Grouping-Based Reliable Privacy Preservation for Blockchain-Assisted Data Aggregation in Mobile Crowdsensing

School of Software, Henan University, Kaifeng 475004, China Henan International Joint Laboratory of Intelligent Network %eory and Key Technology, Henan University, Kaifeng 475004, China Henan Provincial Engineering Research Center of Intelligent Data Processing, Henan University, Kaifeng 475004, China Software Engineering Intelligent Information Processing Innovation Base-Subject Innovation Base of Henan Higher Universities, Henan University, Kaifeng 475004, China


Introduction
Mobile crowdsensing is a data acquisition paradigm based on crowdsourcing and the sensing capabilities of intelligent devices. Portable mobile devices constitute interactive and participatory intelligence sensing networks. e crowd in the network collaboratively completes the sensing tasks to achieve the purpose of data collection and information sharing [1][2][3]. Data aggregation is an essential prerequisite for data collection and information sharing in mobile crowdsensing networks. Data aggregation eliminates redundant information and extracts valuable information by processing local sensing data [4]. In smart grid applications, electricity consumption data is the basis for power companies to adjust power supply and demand control in real-time. e electric meter can sense users' electricity consumption data in real-time and aggregate it into regional electricity consumption data [5]. In intelligent transportation applications, road condition information is the basis for public travel and route planning. Mobile vehicles can sense traffic data in real-time and aggregate it to form regional traffic information, such as the user's location and speed [6]. e risk of privacy leakage exists during the data aggregation process in mobile crowdsensing networks [7]. In a crowdsensing network, the data perceived by mobile devices (such as electricity data and location data) is often sensitive [8]. Attackers may use sensitive data to speculate on the user's living habits and behavioral patterns and then carry out malicious attacks. erefore, preserving user's data privacy in the data aggregation process is the key to promoting the application of crowdsensing networks [9]. Existing research has carried out in-depth research on privacy-preserving data aggregation. Various privacy-preserving data aggregation schemes have been proposed [10][11][12]. Based on the homomorphic encryption mechanism, the sensing data can be computed directly on the ciphertext [13,14]. Based on the random noise-adding mechanism, the sensing data can be computed after hiding the real data, thus achieving privacy-preserving data aggregation [15][16][17]. However, the existing privacy-preserving data aggregation schemes still face the problem of unreliable data aggregation processes. Crowdsensing nodes are deployed in the public environment, and their capabilities are limited. It is easy for a network attacker to control the nodes in the crowdsensing network and add illegal or fake data during the data aggregation process [18,19]. erefore, it is crucial to achieve data traceability and reliability of aggregation results in a privacy-preservation data aggregation process.
As a decentralized network public ledger, blockchain has the characteristics of decentralization, non-tampering, and traceability [20]. e unique trust management method of blockchain provides a promising way to study the methods of reliable privacy-preserving data aggregation [21][22][23]. In the process of the blockchain-assisted data aggregation, nodes jointly maintain an immutable transaction record of sensing data to realize the traceability of sensing data and improve the reliability of data aggregation results [24][25][26].
However, direct use of blockchain for privacy-preserving data aggregation may increase the risk of privacy leakage. Blockchain-assisted data aggregation requires nodes to jointly maintain transaction records. All nodes (including malicious nodes) can obtain the information contained in transaction records, which leads to privacy leakage in the process of data aggregation. Furthermore, privacy-preserving data aggregation is necessary to ensure the privacy of sensing data and intermediate calculation results. All nodes in the crowdsensing network should only know their private data and know nothing about the intermediate calculation results. erefore, it is important to deeply study the blockchain-assisted privacy-preserving data aggregation method for improving reliability.
To solve the above problem, we propose a groupingbased reliable privacy-preserving data aggregation (RPPDA) algorithm. First of all, crowdsensing nodes are grouped to construct a private blockchain during the data aggregation process. e traceability and reliability of aggregation results are ensured. en, a zero-sum noise-adding mechanism is introduced to preserve the privacy of data aggregation within each group. e communication and computation costs are reduced compared to the encryption mechanismbased data aggregation. e correctness of data aggregation is also ensured since the added random noise is canceled during the aggregation process. erefore, the RPPDA algorithm ensures that the blockchain is fairly utilized to improve the reliability of data aggregation and avoid the effect of directly utilizing the blockchain on privacy-preserving data aggregation. e zero-sum noise-adding mechanism ensures the correctness, privacy, and efficiency of privacy-preserving data aggregation. e contributions of this paper are summarized as follows: (1) We explore a new way to address the privacy leakage issue of directly applying blockchains to privacypreserving data aggregation. A grouping-based, reliable, privacy-preserving data aggregation algorithm, RPPDA, is proposed using private blockchains for mobile crowdsensing. (2) We conduct theoretical analyses to prove the privacy, correctness, and reliability of the RPPDA algorithm. e communication and computation costs are also analyzed.
(3) e correctness of aggregation results and the efficiency of privacy preservation are verified using experiments on the platform of Hyperledger Fabric. e advantages of RPPDA are also demonstrated through simulations in terms of correctness, execution time, and privacy preservation. e remainder of the paper is organized as follows: Section 2 reviews the related work on privacy-preserving data aggregation. Section 3 describes the system model and problem setup. Section 4 designs the RPPDA algorithm. Section 5 theoretically analyzes the performance of RPPDA. Section 6 evaluates the performance of RPPDA through experiments and simulations. Section 7 concludes the paper.

Privacy-Preserving Data Aggregation.
Existing work has proposed various privacy preservation mechanisms to address the problem of privacy leakage during mobile crowdsensing data aggregation [27][28][29]. Existing privacy preservation mechanisms for data aggregation usually meet the following requirements. (1) Aggregation nodes can obtain aggregated results of data from all sensing nodes. (2) Aggregation nodes cannot obtain the private data of sensing nodes. (3) e sensing node cannot obtain the sensing data of other nodes. Existing work has designed privacy preservation methods for data aggregation from different perspectives based on encryption mechanisms or noise-adding mechanisms. For example, for the multidimensional data aggregation problem in the Internet of ings (IoT) scenario, Peng et al. designed an efficient privacy-preserving data aggregation method based on a homomorphic encryption method to protect data privacy during data aggregation [30]. Shi et al. designed a zero-sum weighted noise to address the problem of location information leakage during distributed localization, achieving privacy preservation and accuracy of localization results [31]. Wang et al. designed a local differential privacy data aggregation method based on differential privacy theory to solve the privacy disclosure problem of user data in crowdsensing discrete distribution estimation [32]. Xie and Chen designed a secure data aggregation framework based on the Shamir secret sharing mechanism to solve the problem of data privacy disclosure in distributed data aggregation [33]. e above studies designed privacy preservation data aggregation methods by introducing homomorphic encryption mechanisms, zero-sum random noise, differential privacy noise, and the Shamir secret sharing mechanism. However, the reliability of privacy-preserving data aggregation still needs improvements. If some nodes use illegal or false data in the data aggregation process, it is necessary to enable the traceability of the data source. In this paper, the blockchain technology is used to achieve the reliability of the privacy-preserving data aggregation process. e proposed RPPDA algorithm ensures the traceability of the data aggregation process to improve the reliability of the data aggregation results.

2.2.
Blockchain-Based Privacy Preservation. Blockchain-assisted data aggregation has been studied to improve the performance of crowdsensing [34]. e security and integrity are improved by utilizing blockchains for data aggregation in crowdsensing. For example, Wang et al. proposed a blockchain-based secure data aggregation strategy, which considers security level-based task classification and energy-efficient task fulfillment against privacy disclosure [24]. Li et al. presented a blockchain-enhanced data aggregation framework for UAV-assisted WSNs [25]. By combining blockchain building and data aggregation, a disaster semantic blockchain based on a data reconstructiondirected consensus mechanism is presented to ensure the security of data transmission. Arulprakash and Jebakumar designed and implemented a real-time privacy-preserving data aggregation distribution scheme for mobile crowdsensing called SMARTEE [26]. e SMARTEE stores and transfers data using a protected blockchain mechanism and a gateway-based authentication scheme to ensure proper data transmission and integrity. erefore, it is noted that blockchain offers a novel way to enhance privacy preservation during data aggregation in crowdsensing.
Privacy-preserving data aggregation schemes have been investigated using blockchains [35]. Existing work designed privacy-preserving data aggregation from different perspectives to avoid the single point failure and the use of false data in the process of data aggregation. For instance, Zhang et al. designed a privacy-preserving and a reliable sensing scheme using a homomorphic encryption mechanism and blockchain to avoid a single point of failure and achieve reliable data aggregation services [36]. Kong et al. designed a privacy-preserving and verifiable data sharing scheme using homomorphic encryption mechanism and blockchains to achieve privacy protection and verifiability [37]. Lin et al. designed a secure data aggregation strategy by putting node security level indicators into blockchains [38]. e strategy improves the security level of data aggregation in industrial applications. Guan et al. designed a privacy-preserving multi-party computing mechanism based on blockchains to improve the security of multi-party computing [39]. e above work improves the security and reliability of the data aggregation process. However, the above privacy preservation schemes based on blockchains are different from our reliable privacy preservation method. e privacypreserving data aggregation approach using homomorphic encryption mechanisms may incur a significant communication and computational cost. In this paper, a noiseadding mechanism is utilized to preserve privacy during data aggregation and reduce the communication and computation costs. A grouping-based reliable privacy preservation method is designed to enrich the application of the blockchain technology.

System Model.
We consider a mobile crowdsensing network consisting of four parties, including a target node, many sensing nodes, several aggregation nodes, and a blockchain network. First, to collect data and acquire information, such as with the smart grid crowdsensing, the target node distributes sensing tasks to suitable sensing nodes. After adding random noise to the sensing results, the sensing nodes send the noise-added sensing results to the designated blockchain network. en, by calculating the aggregation result based on the noise-added data, the aggregation node sends the aggregation result to the target node. Figure 1 shows the system model of the blockchainassisted data aggregation in mobile crowdsensing.
(1) Target node. e target node is the requestor of the crowdsensing data and distributes the crowdsensing tasks to sensing nodes by crowdsensing platforms or application servers. e target node obtains the aggregation results based on the sensing data.
(2) Sensing node. A sensing node is a smart mobile device with the basic functionalities of sensing, computing, and storage. e sensing nodes could be smart phones, wearable devices, and mobile vehicles. Sensing nodes are the basic units of the mobile crowdsensing networks, which are used to collect different types of data, such as power consumption, temperature, location, and speed. Without affecting the aggregation results, zero-sum random noise is usually added to the sensing data to preserve the data privacy of the sensing node.
e blockchain network is a distributed storage ledger that records the noiseadded sensing data in sequence and is maintained by distributed sensing nodes. Under a consensus process, the sensing nodes take the noise-added sensing data as a transaction and pack it into the block. e blockchain network automatically invokes a smart contract containing the aggregation algorithm to output the aggregation result to the aggregation node. (4) Aggregation node. e aggregation node is responsible for aggregating the sensing data and sending the aggregation result to the target node. In this model, a sensing node can participate in the data aggregation process so as to be an aggregation node.

Security and Communication Networks
In mobile crowdsensing networks, N 0 denotes the target node. e sensing node is denoted as where m is the number of sensing nodes. N i takes the sensing data as its private data d i (i � 1, 2, . . . ∞, m). All sensing nodes are divided evenly into n groups. Each group has an aggregation node N j ′ (j � 1, 2, . . . , n) responsible for collecting intermediate aggregation results of the sensing data within the group. N 0 is responsible for collecting intermediate aggregation results and calculating final sensing data aggregation results. erefore, the purpose of privacypreserving data aggregation is to compute correct-sensing data aggregation results while preserving privacy.
In this paper, a semi-honest model is used to analyze the threat in the process of privacy-preserving data aggregation. Assuming that all nodes in the data aggregation process are honest but curious. Each node performs computation and communication according to the steps specified in the algorithm. But each node is curious whether it can deduce the private information of other nodes from the messages it obtained [40]. Moreover, data summation in crowdsensing is an important data aggregation scenario. erefore, we focus on how to use blockchain to enhance the reliability of private data and to avoid information leakage during aggregation results due to the use of public blockchain. Furthermore, during the crowdsensing data aggregation process, the sensing data of the nodes need to be aggregated without considering the movement of the nodes. e sensing data of a moving node can be broadcast and uploaded to the blockchain through the nearby base stations [41]. erefore, it is assumed that the moving nodes have no impact on the privacy-preserving data aggregation.

Problem Setup.
e reliable and privacy-preserving data aggregation algorithm based on a private blockchain is desired to meet the following objectives: (1) Correctness of aggregation results. e data aggregation results of all sensing nodes can be correctly calculated, that is, the algorithm execution results are equal to the direct calculation results without considering privacy by adding random noise.
(2) Privacy of data. It is ensured that private data d i is known only by the node N i . e final sensing data aggregation result is known only by the target node N 0 , and the intra-group aggregation result is known only by intra-group nodes. (3) Efficiency. e designed algorithm does not use any encryption mechanism. Compared with the privacypreserving data aggregation algorithm based on the encryption mechanism, the designed algorithm has low computation and communication costs. (4) Reliability. Compared with the privacy-preserving data aggregation algorithm using public blockchain, the designed algorithm can calculate reliable results by the grouping process. Each group maintains a private blockchain to store the data aggregation records, which reduces the risk of privacy leakage from directly utilizing the public blockchain.

Basic Idea.
In the process of mobile crowdsensing data aggregation, RPPDA is designed to realize the correctness, efficiency, privacy preservation, and reliability of aggregation results. Firstly, all sensing nodes are divided into groups to maintain private blockchains and carry out privacy-preserving data aggregation based on the zero-sum noise-adding mechanism. Data transactions during the aggregation are not completed until they are posted to a private blockchain, ensuring that data transactions can be traced back. Secondly, the aggregation node obtains the aggregation result within the group. en, to preserve the privacy of the intermediate aggregation results, the aggregation nodes again add zerosum noise to the intermediate aggregation results while waiting for the target node to perform secondary data aggregation. Finally, the target node uses the noise-added intermediate aggregation results to compute the final aggregation result. Due to the zero-sum noises, the effect of noise on the aggregation results can be canceled, which ensures the correctness of the aggregation result. e idea of the reliable privacy preservation using private blockchains is further discussed. e blockchain construction process is a key step in the implementation of RPPDA. A private blockchain takes a partially centralized approach and is only open to specific individuals. Data reads, data writes, and consensus mechanisms comply with the private blockchain manager, which maximizes the maintenance of sensitive data from illegal access and tampering [42]. In particular, the sensing nodes are divided into multiple groups, and each group maintains a private blockchain. e block has the following components: merkle root, block ID, hash, previous hash, time stamp, and the noise-added sensing data. Furthermore, the private blockchain reduces the risk of the privacy leakage issue of utilizing the public blockchain. When using the public blockchain, the aggregation results are available to any node, which may reduce the privacy preservation level of the data aggregation process. However, by storing the noise-added sensing data on the private blockchain in each group, it ensures the  correctness of data aggregation results, preserves the privacy of sensing data, and improves the reliability of privacypreserving data aggregation.

Intra-Group Data Aggregation.
In the process of intragroup data aggregation, the sensing nodes add zero-sum noise to realize the privacy preservation for sensing data and the correctness of data aggregation results. At the same time, the key to intra-group data aggregation is maintaining a private blockchain. In the process of aggregating noiseadded data, the data transaction can be published on the blockchain only after the consensus algorithm is implemented, which ensures the reliability and traceability of data. erefore, two steps are considered for the intra-group data aggregation based on blockchain, including privacy-preserving data aggregation based on noise-adding mechanism and consensus mechanism of data transaction on the blockchain during data aggregation.

Noise-Adding based Privacy Preservation.
It is crucial to ensure the correctness of aggregation results and the privacy of the data. During data aggregation, zero-sum noise is added to eliminate the effect of noise on the aggregation result and achieve accurate, privacy-preserving data aggregation.
e privacy-preserving data aggregation process based on the zero-sum noise is described below [40]. Assuming N i has a private matrix M i (i � 1, . . . , m), e size of the private matrix M i is predetermined based on the crowdsensing data aggregation scenario. For example, in the three-dimensional crowdsourced localization scenario, the sensing data denotes the location information, including three rows and one column. N 0 needs to obtain the summation without knowing the private information of N i (α � m i�1 M i ). Random noise matrices are used to preserve privacy information during summation calculation. Firstly, N i generates m random noise matrices p k i (k � 1, . . . , m). p k i has the same number of rows and columns as the matrix M i and the sum of these matrices is a zero matrix. Secondly, N i keeps one of the matrices and sends the remaining matrices one by one to the other nodes. erefore, N i can add up the random matrices received from other nodes to construct a new random noise matrix, denoted as P i , where m i�1 P i � 0. Finally, N i sends mixed messages α i � M i + P i to N 0 . erefore, without obtaining the private information of the other nodes, N 0 calculates the summation of all the private information by α � m i�1 α i .

Consensus Mechanism.
Data privacy of nodes on the blockchain is protected by adding the zero-sum noise, and all nodes are semi-honest. erefore, the nodes in the group are not anonymous when they publish the block storing personal noise-added information as miners. Assuming that the average block-producing time of the blockchain within the group is consistent.Because the number of nodes in the group is small, the delay of block propagation is ignored. e block is broadcast and immediately received by the other nodes in the group. After a block is added to the blockchain, each node will receive blocks broadcast by other nodes. e nodes will verify the validity of these blocks and select a block to be added to the end of the locally maintained blockchain through a consensus mechanism.
In the process of data aggregation, the consensus mechanism of data transaction polling is described as follows. First, NUM i denotes the total number of blocks published by miner i. T i denotes the time between the miner i publishing the last block and the current block. T i can be obtained by subtracting the timestamp in the block published by the previous miner i from the timestamp in the block packed by the current miner i. Each miner will sort the blocks received in T seconds according to the polling consensus mechanism and select a block to add to the end of the locally maintained blockchain. en, the consensus mechanism compares the total number of blocks that miners have published on the blockchain. e output is the block packaged by the miner who has published the least number of blocks. When there are multiple blocks with equal NUM values in this step, all of them have a minimum value. e time after the miner who packed these blocks last published a block is compared in the blockchain. e blocks packed by the miner with the longest wait time is the output. Further, if the above steps fail to output a single block, the hash values of these blocks are compared to the output of the block with the lowest hash value.

Algorithm Design.
e aggregation node calculates the intra-group data aggregation result and performs the zerosum noise adding mechanism to ensure the privacy and correctness of the aggregation results. erefore, based on the idea of adding zero-sum noise in Section 4.2.1, the intragroup data aggregation results are aggregated again by adding zero-sum noise to achieve privacy-preserving aggregation among groups.
Based on intra-group data aggregation and data aggregation between groups, the RPPDA algorithm is designed in Algorithm 1. e input is private data d i (i � 1, 2, . . . , m) for sensing nodes. e output is the final sensing data aggregation result. First, the sensing nodes are grouped to avoid information disclosure of final aggregation results caused by the public blockchain. e m sensing nodes involved in the aggregation calculation are divided equally into n groups, denoted by G j (j � 1, 2, . . . , n). Each group has k(k ≥ 3) nodes (N j1 , N j2 , . . . , N jk ). One node from each group G j is selected as the aggregation node N j ′ of the group. Second, the zero-sum noise is added to private sensing data. e nodes in group G j are denoted by N jl (l � 1, 2, . . . , k). e nodes collaborate to generate the zero-sum noise α jl , where k l�1 α jl � 0. en, the noise-added data (i.e. transaction data records) is uploaded to the blockchain by the consensus mechanism. Each group G j maintains a private blockchain BC j . N jl adds zero-sum noise α jl to private data d jl , according to d jl ′ � d jl + α jl . e node identification information and noise-added data d jl ′ are stored in the private blockchain BC j . Next, the aggregation node N j ′ aggregates the noise-added data d jl ′ in the private blockchain BC j , according to Sum j � k l�1 d jl ′ � k l�1 (d jl + α jl ). Further, the aggregation nodes N j ′ collaborate to generate the zero-sum noise β j again, where n j�1 β j � 0.N j ′ adds zero-sum noise β j to the intra-group data aggregation result Sum j ′ , according to Sum j ′ � Sum j + β j . Finally, the target node N 0 calculates the final aggregation result Sum � n j�1 Sum j ′ � n j�1 (Sum j + β j ).

Correctness.
e correctness of RPPDA means that the execution result is equal to the direct aggregation result without adding random noise by considering privacy. It is necessary to prove that the final aggregation result calculated by the target node N 0 is equal to the sum of the private data of all sensing nodes N i . e following theorem gives the correctness of RPPDA. en, the following equation holds.
where S is the sum of the private data of all sensing nodes N i . Sum is the final aggregation result calculated by the target node N 0 .
Proof. Firstly, we need to prove the correctness of the intragroup summation calculation results Sum j of the aggregation node. S j denotes the sum of the private data of the sensing nodes in G j . According to S j � k l�1 d jl and k l�1 α jl � 0, we have (2) where α jl is the zero-sum noise of the l-th sensing node in G j . d jl ′ is the noise-added data of N jl . en, it is necessary to prove that the summation results, Sum of the target node is equal to the sum of the intra-group summation calculation results. Due to n j�1 β j � 0, we have where β j is the zero-sum noise of the aggregation node in G j . S j ′ is the noise-added summation data of G j . Combining equations (2) and (3), we know that erefore, eorem 1 is proved. e final aggregation result of RPPDA is correct.

Privacy Preservation.
e privacy preservation of RPPDA means that the private data of all nodes involved in the calculation cannot be deduced by other nodes, and only the target node knows the final aggregation result. e following theorem gives the privacy preservation of the RPPDA.
Proof. Two cases need to be proved to support eorem 2.
(1) All nodes cannot directly or indirectly reason to obtain the private data of other nodes; (2) e final summation result can only be computed by the target node.
In the process of data aggregation, each private blockchain stores the noise-added data of sensing nodes. Meanwhile, at least three nodes within each group collaborate to generate zero-sum noise because during the execution of RPPDA, a zero-sum noise addition is performed within each group and between all groups, respectively. Also, the zero-sum noise mechanism needs to ensure that the private information is not inferred by other nodes when three or more nodes are present. For example, when there are only two nodes, a node can reason out the private information of another node based on its zero-sum noise term. erefore, even nodes within the same group cannot obtain and infer the private data of other nodes from the noiseadded data. In addition, the aggregation nodes of each group collaborate to generate the zero-sum noise again and add the noise to the intermediate calculation results. en, the noiseadded data is treated as private data. erefore, when the target node communicates with the aggregator node, the target node gets the noise-added intermediate computation result. e target node does neither have access to the private data of the aggregator node nor can it infer the private data of the aggregator node from the noise-added intermediate computation results. Condition 1 holds true.
For condition 2, all nodes involved in the computation are divided into groups. e nodes in each group store their private data in a private blockchain after adding zero-sum noise. e summation result of the data for each group can only be calculated by the node within that group, i.e., the aggregation node can get the summation result of each group (the intermediate calculation result). e target node communicates with the aggregation node and obtains the noise-added intermediate results of each group. en the target node calculates the final summation result. In conclusion, eorem 2 is proved.

Reliability.
e reliability of RPPDA is to ensure the traceability of original sensing data in the process of data aggregation. Many factors influence sensing data in the mobile crowdsensing network. For example, mobile device failure leads to data storage failure and malicious node attacks lead to data errors. RPPDA is based on private blockchain. All nodes are honest but curious and follow the consensus mechanism of data transaction polling during the data aggregation. e sensing data in mobile crowdsensing is published to the blockchain after adding random noise. e sensing data can be traced back through blockchain when there are mobile device failures or being attacked. In addition, sensing data cannot be tampered with or deleted because the blockchain is jointly maintained by all nodes. erefore, RPPDA ensures the traceability of original sensing data and improves the reliability of data aggregation in mobile crowdsensing.

Communication and Computation Cost
e communication cost of the RPPDA consists of three components, i.e., the communication cost between the sensing nodes, the communication cost between the sensing nodes and the aggregation nodes, and the communication cost between the aggregation nodes and the target node. Because the number of nodes in each group is equal, it is assumed that the process of adding noise and requesting to join the blockchain takes place simultaneously in each group. For convenience, we consider the communication cost of only one group. Firstly, to generate zero-sum noise, each node in the group needs to transmit (k − 1) elements to complete the communication. e communication cost in the private blockchain is T bc . Next, to get the data on the private chain and perform aggregation, the aggregation node needs to communicate with the other nodes in the group by transmitting (k − 1 + T bc ) elements. Finally, to obtain the intermediate aggregation results and perform the final aggregation, the target node communicates with the aggregation node by transmitting n elements. Assuming that a number is represented by 24 bits. In summary, the communication cost of the aggregation process for RPPDA is roughly (24 × (n(k − 1)+ n(k − 1 + T bc ) + n)).
(2) Computation Cost. Assuming that there are m nodes involved in the aggregation. e nodes are divided equally into n groups. Each group has k nodes. ere are k addition operations to be performed when each group of nodes adds noise to the private data. To sum up the noise-added data of each group and add the noise to it again, the aggregation node needs to perform (k − 1 + n) addition operations. e target node communicates with the aggregation node to compute the final summation result and perform (n − 1) addition operations. erefore, the computation cost of the summation calculation process for RPPDA is roughly (n(kφ + C bc + (k − 1 + n)φ + (n − 1)φ)), where φ is the cost of addition operations and C bc is the computation cost in the private blockchain.

Performance Evaluations
In this section, to evaluate the performance of the RPPDA, the experiments and simulations are designed for the mobile crowdsensing data aggregation scenario.
Security and Communication Networks e RPPDA algorithm was deployed to the Hyperledger Fabric blockchain platform (version 2.1.1) to evaluate the performance. Experimental tests were carried out regarding the efficiency of privacy preservation. e configuration information for the experimental environment parameters is shown in Table 1.
e HPPDA uses the Paillier homomorphic encryption system based on the implementation using the Go language. e execution time of HPPDA, RPPDA, and NPPDA algorithms is shown in Figure 2. It is seen that as the number of nodes increases, the execution time of the three algorithms increases. Compared with HPPDA, the execution time of RPPDA was reduced by 56.84% on average. Since the HPPDA algorithm performs a homomorphic encryption mechanism, the time overhead is large. However, NPPDA has a small time overhead because it does not use blockchain. erefore, the experimental results are reasonable and prove that RPPDA can improve efficiency while achieving reliable privacy protection.

Simulation Results.
Simulations are conducted for the RPPDA algorithm using Pycharm software running on a Dell desktop computer with an Inter core i5-9500 CPU @ 3.00 GHz processor and 8.00 GB (7.81 GB available) of RAM. e HPPDA, RPPDA, and NPPDA algorithms are compared in terms of aggregation accuracy, communication and computation cost, and privacy preservation strength. e simulation experiment considers the smart grid crowdsensing scenario, where the electricity consumption of users is collected in an area for a week. About 100 smart meters are distributed in the area. e smart meter is the sensing node, and the user's electricity consumption is the sensing data. e number of sensing nodes was set from 10 to 100. e electricity consumption of users ranges from 0 to 100. To reduce the influence of random variables on the results, the results of all simulations are the average of 1,000 independent runs. Figure 3 shows the data aggregation results with and without noise to evaluate the correctness of RPPDA. It can be seen that the summation results with noise are always the same as the summation results without noise. e reason is that the zero-sum random noise is added in the RPPDA data aggregation process, which counteracts the effects of noise. erefore, the RPPDA algorithm is able to correctly aggregate the data, which validates the theoretical results in eorem 1 of Section 5.1. e computation and communication costs of HPPDA, NPPDA, and RPPDA are shown in Figures 4 and 5. e comparison shows that the computation and communication costs of RPPDA are on average 94.03% and 99.86% lower than those of HPPDA, respectively. is is because HPPDA uses homomorphic encryption containing long-bit products and exponential operations. e computation and communication costs of RPPDA are higher than NPPDA since RPPDA uses a private blockchain to record data transactions. erefore, RPPDA ensures the efficiency of the data aggregation process. e privacy protection strength is evaluated for the RPPDA algorithm. Inspired by the definition of privacy protection strength in existing studies [40,43,44], the privacy protection strength is measured by the probability that a node's private data is not accessed by other nodes in the simulations. For example, the privacy protection strength is defined by the chance of activity prediction of users in location-based services (LBS) [43]. A smaller chance of activity prediction means a higher privacy    Similarly, data aggregation is privacypreserving when the private data of the sensing node cannot be known by other nodes. Due to the public and transparent nature of the blockchain, the data stored in the blockchain can be accessed by other nodes. When m nodes are involved in aggregation and divided into n groups, the number of nodes in each group is m/n, where the privacy protection strength is 1 − (1/mn). Under the above definition of privacy protection strength, Figure 6 compares the privacy protection strength under the different number of groupings. It can be found that when the number of sensing nodes involved in aggregation is certain, the more the number of groupings, the higher the privacy protection strength because the greater the number of groupings, the fewer the number of nodes that jointly maintain a blockchain. erefore, grouping nodes can improve the privacy-preserving strength of the data aggregation process.
According to the evaluation results of the above experiments and simulations, RPPDA can ensure the correctness of data aggregation results. RPPDA has a lower computation and communication cost than HPPDA. RPPDA also improves the privacy preservation strength by dividing nodes into groups to avoid the privacy leakage of directly using blockchain. erefore, the RPPDA algorithm not only ensures the correctness of the data aggregation results but also has higher efficiency and strong privacy preservation.

Conclusions
Privacy-preserving data aggregation play an important role in mobile crowdsensing. Direct use of the public blockchain can improve the reliability of privacy-preserving data aggregation. However, there is the risk of privacy leakage during the process of data aggregation. In this paper, we propose a grouping-based reliable privacy-preserving data aggregation algorithm to avoid the risk of privacy leakage. First, we introduce a private blockchain to ensure traceability during data aggregation. All sensing nodes are divided into groups to maintain private blockchains. en, the zero-sum noise mechanism is utilized to ensure the correctness of data aggregation results, preserve the privacy of sensing data, and improve the efficiency of data aggregation. Finally, the correctness, privacy-preservation, reliability, and efficiency of RPPDA are theoretically analysed. e effectiveness of RPPDA is demonstrated by experiments and simulations.

Data Availability
No data were used to support the findings of this study.