SEMDA: Secure and Efficient Multidimensional Data Aggregation in Smart Grid without a Trusted Third Party

,


Introduction
In recent years, as increasing numbers of countries place more emphasis on the next generation of electricity networks, considerable human, material, and fnancial resources have been invested in the research and development of intelligent electricity networks.As the next generation of grids, smart grids integrate traditional grids with information and communication technologies for the efcient and reliable generation, transmission, distribution, and control of services [1][2][3], and these technologies will be used in future work.Smart grids will play an increasingly important role in meeting the needs of users, improving data reliability, and providing power control management [4].In order to intelligently monitor and control the network in real time, smart grid control centers must continuously collect data on the amount of electricity consumed by users.But smart grid usage data directly reveals where, when, and what people are doing.In the event of a leak, these data can expose individual users' electricity usage patterns.For example, if a user's power consumption is almost zero at a fxed time of day, it can be inferred that the user is out at that time of day and no one else is home.If a smart device terminal obtains this data, it can use big data technology to provide personalized service recommendations to users and improve service quality.However, when an external attacker gains access to that user's electricity data, it can be sold for fnancial gain or it can be used to commit a crime such as a burglary, while the user is away at a later date.Clearly, exposure to such sensitive information is a threat to the privacy of these users [5].Tus, it is particularly important to ensure the confdentiality and integrity of the information transmitted in smart grids while protecting the privacy of the users in smart grids from being compromised [6].
Security and privacy are two of the main obstacles to the development of the smart grid.How to monitor regional electricity consumption without divulging the power consumption of a single user has become the direction of scholars.Te homomorphic encryption scheme guarantees that the algebraic operation of cryptography is equivalent to the direct operation of plaintext.Terefore, homomorphic encryption schemes are widely used in smart grids to protect users' privacy.
Te idea of combining data aggregation with a homomorphic encryption algorithm is proposed to solve the privacy problem in smart grids.Compared with symmetric encryption algorithms, the use of homomorphic encryption algorithms and data aggregation combine to achieve both efciency and privacy protection and to detect power leakage and fraud by comparing the aggregated results of smart meters with the total meter readings.
In 2012, Lu et al. [7] frst proposed an EPPA scheme based on paillier homomorphic encryption and super-incremental sequences to address privacy concerns in smart grids.However, paillier encryption is not as efcient as BGN encryption in very small plaintext spaces; so in 2015, Chen et al. [8] proposed a BGN homomorphic encryption scheme based on MuDA data aggregation to solve the problem of small plaintext spaces and paillier encryption's inefciency.In order to measure the interval distribution of electricity consumption by users, Li et al., (2018) proposed a PPMA scheme for data aggregation across multiple subsets using super-incremental sequences and paillier homomorphic cryptography [9].It can calculate the amount of electricity used and the number of users at a given time.In 2019, Saleemd et al. [10] proposed a fault-tolerant FESDA scheme to address the failure of unsuccessfully decrypting meter faults.When a user fails, the Control Center (CC) uses the user's equivalent cipher to decrypt and gain good fault tolerance.However, in 2021 Wu et al. [11] found that the presence of equivalent ciphertext in the FESDA scheme can leak users' private information, attacked the FESDA scheme, and proposed a secure PDFA aggregation scheme using the extended Shamir secret-sharing scheme.
Tese schemes require the involvement of a trusted third party, who passes the corresponding decryption key to CC, assists in the management of user registration and deregistration, and so on.However, fnding a fully trusted third party in the real world is extremely difcult, and even if such a trusted third party does exist, signifcant human, material, and fnancial resources need to be devoted to maintaining its absolute security and credibility in the future.Based on these considerations, some scholars have proposed aggregation schemes without trusting third parties.In 2016 Knirsch et al. [12] proposed a time-series spatiotemporal aggregation shield that utilizes key superposition between users to protect individual privacy while still providing sufcient bug resistance and an efcient data aggregation scheme.In 2018, Li et al. [13] proposed a data aggregation scheme without trusted third parties based on BGN homomorphic encryption.And in the same year, Gong et al. [14] proposed a distribution method that does not rely on any trusted third party to generate security parameters that tolerate conspiratorial attacks between n-2 users.In 2019, Liu et al. [15] proposed an EC-Elgamal data aggregation scheme without a trusted third party, which protects the privacy of individual users by constructing a virtual aggregation region based on the level of trust between users.However, these schemes are functionally single and do not allow for the aggregation of multidimensional data.
In the above scheme, the signature of each cryptographic text needs to be verifed, but it is less efcient.Several other proposals have been foated.In 2020, Ding et al. [16] proposed a homogenous encrypted data aggregation scheme based on user identity that allows only collectors authorized by electricity service providers to decrypt, thereby protecting the privacy of the user.In 2021, Chen et al. [17] proposed a data aggregation scheme based on dynamic member groups that enables dynamic user management.In 2022, Liu et al. [18] proposed a data aggregation scheme that supports the rapid detection of deceptive users.
Tese solutions address the diferent needs of smart grids, but none of them is fully functional.In real life, we expect a scheme that can achieve multidimensional data aggregation without the involvement of a trusted third party while protecting the privacy and integrity of users' electricity data.Our scheme can solve this problem.
Our contributions are as follows: (i) We apply the Chinese remainder theorem [19] to construct a multidimensional data aggregation scheme.Te Chinese remainder theorem makes each dimension independent of the other when the terminal is decrypted, which ensures the correctness of our scheme.
(ii) We design a data aggregation scheme supporting key, blind factor reuses, and batch authentication based on paillier homomorphic encryption [20] scheme and bilinear pairing [21].In addition, an example of fast detection of incorrectly signed users when bulk verifcation fails is given using combinatorial mathematical principles [22].
(iii) We apply a secure key negotiation protocol [23] that does not require the participation of trusted third parties.All devices are semi-honest throughout the process, and we prove the privacy of user information at every step.
In Section 1, we introduce the basic situation of smart grids.In Section 2, we introduce related work to the paper.In Section 3, we introduce the basic blocks as the preliminaries of our scheme.In Section 4, we introduced our system model.In Section 5, we describe the construction of our scheme in detail.In Section 6, we analyze our scheme.In Section 7, we conducted the experiment evaluation.Finally, we draw our conclusion in Section 8.

Related Work
In this section, we provide an overview of traditional solutions for smart grids as well as some of the latest research fndings.In 2010, Li et al. [24] frst proposed a distributed incremental data aggregation method, which covers the entire local neighborhood or any specifed node set with minimal overhead through carefully constructed aggregation trees.At the same time, homomorphic encryption was used to ensure the security of data during transmission.Tis approach guarantees that all devices participate in aggregation and that no intermediate or fnal result is obtained by any device, so this approach is mainly used in privacypreserving data aggregation schemes in smart grids.
Compared with the privacy-preserving one-dimensional data aggregation scheme, the multidimensional data aggregation scheme contains multiple detailed pieces of information of the user, which can not only extend the application of data aggregation but also meet the needs of the terminal for fne-grained analysis of multidimensional data and facilitate strategy adjustment.In 2012, Lu et al. [7] constructed a multidimensional data aggregation scheme by using a super-increasing sequence and homomorphic encryption scheme to obtain more electricity information of users.However, this scheme needs to encrypt the data of each dimension, which leads to excessive computational overhead and low efciency during encryption.In 2017, Merad Boudia et al. [25] proposed an ElGamal homomorphic encryption multidimensional data aggregation scheme based on an elliptic curve, which does not require complex encryption operations on the way.However, the smart meter needs to encrypt the data for each dimension, which will greatly reduce the calculation efciency with the increase of the dimension.In 2018, Li et al. [9] used two super-increasing sequences and paillier homomorphic encryption algorithm to construct a multisubset data aggregation scheme, which could count the electricity consumption and the number of users in a certain period of time.However, when the number of electricity consumption intervals is too large, the smart meter needs to encrypt each electricity consumption interval, which leads to excessive computational overhead and low efciency.In 2019, Ming et al. [26] proposed to construct a multidimensional data aggregation scheme through an elliptic curve encryption method and a super-increasing sequence.Te super-increasing sequence ensures that messages of each dimension will not afect each other when the terminal is decrypted, but the terminal needs to solve the discrete logarithm problem to recover data, so the scheme is not efcient.In 2020, Zuo et al. [27] proposed a privacy-preserving multidimensional data aggregation scheme based on the ElGamal homomorphic cryptosystem with distributed decryption, which can resist joint attacks from the gateway and the control center.However, the ciphertext of each user in this scheme is composed of two parts, which leads to an increase in computation cost, communication cost, and storage cost.
In recent years, with the development of fog computing, many scholars have proposed many solutions in the context of fog computing.In 2018, Lyu et al. [28] proposed a privacy-preserving fog computing aggregation scheme using one-time padded homomorphic encryption, which uses a fog node to collect the transmitted data for efcient processing and calculation.However, in this scheme, the integrity of the user's encrypted data is not guaranteed.In 2019, Liu et al. [29] proposed an aggregation scheme supporting fog computing, which used the double trapdoor encryption scheme to construct a homomorphic encryption scheme supporting service organization query and self-query query.However, encrypting each dimension in this scheme incurs an additional heavy computational cost.In 2020, Merad-Boudia et al. [30] proposed a method of using coding to aggregate multidimensional data, which gives each dimension data a certain space according to certain rules so that each dimension data does not afect each other during aggregation and decryption.However, in this method, the length of the coding used is fxed, which is easy to cause space waste and increase storage overhead.
Compared with the above schemes, our scheme uses the Chinese Remainder Teorem to encode the user's multidimensional data, which overcomes the shortcomings of increasing computational overhead with the increase in data dimension and does not cause a waste of storage space.Terefore, our scheme is more practical.x ≡ e 1 mod b 1

Preliminaries
x ≡ e 2 mod b 2 Te form of the solution can be expressed as x � e 1 y 1 By x ≡ e i modb i , we can easily calculate e i .In our scheme, we make full use of the properties of the Chinese remainder theorem to obtain the aggregation value of multidimensional data.

Paillier Homomorphic Encryption.
Te paillier public key encryption algorithm is a popular homomorphic encryption which supports homomorphic addition.

Bilinear Pairing.
Let G 1 , G 2 be a cyclic group that satisfes the order of large prime number P, in which a pairing relation e: G 1 × G 1 ⟶ G 2 is defned to meet the following conditions.

Computability. For any
there is an efcient polynomial time algorithm to calculate the value of e(g a , h b ), e(g, h) ab .

Nondegeneracy. For any
set is a technique in combinatorial mathematics that plays an important role in the rapid detection of error signatures, as defned below.
Let set the following three conditions are satisfed: Figure 1 shows an example of a (3,5) threshold set for

System Design
4.1.System Model.In our scheme, we focus on how to securely aggregate user electricity consumption data and forward user electricity consumption data to the control center (CC) of the smart grid in a privacy-preserving way.
Figure 2 shows the system model of the smart grid.Tere are three main players in the system model: a large number of smart meters (SM), fog nodes (FN), and CC.Teir role in smart grid systems is as follows.

Smart Meter (SM).
A smart meter is a smart device installed by a utility company on a user's premises.It collects specifc real-time data from its surroundings and regularly reports it to the nearest fog node (FN).Obviously, we can easily connect smart meters to the users involved.

Fog Node (FN)
. FN is the intermediate node between the control center and the smart meter, with a high level of storage and calculative power.It performs three main functions: (1) verifying the authenticity of the message received; (2) data aggregation of incoming messages; and (3) transferring the aggregated messages to CC.

Control Center (CC).
After receiving the FN report, CC frst verifes the authenticity and integrity of the message, then decrypts the data.By decrypting the data, CC can learn the status of the entire smart grid in real-time, which can be used to conduct data analysis and make timely strategic adjustments.

Treat Model.
In our scheme, all participants (including CC and FN) were curious but honest.In general, CC and FN will interact exactly as defned, not tampering with calculations but trying to learn sensitive information from uploaded messages.In our threat model, we assume that an attacker has the following capabilities: (i) Attackers can intercept the communication information between SM, FN, and CC.In addition, the attacker can break into some users in a residential area, which means that the attacker will obtain all the consumption data and the corresponding security parameters of these users and attempt to infer the privacy information of other users through these data.(ii) Attackers can invade FN and CC databases, steal personal data and security parameters, and even damage FN and CC.Although the CC is powerful in reality, the data stored in it is not completely safe from the risk of being compromised because the attacker is powerful enough under our assumptions.

Security and Communication Networks
Terefore, CC can also be considered a formidable opponent because of its curiosity about user privacy.(iii) Attackers inject fake data into the system by intercepting messages and forging the identities of authorized users or tampering with data transmitted over a public communication channel to send fake power consumption data to the CC.In addition, attackers could launch attacks that compromise the data integrity of the smart grid.

Design Goals.
Our goal is to design an efcient and stable multidimensional data aggregation solution without a trusted third party, which can protect the privacy of the user while achieving the required functionality.Specifcally, our design objectives include the following design goals.

Security.
To avoid the leakage of users' privacy, the privacy of users' electricity data should be ensured.Specifcally, the electricity consumption data of users should be kept private during the whole communication process from SM to FN and then to CC. External adversaries do not have access to restore the plaintext of individual user data, ensuring that any changes to messages can be checked.Te authenticity and integrity of the data transmitted and the identity of illegal users can be checked by FN and CC.

Our SEMDA Scheme
In this section, we introduce our SEMDA scheme in detail.Te scheme consists of fve stages: system initialization, multidimensional data coding and encryption, batch verifcation and data aggregation, data decryption, and dynamic user management.Te symbols used in SEMDA and their descriptions are shown in Table 1.

Initialization Phase
Step 1: Given the security parameter k, system users set

Security and Communication Networks
Step 2: First of all, CC calculates N � p • q, λ � lcm(p − 1, q − 1); and for ease of calculation choose g � N + 1, choose l prime numbers , where b i ≥ nd max , 0 ≤ i ≤ l, d max is the upper bound of a single dimension of a user's electricity data, n is the number of users; and two Hash functions Ten, CC randomly selects n blind factors β i ∈ R Z N * , 1 ≤ i ≤ n and assigns to n users.Finally, CC public parameters l, N, g, G 1 , G 2 , h, e, H 1 ,  H 2 , B, ′ }, and set the private key as λ.
Step 3: User u i ∈ U randomly selects x i ∈ R Z N * as his private key and calculates Y i � h x i as his public key.Ten, FN randomly select x f ∈ R Z N * as his private key and calculate Y f � h x f as his public key.
Step 4: User form the user's shared key set.Trough the secure channel, users send R ij to user j .User u i ∈ U receives the shared key of other users, which forms the key set of users

and these user u i ∈ U uses his key set to calculate the encrypt key sk
To illustrate this, three user examples are given, as shown in Figure 3.

Reporting Phase.
When a user u i ∈ U needs to send smart meter data to FN at the interval T s , he will implement two steps.Step one: the user collects his multidimensional data ) and uses the Chinese remainder theorem to compute multidimensional messages Step two: the user encrypts message m i by c i � g m i H 2 (T s ) N(sk i +β i ) mod N 2 and generates the signature value σ i � H 1 (ID i ‖T‖c i ) x i with his private key x i , where T is the current time, which can used to defend against a replay attacks.After that, the user sends the data (c i , σ i , T, ID i ) to the nearest FN.

Reading Phase. Firstly, FN verifes the legitimacy and integrity of the message received from the users. FN verifes that the following formula e(σ i , h)�
? e(H 1 (ID i ‖T‖c i ), Y i ): If the verifcation fails, FN asks the user to resend the data.
Secondly, after the batch verifcation is passed, FN aggregates the data.Due to  n i�1 sk i � 0, we have where M �  n i�1 m i represents the value of all users' message aggregations.Ten, FN signs the aggregated value with its private key and generates the signature value therefore sk 1 + sk 2 +sk 3 = 0 u 1 computes secret key :

Decryption Phase.
After receiving the report from FN, CC frst verifes that the following formula is true for e(σ f , h) � ?e(H 1 (ID f ‖T‖c), Y f ).Ten, CC calculates that β 0 satisfes  n i�1 β i + β 0 � 0 mod λ to decrypt the cipher c using its private key λ.
Finally, the Chinese remainder theorem is used to calculate e i � M • y i mod b i , 1 ≤ i ≤ l, and e 1 , e 2 , • • • , e l   of each dimension of all users, which can be used for statistical analysis and strategy adjustment.

Dynamic User Management.
Our scheme supports dynamic user join and revoke.User failure can be considered as user revocation.

User Revoke.
When user u n ′ ∈ U revokes, FN broadcasts to revoke user ID n ′ .Each user removes the shared key R n ′ i of the revocation user and the shared key R jn ′ sent to the user in its own key set.Ten, others reupdate their set of shared keys, calculating the private key at this point in encryption.CC calculates the  n i�1 β i + β 0 ′ − β n ′ � 0 mod λ update decryption blind factor β 0 ′ .

User Join.
When user u i ′ joins, FN broadcast adds user identity information ID i ′ .Ten, other users update their key sets as initialized.CC randomly generates a blind factor β i ′ ∈ R Z N * , sends it to the user, and updates CC's decryption blind factor β 0 ′ according to  n i�1 β i + β 0 ′ + β i ′ � 0 mod λ.

Systems Analysis
6.1.Semantic Security of Encrypted Data.In our scheme, each user encrypts the user's electricity consumption c i � g m i H 2 (T s ) N(sk i +β i ) mod N 2 at T s time and submits it to FN for data aggregation, which we demonstrate to be semantically secure with the following theorem.

Lemma 1.
For given message m 0 and m 1 , encrypted ciphers are indistinguishable.
Proof.First, we randomly select a message in messages m 0 and Terefore, for the attacker, the indistinguishable ciphers c i (i ∈ 0, 1 { }) and c i ← $ are also indistinguishable.So, the attacker's advantage is adv A < negligible, the attacker cannot distinguish between encrypted messages m 0 or m 1 .Tus, the encryption scheme is semantically secure.End proof.□ 6.2.Privacy-Preserving.To prevent user privacy from being compromised, our proposal requires that neither FN nor CC restore user data for individual users.

Lemma . Even if an external attacker steals the communication channel between the user and FN and obtains the relevant data. Te attacker cannot get any information about the user's message.
Proof.External attackers stole messages between users and FN, obtaining (c i , σ i , T, ID i ).As our encrypted messages are semantically secure, therefore, the attacker cannot recover messages from users without knowing the secret key sk i and blind factor β i .End proof.

□
Lemma 3.Even if an attacker breaks FN, no private data can be inferred from the crypto c uploaded by the user.
Proof.Te message uploaded by the user is an encrypted cipher.FN can't decrypt without the key can only aggregate.Te aggregated information is as follows: Security and Communication Networks Without CC's and the private key, the attacker still cannot get any information about the user from the aggregated message.End proof.

□ Lemma 4. Te attacker destroys CC to obtain CC's private key and aggregated data. Te attacker cannot access any of the user's private information.
Proof.Te attacker destroyed CC and obtained CC's private key.By decrypting the data, the attacker can obtain aggregated plaintext information.But decryption messages are private to a single user's message and cannot analyze specifc information about single user.End proof.□ 6.3.Data Integrity.Our scheme has the functions of authentication and data completeness check, using bilinear pairing to sign and send the signature value to FN. Te attacker cannot deduce the secret key of the user's signature and forge the signature value.If forged successfully, the difcult problem of bilinear pairing is solved.However, it is impossible, so our scheme can protect the integrity of the data.
To better illustrate how to detect errors quickly, as shown in Figure 4, an example of a quick detection error signature is given.In our example, assuming that the wrong signature is randomly distributed and the wrong signature is σ 10 .We construct a (3, 5) threshold set.Depending on the nature of the threshold set, we can easily identify the wrong signature σ 10 .Compared to the 10 times it takes to detect an error signature by detecting it one by one, we only need to count up to fve times to fnd the wrong signature σ 10 , which improves the efciency of the calculation.For other details, please refer to [18].6.4.Functional Analysis.In our scheme, according to the property of paillier homomorphic encryption scheme, the ciphertext of the same plaintext is indistinguishable, so our key and blind factor can be reused.As is shown in Table 2, we compare the functionality of our scheme with that of other schemes.Our scheme is functionally superior.

Performance Evaluation
In this section, we evaluate our scheme in terms of computational overhead and communication overhead.Considering the computing power of smart meters and fog nodes.In literature [7,[9][10][11][29][30][31][32][33][34][35], paillier homomorphic encryption scheme has been widely applied in data aggregation schemes of the smart grid.In literature [10,11,13,29,30,32,33,[35][36][37][38], fog nodes are used as intermediate nodes to process data transmitted by smart meters.Terefore, our scheme is feasible in reality.Our experiment is based on the JPBC library and uses a computer confgured with an AMD R7-580H CPU@ 3.2 GHz and 16 GB of RAM with the Windows 11 operating system.We assume that there are k FNs in a smart grid system and n users in each FN.Te relative parameters of the bilinear pairing are shown in Table 3, and the size of the experimental selection parameters is shown in Table 4.In order to improve the accuracy of the test, we took an average of 30 times as the test result.As is shown in Table 5, we present the computational overhead for each stage; the encryption overhead is the computational overhead of a user.As is shown in Construct a uniform (3,5) set Detect the error    Security and Communication Networks Figure 5, we tested the computational overhead of a diferent number of users in the same dimension in an FN.In addition, as is shown in Figure 6, we tested the overhead of diferent dimensions for the same number of users.Since the cost of FN signature verifcation is primarily linear to the number of users, we will not show the cost of signature verifcation in Figure 6.

Computation Overhead.
First of all, we mainly consider the cost of the data operation, because the cost of the system initialization stage does not afect the delay of our system.In addition, T p to represent the computational cost of bilinear pairing.T m In our scheme, each user needs to spend T e 3 + T h 2 + T m 3 to encrypt message, spend T h 1 + T e 1 to generate his signature.So, the total computing cost of user is T h 1 + T e 1 + T e 3 + T h 2 + T m 3 .For FN, it needs to verify n user's signature in bulk, the computation cost is nT a 1 + (n + 1)T p + nT h 1 + (n − 1)T a 2 , the computation cost of data aggregation is (n − 1)T m 3 , and the computation cost of signatures is T h 1 + T e 1 , so the total computing cost of FN is nT a 1 + (n + 1)T p + (n + 1) T h 1 + (n − 1)T a 2 + (n − 1)T m 3 + T e 1 .Te experimental results show that dimensions have negligible impact on decryption costs.For CC, it spends 2T p + T h 1 to authenticate the signature and spends T h 2 + T m 3 + T e 3 to decrypt ciphertext, so the total computing cost of CC is (2T p + T h 1 + T h 2 + T m 3 + T e 3 )k.
In the MSDA scheme [31], each user needs to spend 3T e 3 + T h 2 + 2T m 3 to encrypt message.In the scheme, there is no signature process.Terefore, FN aggregation costs is (n − 1)T m 3 .CC decryption cost is (T e 3 + T m 3 )k.
In the EPMDA-FED scheme [18], each user needs to spend 2T a 3 to encrypt message, spend T a 3 + T h 1 + T m 1 to generate his signature, so the total computing cost of user is 3T a 3 + T h 1 + T m 1 .For FN, it needs to verify n user's signature in bulk, the computation cost is

and the computation cost of signatures is
For CC, it spends 2T p + T h 1 to authenticate the signature and (n − 1)T m 3 + 2T a 3 to decrypt ciphertext, so the total computing cost of CC is (2T p + T h 1 + (n − 1)T m 3 + 2T a 3 )k.
In the FPDA scheme [11], each user needs to spend T h 2 + T e 3 + T m 3 to encrypt message.In the scheme, there is no signature process.Terefore, FN aggregation costs is As shown in Table 6, we compared the calculation costs of diferent schemes.It can be seen that the computation is still efcient because we include signature authentication in our scheme.But batch verifcation is done mainly in FN and does not impose an additional computational burden on CC decryption.

Communication Overhead.
Communication overhead is calculated based on the size of the messages that the smart device sends to the fog node (SM − to − FN) and the fog node sends to the control center (FN − to − CC).
In our scheme, each SM reports the message Before FN communicates with CC, FN aggregates the user's data and sends aggregated data In the MSDA scheme [31], each SM reports the message c i to FN at each interval of time, so SM − to − FN's communication cost is |c i | � 2048n.Before FN communicates with CC, FN aggregates the user's data and sends the

Security and Communication Networks
In the FPDA scheme [11], each SM reports the message c i to FN at each interval of time, so SM − to − FN's communication cost is |c i | � 2048n.Before FN communicates with CC, FN aggregates the user's data and sends aggregated data c to CC.So FN − to − CC's communication cost is |c| � 2048k.
As is shown in Table 7, we compared the communication costs of other schemes.As can be seen from the table, the increase in communication cost of our scheme compared with the MSDA scheme and the FPDA scheme is mainly the communication cost of signature authentication.However, for the sake of the authenticity and integrity of the data.Terefore, our scheme's increased communication costs are necessary.

Conclusion
In this paper, we propose an efcient privacy-protecting multidimensional data aggregation scheme that does not require a trusted third party.Te multidimensional data is encapsulated by the Chinese residual theorem and then encrypted securely, which can efectively resist the collusive attack.In addition, the scheme also supports blind factor reusability and batch data validation, so it can better adapt to the requirements of multidimensional data aggregation in complex scenarios.Experimental results show that the scheme is feasible and efcient.

3. 1 .
Chinese Remainder Teorem.Let b 1 , b 2 • • • b n be l pairwise co-prime primes, e 1 , e 2 • • • e n denotes n integers, then the following congruence equations have a unique solution:

4. 3 . 3 .
Functionality.Te scheme can achieve the aggregation of user multidimensional data and support the integrity authentication of batch data without the participation of a trusted third party and the reuse of keys and blind factors.4.3.4.Computing and Communication Efciency.User meters have limited computing power.Terefore, the high efciency of computing and communication needs to be considered in smart grids.4.3.5.Dynamic User Management.Schemes should provide fexible equipment management mechanisms to support users in joining and exiting smart grid systems dynamically.

Figure 3 :
Figure 3: Te process of generating the user key.

Figure 4 :
Figure 4: An example of a quick error signature detection.

Figure 5 :
Figure 5: Calculation overhead for diferent user numbers in the same dimension.

Figure 6 :
Figure 6: Calculation overhead for diferent dimensions of the same number of users.
the system randomly selects two large primes p and q to generate the parameters (G 1 , G 2 , e, h).Te group G 1 , G 2 satisfes the bilinear relation e: G 1 × G 1 ⟶ G 2 and h is the generator of the group G 1 .Figure 2: Smart grid system model.

Table 2 :
Functional comparison of other schemes.

Table 3 :
Parameters of the type A curve.
1 to represent the multiplication of elements in group G 1 .T m 2 to represent the multiplication of elements in group G 2 .T m 3 to represent the multiplication of elements in group Z N 2 .T a 1 to represent the cost of adding elements in group G 1 .T a 2 to represent the cost of adding elements in group G 2 .T a 3 to represent the cost of adding elements in group Z N 2 .T h 1 represents the cost of mapping elements to group G 1 through Hash.T h 2 represents the cost of mapping elements to group Z N 2 through Hash.T e 1 to represent the cost of exponential operations in group G 1 .T e 2 to represent the cost of exponential operations in group G 2 .T e 3 to represent the cost of exponential operations in group Z N 2 .

Table 7 :
Comparison of communication overhead.