CN-122027167-A - Cross-domain power network authentication method and system based on edge calculation and threshold signature

Abstract

The invention discloses a cross-domain power network authentication method and system based on edge calculation and threshold signature, the method comprises the steps of system initialization, edge local pre-authentication, center coordination cross-domain authentication, target domain access control and edge key updating. The central node configures parameters and distributes keys, the edge node performs three-dimensional verification of identity, physics and behavior on the entity, the agent performs complex cryptographic operation to generate a pre-authentication signature, the central node issues a cross-domain credential after verification, the target domain edge node verifies authorization, and the edge node updates the keys according to the period. The method and the device integrate edge calculation and threshold signature technology, solve the problems of cross-domain trust transfer fracture, difficult computational power adaptation of a lightweight entity, insufficient authentication safety and the like, realize high-efficiency, safe and low-delay cross-domain authentication, adapt to cloud-edge-end architecture and are suitable for various cross-domain power network scenes.

Inventors

• JIANG PI
• LUO XIAOYAO
• ZHU LIEHUANG

Assignees

• 北京理工大学

Dates

Publication Date

20260512

Application Date

20260210

Claims (10)

1. 1. The cross-domain power network authentication method based on edge calculation and threshold signature is characterized by comprising the following steps: the system initialization comprises the steps of finishing power network domain division configuration, edge node deployment and cryptography parameter setting by a central node, generating a system parameter and self key pair, and distributing the key pair for the edge node; The method comprises the steps that an entity submits a cross-domain access application comprising multi-dimensional verification information to a peripheral edge node, and the edge node performs three-dimensional verification of identity validity, physical feature consistency and behavior state rationality on the entity; The center coordinates cross-domain authentication, namely the entity submits a cross-domain access application and a corresponding pre-authentication signature to the center node, and the center node verifies the compliance of application information and the validity of the pre-authentication signature; the target domain edge node performs validity verification on the cross-domain access certificate and the center signature, grants corresponding access rights to the entity and records an access behavior log after confirming the validity period and the access rights range of the certificate; and updating the edge key, namely according to a preset period, the edge node in the same area completes updating the own key fragments by generating a new key related polynomial, calculating the key increment fragments and interactively synchronizing the key increment fragments.
2. 2. The method for authenticating a cross-domain power network based on edge computation and threshold signature as recited in claim 1, wherein the system initialization specifically comprises: parameter initialization, central node selection base point Setting the steps as Generating a center key pair Wherein the relationship between the public key and the private key satisfies: ; Wherein MSK is a central node private key, MPK is a central node public key; the edge node key distribution, wherein a center node adopts a secret sharing protocol, and an edge node public-private key pair is generated by constructing a polynomial, and the polynomial is as follows: ; In the formula, A random number assigned to the corresponding region for the central node, Is the coefficient of the polynomial, As a parameter of the threshold value, The private key acquired by each edge node takes the polynomial corresponding to the node index as a value, and the public key is taken as a base point and is based on the exponent operation result of the private key, namely the edge node Key pair of (2) The method meets the following conditions: ; ; The unified public key of the whole authentication system is as follows: ; In the formula, Is the first The private key of the individual edge node, Is the first The public key of each edge node, wherein VK is an authentication public key; Entity registration parameters heterogeneous entities The pre-stored identity is as follows The collected hardware characteristic information is a hardware fingerprint The real-time operation state data collected is working condition data , Including hardware inherent identification such as a chip unique serial number, Including voltage, power plant operating parameters.
3. 3. The method for authenticating a cross-domain power network based on edge calculation and threshold signature as set forth in claim 2, wherein in the step of submitting a cross-domain access application including multi-dimensional verification information to a peripheral edge node, the multi-dimensional verification information submitted by the entity constitutes a multi-factor information packet, which is: ; ; ; In the formula, For a hardware fingerprint hash value, SM3 is a hash algorithm, For the hash value of the operating mode data, A time stamp is sent for the packet.
4. 4. The method for authenticating a cross-domain power network based on edge computation and threshold signature as recited in claim 3, wherein the step of performing blind factor generation and commitment set construction by the edge node agent in the process of performing complex cryptographic operations and generating related verification parameters by the entity is specifically as follows: after the entity information is verified by the edge node, two blind factors are generated And And constructs corresponding commitment set Wherein: ; ; In the formula, Is the first A first blind factor generated by the edge nodes, Is the first A second blind factor generated by the edge nodes, To be based on the promise value of the second blind factor, Is a commitment value based on the first blind factor.
5. 5. The method for authentication of a cross-domain power network based on edge computation and threshold signature as recited in claim 4, wherein the definition of the lagrangian coefficient in the process of the entity performing complex cryptographic operations and generating the relevant authentication parameters is: ; In the formula, Is the first The lagrangian coefficients corresponding to the individual edge nodes, In order for the set of edge nodes to participate in pre-authentication, For the index of the current edge node in the set, For the index of the other edge nodes in the set, Is the order of the finite field; Intermediate parameters calculated by edge nodes The following formula is satisfied: ; In the formula, Is the first The parameters returned by the edge nodes to the entity, To hash values based on application information and the commitment set, Is the first The private key of the individual edge node, Challenge value based on promise value, authentication public key and application information; Parameters (parameters) And The calculation mode of (2) is as follows: ; ; ; In the formula, An access application message sent for the entity, A list of committed shares for each edge node packaged for an entity, As a whole commitment value is set, Is the first A second blind factor commitment value for the edge node, Is the first A first blind factor commitment value for each edge node, Is the first Hash values corresponding to the edge nodes.
6. 6. The method for cross-domain power network authentication based on edge calculation and threshold signature as claimed in claim 5, wherein after the entity integrates the parameters returned by each edge node and verifies the validity, in the process of generating the complete pre-authentication signature, the entity verifies that the judgment condition of the validity of the parameters returned by the edge node is: ; In the formula, Is the first The local commitment value corresponding to each edge node, Is the first The public key of the edge node.
7. 7. The method for authenticating a cross-domain power network based on edge calculation and threshold signature as set forth in claim 6, wherein the entity submits a cross-domain access application and a corresponding pre-authentication signature to the central node, and the central node verifies the validity of the pre-authentication signature in the verification process of the compliance of the application information and the validity of the pre-authentication signature under the following conditions: ; ; In the formula, For the total parameters of the entity's integration, A verification challenge value calculated for the central node.
8. 8. The method for authenticating a cross-domain power network based on edge computation and threshold signature as recited in claim 7, wherein the center node generates a cross-domain access credential and adds a center signature, and in the process of sending the cross-domain access credential to the target domain edge node, the cross-domain access credential generated by the center node is: ; the generation formula of the center cross-domain signature is as follows: ; In the formula, Is a central cross-domain signature, schnorrSign is a Schnorr signature algorithm, cred is a cross-domain access credential, In order to access the destination domain identification across domains, For the identity of the entity source domain, For the credential validity period, permission is the access rights, Signed for pre-authentication.
9. 9. The method for authenticating a cross-domain power network based on edge calculation and threshold signature as claimed in claim 8, wherein the edge node in the same area completes the update process of the self-key fragments by generating a new key-related polynomial, calculating the key increment fragments and interactively synchronizing, and the polynomial construction and key fragment calculation process of the edge key update is as follows: Each edge node independently generates a new random polynomial The degree of the polynomial is the threshold parameter minus one, and the constant term is set to 0, and the polynomial form is: ; In the formula, Is the first The key update polynomials generated by the individual edge nodes, Is the coefficient of the polynomial, Is a threshold parameter; Edge node calculates Key delta sharding, first The edge node is the first Incremental fragmentation calculated by the edge nodes is: ; In the formula, Is the first Edge node to the first Key increment fragmentation sent by the edge nodes; Edge node update Key shard, first After each edge node receives the incremental fragments sent by all other edge nodes, the new key fragments are as follows: ; In the formula, Is the first Private key shards updated by the edge nodes, For the total number of edge nodes, Is the first The edge node sends out the first Key delta fragmentation for individual edge nodes.
10. 10. A cross-domain power network authentication system based on edge calculation and threshold signature, and a cross-domain power network authentication method based on edge calculation and threshold signature as claimed in any one of claims 1 to 9, comprising: The system initialization module is used for completing power network domain division configuration, edge node deployment and cryptographic parameter setting by the central node, generating a system parameter and self key pair, and distributing the key pair for the edge node; The edge local pre-authentication module is used for submitting a cross-domain access application comprising multi-dimensional authentication information to peripheral edge nodes by the entity, and the edge nodes perform three-dimensional authentication on identity legitimacy, physical feature consistency and behavior state rationality of the entity; The center coordination cross-domain authentication module is used for submitting a cross-domain access application and a corresponding pre-authentication signature to the center node by the entity, and the center node verifies the compliance of application information and the validity of the pre-authentication signature; The target domain access control module is used for verifying the validity of the cross-domain access certificate and the center signature by the target domain edge node, granting corresponding access rights to the entity and recording an access behavior log after confirming the validity period of the certificate and the access rights range; And the edge key updating module is used for updating the key fragments of the edge nodes in the same area according to a preset period by generating a new key correlation polynomial, calculating the key increment fragments and interactively synchronizing the key increment fragments.

Description

Cross-domain power network authentication method and system based on edge calculation and threshold signature Technical Field The invention belongs to the technical field of power network authentication, and particularly relates to a cross-domain power network authentication method and system based on edge calculation and threshold signature. Background With the deep development of the global energy internet and smart grids, a cross-domain power network has become a key infrastructure for supporting regional energy optimal configuration and economic collaborative development. The large-scale system such as the cross-border interconnected power grid and the like is landed, the deep fusion of power networks in different areas, standards and management modes is realized, massive heterogeneous entities are connected to form a 'cloud-side-end' collaborative architecture, but the entities have obvious differences in the aspects of calculation, storage, communication and the like, and strict requirements are put on the safety, the instantaneity and the compatibility of cross-domain authentication. The current cross-domain power network authentication system has a plurality of outstanding problems, the contradiction between the calculation power of heterogeneous entities and the authentication requirement is outstanding, the light-weight entities are difficult to operate complex encryption algorithms, and the centralized authentication center is prone to problems of exceeding delay, single-point faults and the like when facing massive concurrent requests. The cross-domain trust transfer is broken, the different domains adopt independent authentication systems, the authentication certificates cannot be multiplexed mutually, the entity cross-domain needs repeated authentication, and the operation and maintenance cost and the delay are high. In addition, the authentication dimension is single, the existing scheme depends on a digital certificate and a user name password, physical characteristics and behavior characteristics are lacked to verify, and the security risk is high. The prior art has insufficient suitability, and the problems of potential safety hazard, overhigh expenditure, higher delay and the like exist in the schemes of distributed, PKI, blockchain and the like respectively, and the edge calculation and threshold signature technology still faces challenges in the deep fusion of the cross-domain power scene. Disclosure of Invention Therefore, the invention provides a cross-domain power network authentication method and a system based on edge calculation and threshold signature, which are used for solving or partially solving the problems mentioned in the background art. In order to achieve the above purpose, the invention provides a technical scheme that in a first aspect, a cross-domain power network authentication method based on edge calculation and threshold signature is provided, comprising the following steps: the system initialization comprises the steps of finishing power network domain division configuration, edge node deployment and cryptography parameter setting by a central node, generating a system parameter and self key pair, and distributing the key pair for the edge node; The method comprises the steps that an entity submits a cross-domain access application comprising multi-dimensional verification information to a peripheral edge node, and the edge node performs three-dimensional verification of identity validity, physical feature consistency and behavior state rationality on the entity; The center coordinates cross-domain authentication, namely the entity submits a cross-domain access application and a corresponding pre-authentication signature to the center node, and the center node verifies the compliance of application information and the validity of the pre-authentication signature; the target domain edge node performs validity verification on the cross-domain access certificate and the center signature, grants corresponding access rights to the entity and records an access behavior log after confirming the validity period and the access rights range of the certificate; and updating the edge key, namely according to a preset period, the edge node in the same area completes updating the own key fragments by generating a new key related polynomial, calculating the key increment fragments and interactively synchronizing the key increment fragments. As a preferred scheme of the cross-domain power network authentication method based on edge calculation and threshold signature, the system initialization specifically comprises the following steps: parameter initialization, central node selection base point Setting the steps asGenerating a center key pairWherein the relationship between the public key and the private key satisfies: Wherein MSK is a central node private key, MPK is a central node public key; the edge node key distribution, wherein a center node adopts a secret sharing protoc