the advantage that the adversary has obtained through hard work.

If there is an ignorable advantage for Adversary A at any polynomial time $\sigma$, satisfying $Ad{v}_{\epsilon ,A}^{IND-CPA}\left(\omega \right)\le \sigma$ then this encryption algorithm is said to be indistinguishable under the selected plaintext attack [26].

3.3. Formal Definition of Scheme

This section first gives the definition of an identity-based multi-conditional proxy re-encryption scheme [14]. This scheme includes ten basic algorithms:

(1) $Setup\left(1^{\lambda }\right)\to \left(msk,params\right)$: The system inputs a security parameter $\lambda$, and outputs the key $msk$ and public parameters $params$.

(2) $KeyGen\left(msk,params,I{D}_i\right)\to p{k}_i,s{k}_i$: the system inputs the user’s identity information $I{D}_i$, and the system outputs the user’s public key $p{k}_i$ and private key $s{k}_i$

(3) $En{c}_2\left(m,p{k}_i\right)\to C_i$: the system inputs plaintext m, proxy re-encryption conditions $\varpi$ and user i’s public key $p{k}_i$, and the system outputs layer 2 ciphertext $C_i$.

(4) $\mathit{Re}KeyGen\left(s{k}_i,p{k}_j,\omega ,params\right)\to R{K}_{i\stackrel{\omega }{\to }j}$: the system inputs the user i’s private key $s{k}_i$, the user j public key $p{k}_j$ jpk and the proxy re-encryption condition $\varpi$, and the system outputs the proxy re-encryption key $R{K}_{i\stackrel{\omega }{\to }j}$.

(5) $\mathit{Re}Enc\left(R{K}_{i\stackrel{\omega }{\to }j},C_i\right)\to C_j$: the system inputs the proxy re-encryption key $R{K}_{i\stackrel{\omega }{\to }j}$ and the layer 2 ciphertext $C_i$ for user i, and the system outputs the layer 1 ciphertext $C_j$ for user j.

(6) $En{c}_1\left(m,\varpi ,p{k}_j\right)\to C_j$: the system inputs plaintext m, proxy re-encryption condition $\varpi$ and user j’s public key $p{k}_j$, and the system outputs layer 1 ciphertext $C_j$ for user j.

(7) $De{c}_2\left(s{k}_i,C_i\right)\to m$: the system inputs the user I private key $s{k}_i$ and the layer 2 ciphertext $C_i$, and the system outputs the plaintext m.

(8) $De{c}_2\left(s{k}_i,C_i\right)\to m$: the system inputs the user j private key $s{k}_j$ and the layer 1 ciphertext $C_j$, and the system outputs the plaintext m.

(9) $Update\left(I{D}_i,R{K}_{i\stackrel{\omega }{\to }j},\omega \right)\to {\omega }^{\prime }$: enter user i information $I{D}_i$ in the system, the proxy re adds the secret key $R{K}_{i\stackrel{\omega }{\to }j}$ and the condition $\varpi$, and the system outputs the new condition ${\varpi }^{\prime }$.

(10) $\mathit{Re}voke\left(I{D}_j,R{K}_{i\stackrel{\omega }{\to }j}\right)\to Null$: enter user j identity information $I{D}_j$ and proxy re-encryption key $R{K}_{i\stackrel{\omega }{\to }j}$ in the system, and the system outputs null function.

3.4. Scheme Process

This scheme is based on the smart grid data center sharing model introduced in Section 3.1 and describes the sharing process when one data center user (data owner) and another data center user (data requester) have data-sharing needs. As shown in Figure 2.

3.4.1. Sharing Preparation Phase

In the preparation stage of data-sharing, three operations should be completed: system parameter generation, key generation, power data encryption, and upload [15]. The specific steps are as follows:

(1) According to the security parameters $1^{\lambda }$, the data management center performs the initialization algorithm $Setup\left(1^{\lambda }\right)\to \left(msk,pp\right)$ to generate the system key msk and public parameters pp. A set of large primes q and integers $Z_q$, $G,G_T$ is two cycle groups based on the large prime bilinear pair of the order, where $G\times G\to G_T$, g is the generation element G, constructing four collision-resistant hash functions $H_0:{\{0,1\}}^{*}\to Z_q$, $H_1:{\left\{0,1\right\}}^{\ast }\to G$, $H_2:G\to Z_q$, $H_3:G\to {\left\{0,1\right\}}^{\ast }$ Output the system public parameters $pp=\left\{\left(q,G,G_T,e\right),g,H_0,H_1,H_2,H_3\right\}$. Select the random $s\in Z_q$ number output $msk=\left\{s\right\}$ as the system key, pp broadcast in the system, initialize the blockchain network, and complete the deployment and compilation of the smart contract. Once the deployment is completed, the smart contract will independently execute and participate in the whole process of data-sharing.

(2) Data owner and request to the data management center registration application, obtain its identity $I{D}_i,I{D}_j$, data management center execution key generation algorithm $KeyGen\left(msk,pp,I{D}_i,I{D}_j\right)\to \left(p{k}_i,s{k}_i,p{k}_j,s{k}_j\right)$ for data-sharing to generate public and private key pair $p{k}_i,p{k}_j,s{k}_i,s{k}_j$, through the security channel sent to the corresponding user $s{k}_i,s{k}_j$, considering the block chain security regulatory issues, data management center to establish data-sharing mapping between user identity and private key mapping table for anonymous sharing process traceability. The data owner and data requester calculate the acquisition key $s{k}_i=H_0{\left(I{D}_i\right)}^s$, $s{k}_j=H_0{\left(I{D}_j\right)}^s$.

(3) The scheme defines that CPRE has two types of encryption. The second level of encryption generates a ciphertext that does not allow heavy encryption, so the second level of ciphertext is generated without a conditional value. The first level of ciphertext is used to generate a heavy encryption ciphertext, so it is necessary to embed the conditional value of the control decryption permission. Users can select the encryption level based on the importance of the data. The first and second level encryption algorithms are as follows:

① First the data owner performs the layer 2 encryption algorithm $En{c}_2\left(m,p{k}_i,pp\right)\to C_i$ to generate the layer 2 ciphertext and upload it to the IPFS. Random selection $R\in Z_q$, computational generation of layer 2 ciphertext $C_i=\left(C_1,C_2,C_3,C_4\right)$, $C_1=g^r$, $C_2=R\cdot e{\left(g,p{k}_i\right)}^{s\cdot H_3\left(p{k}_i^{-s}\right)}$, $C_3=m\oplus H_4\left(R\right)$, $C_4=g^{s\cdot H_3\left(-s\cdot s{k}_i\right)\cdot H_3\left(p{k}_i\right)}$.

② The data requester then performs the layer 1 encryption algorithm $En{c}_1\left(m,\varpi ,p{k}_j,pp\right)\to C_j$ to generate the layer 1 ciphertext $C_j$ and upload it to the IPFS server, and the IPFS returns the hash value to be stored on the blockchain. Specifically, randomly selected $R\in Z_q$, computationally $r=H_1\left(m,R\right)$ generated layer 1 ciphertext $C_j=\left(C_1,C_2,C_3,C_4\right)$, $C_1=g^r$, $C_2=R\cdot e{\left(p{k}_i,g^s\right)}^{H_1\left(\varpi \left|\right|H_4\left(C_4\right)\right)}$, $C_3=m\oplus H_4\left(R\right)$, $C_4=g^{s\cdot H_3\left(-s\cdot s{k}_i\right)}$.

3.4.2. Shared Agent Phase

In the data-sharing request stage, sharing request submission and verification, re-encryption condition construction and upload, and agent re-encryption key generation should be completed. The specific steps are as follows:

(1) Data requester with its $I{D}_B$ to the data holder sends a data request and attach his signature, the two sides negotiate to determine the Shared data F, and then the Shared data F hash calculation gets file hash, that is $F_{hash}=H_{512}\left(F\right)$. Here adopted the SHA-512 hash algorithm for raw power data hash calculation generated file path storage to the blockchain to quickly verify the data integrity. The data management center invokes the smart contract to use the $I{D}_B$ query blockchain to check whether there is a re-encryption key $R{K}_{i\stackrel{\varpi }{\to }j}$ for the data requester, or to terminate operations if present, otherwise to proceed with step 2.

(2) The data management center determines the legality of the sharing and records it to the blockchain. Then the data management center builds the heavy encryption conditions $\varpi$ according to the identities of both parties in the data-sharing, and then uploads the conditions $\varpi$ secretly to the proxy server for preservation.

(3) The data owner private key generates the conditional $\varpi$ agent re-encryption key. The process is divided into three parts: first, the data owner randomly selects $s\in Z_q$, and then calculate $DK=g^{-s\cdot s{k}_i}$; second, the data owner obtains the identity information of the data requester for the calculation $\left\{p{k}_j^{H_3\left(DK\right)},D{K}^{H_3\left(p{k}_j\right)}\right\}$; then the data holder performs the re-encryption key generation algorithm $\mathit{RekeyGen}\left(s{k}_i,p{k}_j,\varpi ,pp\right)\to R{K}_{i\stackrel{\varpi }{\to }j}$ to generate the agent re-encryption key $R{K}_{i\stackrel{\varpi }{\to }j}$. The final trigger smart contract $R{K}_{i\stackrel{\varpi }{\to }j}$ will be uploaded to the proxy server in a specific form.

$$R{K}_{i\stackrel{\varpi }{\to }j}=\left(r{k}_1,r{k}_2\right)$$

(1)

$$r{k}_1={\left(p{k}_j^{H_3\left(DK\right)}\right)}^s$$

(2)

$$r{k}_2=D{K}^{H_3\left(p{k}_j\right)}$$

(3)

3.4.3. Shared Execution Phase

The shared execution stage includes two steps: agent re-encryption, ciphertext download and decryption, as follows:

(1) The proxy server performs the re-encryption process, and generates the re-encryption ciphertext according to the sharing conditions of the data holder and the identity of the data requester $I{D}_j$. The initial ciphertext will be converted into the first level of ciphertext that can be decrypted by the data requestor details are as follows:

$$CT=\left(\overline{C_1},\overline{C_2},\overline{C_3},\overline{C_4}\right)$$

(4)

$$\{\begin{array}{l}\overline{C_1}=C_1\\ \overline{C_2}=R\cdot C_2\cdot e\left(g,r{k}_2^{H_1\left(\varpi \left|\right|H_4\left(C_4\right)\right)}\cdot r{k}_1\right)\\ =R\cdot e{\left(g,g\right)}^{s\cdot s{k}_i\cdot H_3\left(p{k}_j\right)\cdot H_1\left(\varpi \left|\right|H_4\left(C_4\right)\right)}\cdot e\left(g,g^{-s\cdot s{k}_i\cdot H_1\left(\varpi \left|\right|H_4\left(C_4\right)\right)}\cdot p{k}_j^{s\cdot H_3\left(g^{-s\cdot s{k}_i}\right)}\right)\\ =R\cdot e\left(g,p{k}_j^{s\cdot H_3\left(g^{-s\cdot s{k}_i}\right)\cdot H_3\left(p{k}_j\right)}\right)\\ \overline{C_3}=C_3=m\oplus H_4\left(R\right)\\ \overline{C_4}=C_4=g^{s\cdot H_3\left(-s\cdot s{k}_i\right)}\end{array}$$

(5)

(2) After the proxy server to complete the encryption operation generate new ciphertext and notify the data requester, data requesters can entrust a proxy server for partial decryption, specifically, the data requester first calculate a random secret factor $\gamma \in Z_q$, and then calculate $sf=g^{s\cdot H_3\left(g^{-s\times s{k}_i}\right)\cdot -s{k}_j\cdot H_3\left(p{k}_j\right)\cdot \gamma }$, and then sent $\gamma ,sf$ to the proxy server, proxy server perform partial decryption $CT=C_2\cdot e\left(g,sf\right)=R\cdot e{\left(g,g\right)}^{-\gamma }$. Data requestor decrypts the level 1 ciphertext: calculate $R=CT\cdot e{\left(g,g\right)}^{\gamma },$$m=C_3\oplus H_3\left(R\right)$, you can get the clear text, and then check $g^{H_1\left(m,R\right)}=C_1$ whether it is true, if true, then the data requestor finally gets the required data. Similarly, the data requester can also use the same way to directly decrypt the secondary ciphertext: calculate $R=C_2\cdot e{\left(g,C_4\right)}^{-s{k}_j}$, $m=C_3\oplus H_3\left(R\right)$ you can obtain the clear text, and then check $g^{H_1\left(m,R\right)}=C_1$ whether it is valid to verify the validity of the data.

3.4.4. Sharing Condition Update and Undo Phase

When the user sharing requirements change, the data management center needs to update the user data-sharing scope by changing the re-encryption conditions $\varpi$. The specific steps are as follows:

(1) The data management center monitors the user identity and sharing requirements in real-time. If the shared object and scope change, the new user identity information will be uploaded to the proxy server, and the conditions ${\varpi }^{\prime }$ will be rebuilt according to the new identity;

(2) The proxy server performs the condition update algorithm $Update\left(I{D}_i,R{K}_{i\stackrel{\omega }{\to }j},\omega \right)\to {\varpi }^{\prime }$ to update the agent-heavy encryption key $R{K}^{\prime }$ for the user.

(3) When the data user needs to cancel the account, they shall submit the cancellation application to the data management center. The data management center needs to cancel the user’s sharing relationship in the proxy server in a timely manner to prevent the abuse of resources. Specifically, the proxy server performs the cancellation algorithm $Revoke\left(I{D}_j,R{K}_{i\stackrel{\omega }{\to }j}\right)\to Null$ so that all user operations are outputted Null. At this time, the user identity information is still retained in the system, but no operation can be carried out.

4. Security Analysis

When the user-sharing requirements change, the data management center needs to update the user data-sharing scope by changing the re-encryption conditions $\varpi$. The specific steps are as follows:

Theorem 1:

If there exists an adversary A that breaks the encryption scheme of this paper in polynomial time (PPT) with a non-negligible advantage, then it must be possible to construct a PPT adversary that solves the DBDH hard problem in bilinear pair mapping with a non-negligible advantage.

Proof: 

simulate the game process between the adversary A and the challenger C under the choice of explicit attack, as follows:

Initialization phase: The challenger C runs the Setup algorithm to create the system’s public parameters pp, which are subsequently sent to the adversary A.

Query Phase1: The adversary A submits the following query request to the challenger C:

Key generation query: For a randomly submitted identifier $I{D}_n$ by the adversary A, if the corresponding tuple $\left(I{D}_n,p{k}_n,s{k}_n\right)$ already exists on the list L_K, the challenger directly sends s_kn to the adversary A; if it does not exist, the challenger C runs the $KeyGen$ algorithm to regenerate the private key s_kn and sends it to the adversary A, and then records it to the list $L_K\frac{-b\pm \sqrt{b^2-4ac}}{2a}$.

Re-encryption key generation query: for an identifier $I{D}_n$ submitted by the adversary above, if the corresponding tuple already exists on the list, the challenger sends it directly to the adversary; if not, the challenger C runs the $ReKeyGen$ algorithm to generate the re-encryption key $R{K}_n$ and sends it to the adversary A, and then records it in the list $L_R$.

Challenge phase: Adversary A chooses a public key and two messages $m_0$, which have the same length and $m_1$ sends to the challenger C, challenger randomly chooses $b\in \left\{0,1\right\}$ and executes an Enc algorithm to encrypt the $m_b$ with the above public key into a challenge ciphertext $C_b$ and then sends the challenge ciphertext $C_b$ to the adversary A.

Guessing phase: The adversary A outputs a guess $b^{\prime }\in \left\{0,1\right\}$. If $b=0$, the adversary A advantage is $\epsilon$, then $pr\left[b=b^{\prime }\right]=\frac{1}{2}+\epsilon$. If $b=1$, $pr\left[b=b^{\prime }\right]=\frac{1}{2}$, so the challenger has the advantage in the game:

$$Ad{v}_{\epsilon ,A}^{IND-CPA}\left(\omega \right)=\left|pr\left[b=b^{\prime }\right]-\frac{1}{2}\right|=\left|\frac{1}{2}\left(\frac{1}{2}+\epsilon +\frac{1}{2}\right)-\frac{1}{2}\right|=\frac{\epsilon }{2}$$

where is the length of the encryption key.

Therefore, if an adversary A defeats this scheme by a non-negligible advantage, there must exist a challenger C who can solve the DBDH hard problem in polynomial time and this scheme satisfies the CPA security.□

Theorem 2:

The scheme is proved to be CCA—secure by satisfying the security of the scheme to the DBDH problem under the random oracle model.

Proof: 

Given the multiplicative cyclic group $(G,G_T)$ and DBDH instances $\left(g,g_a,g_b,g_c,Q\right)$ on $(G,G_T)$, the scheme in this paper is CCA—secure if the DBDH assumption holds. □

Proof: 

If there exists an attacker A who can break the scheme of this paper with a non-negligible advantage, then there must also exist an algorithm B who can break the DBDH assumption with a non-negligible advantage. According to the security model, the interaction between Algorithm B and Attacker A is as follows.

(1) Initialization. B randomly chooses $\alpha \in Z_q^{}$, such that $u=g^{\alpha }$, $g_1=g^a$, and B hands the system parameters $\left\{\left(q,G,G_T,e\right),g,H_1,H_2,H_3,H_4\right\}$ to A. where $H_1$ is the random prediction machine controlled by B.

(2) $H_1$ query. B keeps an initially empty list $L_1$ with the record format $(ID,pk,\lambda ,\beta )$. A enters the $I{D}_i$ query, and B first queries Lwhether $(I{D}_j,p{k}_j,{\lambda }_j,{\beta }_j)$ exists in $L_1$, and if so, returns $p{k}_i$; otherwise, B sets ${\lambda }_i\in \{0,1\}$ such that $Pr[{\lambda }_i=0]=\theta$ an $Pr[{\lambda }_i=1]=1-\theta$. B randomly selects ${\beta }_i\in Z_q^{*}$, and if ${\lambda }_i=0$, sets the $I{D}_i$ public key to $p{k}_i=g^{\beta i}$; if ${\lambda }_i=1$, then sets $p{k}_i=g^{\beta i}$. B stores $(I{D}_i,p{k}_i,{\lambda }_i,{\beta }_i)$ into $L_1$ and returns $p{k}_i$ to A.

(3) $O_{pk}(I{D}_i)$ query. B query $L_2$ and return $p{k}_i$ to A.

(4) $O_{sk}(I{D}_i)$ query: B queries $(I{D}_i,p{k}_i,{\lambda }_i,{\beta }_i)$ in $L_1$. If ${\lambda }_{\mathrm{i}}=0$, return the private key ${(g^a)}^{{\beta }_i}$ of $I{D}_i$. If ${\lambda }_{\mathrm{i}}=1$, B returns ⊥ and exits the game.

(5) $O_{rk}(I{D}^{*},I{D}^{\prime })$ query. B keeps a list $L_2$ with $L_2$ records in the format $(I{D}_i,I{D}_j,y,R{k}_{i\stackrel{\varpi }{\to }j})$. Algorithm B looks up $(I{D}_j,p{k}_j,{\lambda }_j,{\beta }_j)$ and $(I{D}_i,p{k}_i,{\lambda }_i,{\beta }_i)$ from $L_1$. If ${\lambda }_i=1$, then $S{k}_{I{D}_i}=g^{a{\beta }_i}$, and B randomly chooses, $\varpi \in Z_q$ and $x\in G_T$, where $\varpi$ is the re-encryption condition. Compute $r{k}_1={\left(p{k}_j^{H_3\left(DK\right)}\right)}^s$, and $r{k}_2=D{K}^{H_3\left(p{k}_j\right)}$, then $R{k}_{i\stackrel{\varpi }{\to }j}=(r{k}_1,r{k}_2)$ and B stores $(I{D}_i,I{D}_j,y,R{k}_{i\stackrel{\varpi }{\to }j})$ into $L_2$ and returns $R{k}_{i\stackrel{\varpi }{\to }j}$ to A; if ${\lambda }_j=0$, B returns ⊥ and exits the game.

(6) $O_{re}(I{D}_i,I{D}_j,C_i)$ query. B queries $(I{D}^{*},p{k}_{I{D}^{*}},{\lambda }^{*},{\beta }^{*})$ from $L_1$, if ${\lambda }_i=0$, then finds the re-encryption key $R{k}_{i\stackrel{\varpi }{\to }j}$ by querying $L_2$, then runs $ReEnc(C_i,R{K}_{i\stackrel{\varpi }{\to }j},\varpi )$ algorithm to get the layer 1 ciphertext and returns the result to A; if ${\lambda }_i=1$, B returns ⊥ and exits to A.

(7) $O_{ld}(I{D}_j,C_i)$ query. re-encryption ciphertext $C_j=(C_1,C_2,C_3,C_4)$, B query list $L_1$ of $(I{D}_j,P{k}_j,{\lambda }_j,{\beta }_j)$, if ${\lambda }_j=0$, then the private key of $I{D}_j$ is ${\left(g^a\right)}^{{\beta }_j}$, run $De{c}_2\left({\left(g^a\right)}^{{\beta }_j},C_j\right)$ decrypts and returns the plaintext to A. If ${\lambda }_j=1$, B returns ⊥ and exits the game.

The challenge phase. When A decides to end the query, it outputs an identity $I{D}^{*}$ to be challenged (it must be guaranteed that A has not queried the private key of $I{D}^{*}$), the re-encryption condition ${\varpi }^{*}$, and two equal plaintexts $m_0$, $m_1$ to B. B generates the challenge ciphertext as follows.

(1) B queries $(I{D}^{*},p{k}_{I{D}^{*}},{\lambda }^{*},{\beta }^{*})$ from $L_1$ and if ${\lambda }^{*}=0$, then B exits the game, otherwise continue with the following steps.

(2) ${\lambda }^{*}=1$, B tosses a random coin $\eta \in \{0,1\}$, and B sets $\overline{C_1}=g^c$, $\overline{C_2}=R_{\eta }{Q}^{{\beta }^{*}}$, $\overline{C_3}=m_{\eta }\oplus H_4\left(R\right)$, $\overline{C_4}=g^{s\cdot H_3\left(-s\cdot s{k}_i\right)}$. B returns the challenge ciphertext as $C_{I{D}^{*}}=\left(\overline{C_1},\overline{C_2},\overline{C_3},\overline{C_4}\right)$ to A. A can continue to query each of the above prediction machines, but to prevent A from decrypting $C_{I{D}^{*}}$ frequently, B must make the following checks before answering A.

(1) A is not allowed to query the private key of $I{D}^{*}$.

(2) If A has queried the private key of $I{D}^{\prime }$ and A sends $O_{rk}(I{D}^{*},I{D}^{\prime })$ query request, then B must avoid the re-encryption condition of ${\varpi }^{*}$ when answering.

(3) If A has queried the private key of $I{D}^{\prime }$, then A is not allowed to query $O_{re}(I{D}^{*},I{D}^{\prime },C_{ID*})$.

(4) If A has queried $O_{re}(I{D}^{*},I{D}^{\prime },C_{ID*})$ to get the re-encryption ciphertext $C_{I{D}^{\prime }}$, then A is not allowed to query $O_{ld}(I{D}^{\prime },C_{I{D}^{\prime }})$.

(5) If A has queried $O_{rk}(I{D}^{*},I{D}^{\prime })$ and the re-encryption condition is ${\varpi }^{*}$. then A can use the re-encryption key to generate a re-encryption ciphertext, then A is not allowed to query $O_{ld}(I{D}^{\prime },C_{I{D}^{\prime }})$; otherwise, B still answers the query of A according to the original policy. If $Q=e{\left(g,g\right)}^{abc}$, such that $r=c$, we can prove that $C_{I{D}^{*}}=\left(\overline{C_1},\overline{C_2},\overline{C_3},\overline{C_4}\right)$ is a re-encryption ciphertext by the following derivation:

$$\begin{array}{l}\overline{C_1}=C_1=g^c=g^r\\ \overline{C_2}=C_2=R_{\eta }{Q}^{{\beta }^{*}}=R_{\eta }e{\left(g,g\right)}^{abc{\beta }^{*}}\\ =R_{\eta }e{\left({(g^b)}^{{\beta }^{*}},g^a\right)}^c\\ =R_{\eta }e{\left(p{k}_{I{D}^{*}},g^s\right)}^{H_1\left({\varpi }^{*}\left|\right|H_4\left(C_4\right)\right)}\\ \overline{C_3}=C_3=m_{\eta }\oplus H_4\left(R\right)\\ \overline{C_4}=C_4=g^{s\cdot H_3\left(-s\cdot s{k}_{I{D}^{*}}\right)}\end{array}$$

if $Q\ne e{\left(g,g\right)}^{abc}$, $C_{I{D}^{*}}=\left(\overline{C_1},\overline{C_2},\overline{C_3},\overline{C_4}\right)$ and $\eta$ are independent of each other and $C_{I{D}^{*}}$ is not a legitimate ciphertext.

Finally, A returns its guess ${\eta }^{\prime }$ for $\eta$ to B. If ${\eta }^{\prime }=\eta$, then B outputs 1, i.e., B’s judgment $Q=e{(g,g)}^{abc}$ abc holds; if ${\eta }^{\prime }\ne \eta$, then B returns 0, i.e., B’s judgment $Q=e{(g,g)}^{abc}$ does not hold. Let the number of times A asks $O_{\mathrm{sk},}{O}_{rk},O_{re},O_{ld}$ is $n_{\mathrm{sk},}{n}_{rk},n_{re},n_{ld}$ respectively, then the advantage of B in solving the DBDH hard problem is: $Ad{v}_{\mathrm{B}}^{\mathrm{DBDH}}=(1-\theta ){\theta }^{\left(n_{sk}+n_{rk}+n_{re}+n_{1d}\right)}Ad{v}_{\mathrm{A}}^{\mathrm{CCA}}$.

If A can break this paper’s scheme, that is, Adv is non-negligible, then Adv DBDH is also non-negligible, that is, B can break the DBDH assumption holds with non-negligible advantage, which is contradictory to DBDH’s acknowledged hard solution, therefore, this paper’s scheme is CCA-secure. □

Theorem 3:

This scheme can effectively resist collusion attacks, the data holder DO and the proxy server cannot collude to get the data receiver DR private key, and the data receiver DR and the proxy server cannot collude to get the data holder DO private key.

Proof: 

• Case 1: DO and proxy server collude. Due to the re-encryption key $R{K}_{i\stackrel{\varpi }{\to }j}=\left(r{k}_1,r{k}_2\right)$, it is known that the re-encryption key does not contain any private key information of the data recipient DR, so the two collude to obtain the DR private key.
• Case 2: The DR and the proxy server collude. Although the re-encryption key contains the data holder DO private key information, but the $DK=g^{-s\cdot s{k}_i}$ in the re-encryption key is calculated by DO and sent to the proxy server, because s is a random number, so the proxy server and the data recipient DR can get but DK cannot calculate $s{k}_i$, that is, they cannot get the DO private key.

Combining the above, this scheme can resist the collusion attack. □

5. Performance Analysis

5.1. Scheme Comparison

This scheme is compared with similar schemes in six aspects: cryptosystem, anti-collusion attack, condition-based, difficult problem, security level, and other characteristic functions. The results are shown in

Table 2. Comparison of functions between this solution and similar solutions.

Features	Paul [22]	Xiong [23]	Yao [24]	Wei [25]	Li [26]	Our’s
Cryptosystem	IBE	Traditional Public Key	IBE	IBE	Traditional Public Key	IBE
Collusion-resistance	√	√	√	√	√	√
Based on conditions	√	√	√	√	√	√
Difficult Issues	DBDH	M-CDH	DBDH	DBDH	CDH	DBDH
Security Level	CCA	CCA	CCA	CPA	CCA	CCA
Others	One-way single jump	No double linear pair	One-way multi-jump	Access authorization can be revoked	Threshold anonymous conditions	Conditions can be updated

. The “√” in the table indicates that it meets the requirements “×” Indicates dissatisfaction.

In terms of cryptosystems, our scheme adopts an identity-based encryption (IBE) system, while Xiong [23] and Li [26] adopt traditional public key encryption systems. Compared to IBE systems, IBE systems have higher security and flexibility, so our scheme and other schemes using IBE systems have an advantage in this regard. In terms of security level, all schemes have a high-security level, of which our scheme has security under selective ciphertext attack (CCA), while Wei’s scheme has security under selective plaintext attack (CPA). Although both security levels are high, CCA has a more general security guarantee. In summary, our conditional proxy re-encryption algorithm has an advantage in terms of computational cost compared to other schemes and is suitable for data-sharing scenarios.

In order to analyze the computational cost of the conditional proxy re-encryption algorithm in data-sharing, this scheme was compared with the other two schemes. The comparison results of the computational cost of the algorithms in each scheme are shown in

Table 3. Comparison of Algorithm Calculation Costs for Various Schemes.

Projects	KeyGen	Enc1	Enc2	ReKeyGen	ReEnc	Dec1	Dec2
Paul [18]	$2t_e$	$6t_e$	$6t_e$	$2t_e$	$5t_e$	$6t_e$	$3t_e$
Xiong [19]	$5t_e$	$2t_p+8t_e+t_s$	$2t_p+6t_e$	$6t_e$	$4t_p+t_e+t_v$	$6t_p+t_e+t_v$	$3t_p+t_e+t_v$
This Project	$2t_e$	$t_p+4t_e+4t_m$	$t_p+4t_e+2t_m$	$3t_e+t_m$	$t_p+4t_e+2t_m$	$2t_p+t_e+2t_m$	$t_p+t_e+t_m$

, where “-” indicates that it was not covered in the text.

Table 3 shows the time required for bilinear pairing, the time required for exponential operation, and the time required for multiplication operation. The size relationships between them are as follows: in fact, the time required for multiplication operations is only in microseconds, while the time for bilinear pairing and exponential operations is in milliseconds. Therefore, multiplication operations can be disregarded when comparing algorithm computational costs. In addition, the literature uses one-time authentication signature technology during encryption, so the table indicates the time required for performing one signature calculation and one authentication calculation.

According to the analysis of Table 3, the computational cost at each stage of this scheme is still relatively low after the introduction of conditional value support for data refinement sharing. Compared with Yao ’s scheme [24], this scheme only has slightly higher costs in the re-encryption and decryption stages, and the overall cost is basically the same. This is because this scheme needs to calculate the condition value during the re-encryption stage. Compared with Xiong’s scheme [23], this scheme has reduced computational costs in all stages. Therefore, this scheme has significant advantages in functionality and computational overhead compared to other schemes.

5.2. Performance Testing

Test the algorithm overhead of the proposed scheme in the Paired Based Cryptography Library (PBC), construct bilinear pairs on elliptic curves, and write the program in the Go language. Using two desktop computers to build an experimental environment, one simulates a proxy server node, and the other simulates a data holder and a data receiver user through a virtual machine. The system sets up a total of three node users. The hardware configuration is AMD R5 3600 CPU, 16 GB memory, and 500 GB hard disk.

Using the fixed size user set mentioned above, with the number of conditions set to 3, the shared file size and encryption algorithm jointly affect the encryption time. Here, in order to simplify, it is set to a fixed value. During the execution of the algorithm from key generation, encryption, re-encryption key generation, re-encryption, decryption, and other stages, ten tests are conducted to obtain the average value. The experimental results are shown in Figure 3.

By analyzing Figure 3, it can be seen that the overall execution time of the algorithm in this scheme is shorter than that in the Xiong’s scheme [23] and only slightly higher than that in the Xiong’s scheme [23] during the generation and re-encryption stages of the re-encryption key. This is because the condition values need to be calculated and updated during re-encryption to achieve data granularity sharing, and in other stages, this scheme takes less time than that in the Xiong’s scheme [23]. At the same time, the execution time of the two stages in re-encryption is still relatively short, and the increase in computational cost for users who need frequent re-encryption is not significant.

6. Conclusions

Based on blockchain technology, we propose a high-value data-sharing model for smart grid data scenarios. Firstly, the model makes full use of blockchain’s decentralization, traceability, anti-tampering, and anti-repudiation features, which effectively improves the security and trustworthiness of the data and reduces the risk of data leakage and tampering; secondly, the model can effectively mobilize the participation and motivation of the data holders, and promote the sharing and utilization of high-value data; lastly, through in-depth research and comparative analysis, the model proposed in this paper is able to resist most of the known attacks commonly found in blockchain, and has the functions of traceable auditing, membership control, and secure sharing, which can meet the relevant needs of actual business and can be better applied to smart grid data-sharing scenarios. However, there are also some limitations in this study. In the smart grid data-sharing scheme based on conditional proxy re-encryption, we focus on the issue of fine-grained data access control and effectively trace the identity and behavior process of responsible persons. In the performance testing phase, only the algorithm execution time and computational overhead of each stage were considered, and other factors that affect performance were not deeply considered. In the next step, further research can be carried out on the data packet loss rate when multiple users share data.