Security scheduling and transaction mechanism of virtual power plants based on dual blockchains

Aiming at the data authenticity and storage problems in the current coordinated scheduling of virtual power plants, as well as the opaque information and high transaction costs, a dual blockchains security mechanism is proposed to solve above problems. In the process of security scheduling, a hybrid attribute proxy re-encryption algorithm based on ciphertext strategy is designed. The algorithm is composed of an identity encryption algorithm and an attribute proxy re-encryption algorithm with ciphertext strategy. Combining blockchain, tamper-proof smart metering equipment can effectively solve data authenticity and confidentiality in the information transmission process of distributed energy. In the research process of the trading mechanism, a continuous double auction mechanism based on reputation is proposed. In order to create a favorable trading atmosphere, reputation-based market segmentation mechanisms are integrated, and participants are divided according to reputation value. Depending on the properties of the stored information, they are divided into the private blockchain (with coordination scheduling information) and the consortium blockchain (with transaction information). The system analysis shows the reliability of the dual blockchains architecture. The communication and calculation costs of the proxy re-encryption algorithm verify the practicability of the proposed scheme. The case analysis of the auction mechanism declares that the mechanism can operate effective in the electricity trading market.


Introduction
According to the global greenhouse gas emission data in 2010, energy production such as electricity and industry accounted for 76% of the total global emissions in that year. Considering the impact of greenhouse gas emissions on climate change [1] and the cost and supply of fossil fuels, the traditional single form of thermal power generation can no longer meet the needs of people's lives, and the academic community has begun to study new power supply modes.
A long with the development of Energy Internet (EI), the power supply model in the future may be gradually transformed into Distributed Energy Resources (DER) as the main primary energy [2]. DER is mainly composed of Distributed Generation (DG), Distributed Energy Storage (DES), Dispatchable Load (DL), Electric Vehicle (EV) and so on [3]. When the clean and efficient DG represented by Wind Energy (WE), Hydroenergy (HE) and Photovoltaic (PV) are integrated into the power grid, the above greenhouse gas emission problems can be effectively alleviated [4]. Experts pointed out that by the end of 2016, about 25% of the world's electricity originated from DER, also predicted that DER generation will account for about 30% in 2022 and even more than 60% in 2050 [5]. Although DER is widely valued, there are still certain problems remaining in its application. Firstly, features of the DG are small capacity and uneven distribution, energy generation from the DER is intermittent and random making energy less reliable [6]; Secondly, when the power generated by DER is directly connected to the grid, these powers are invisible and uncontrollable. If the amount of grid-connected is too large, it is easy to cause load fluctuations, which will cause the power system to lose safety and reliability [7]; Finally, the supply-demand relationship of the power market becomes a bottleneck hindering further advancement of DER.
In order to mitigate the problems caused by DER connected to the grid directly, two different grid-connected technologies were proposed in the industry, Micro Grid (MG) and Virtual Power Plant (VPP) [8]. MG, a small power distribution system with integration of several modules composed of DG, the controllable load, energy storage and energy conversion equipment especially including monitoring and protection equipment [9], have a certain energy management function, can enhance the reliability of power supply and provide continuous power supply for important users. Nevertheless, there are certain physical limitations, the characteristics of DER (large-scale, multi-regional) would lead to results that cannot be fully utilized in the MG. In contrast, VPP is not restricted by geographical location, can coordinate and manage the market operation of centralized and distributed energy through advanced coordinated control technology, intelligent metering technology and information and communication technology without changing the original grid-connection mode of DG [10]. Currently, the research and use of virtual power plants are mainly concentrated in developed countries such as Europe and North America. Mashhour and Moghaddas-Tafreshi [11] defined VPP as the flexible combination of a portfolio of DER that could maximize market benefits through bidding. Then, they proposed a non-equilibrium model of the deterministic price-based unit commitment which took into account the constraints of VPP itself, and used genetic algorithms to solve the bidding results. It is an inevitable trend to include more and more DER in the future distribution system, and a large number of VPPs will be established. The trading strategy between VPPs is a problem to be solved. For this consideration, Shabanzadeh et al. [12] established a medium-term selfscheduling decision-making layer for VPP to solve the interests of different trading layers, the correctness of the decision is ensured by an effective risk management method based on the first-order stochastic dominance constraint. A key problem in deciding to provide bidding strategy for VPP is the accurate modeling of uncertain variables. To solve this issue, a stochastic adaptive robust optimization model was proposed by Baringo et al. [13].
The optimization model consisted of robust optimization model and stochastic programming model, and the case study results of the model proved the applicability of the scheme. In the electricity market environment of Europe and the United States, Baringo et al. [14] discussed the self-dispatching problem of VPP energy trading and reserves set up a day-ahead. They proposed a model to solve this problem by considering the uncertainty related to the virtual power plant required by the system operator to deploy reserves. A distinctive feature of the model is the use of adaptive robust optimization to model demand uncertainty. In addition to theoretical research, EU countries had already started to implement a series of VPP projects, such as VFCPP [15], FENIX [16], EDISON [17] and GVPP [18].
The above-mentioned literatures and projects show the potential of VPP in energy market trading and scheduling, and can be used for reference for further research in the future. However, there are still some common problems in the existing VPP grid connection technology: a) DER grid connection is highly free. With the increase of the number of DER in the grid, VPP is difficult to meet the profit-seeking demand and grid connection behavior of the massive DER in the power market driven by real-time electricity price, which increases the difficulty of the designing and implementing its coordinated control technology. b) VPP lacks an open and transparent trading platform and information platform, transactions between VPPs and transactions with other users usually have high costs. In the meantime, due to the information asymmetry between VPP and DER, so DER's enthusiasm to participate in electricity trading is not high. c) Lacking a set of methods or mechanism to ensure the security of data and information in the existing VPP system. The information needed by dispatching is directly transmitted through two-way communication technology. If the dispatching information is tampered with maliciously during the transmission, it will seriously affect the security and stability of the current power market.
In 2008, the outbreak of the global financial crisis prompted Satoshi Nakamoto to propose a decentralized digital currency bitcoin, and the blockchain is the core technology that supports the operation of bitcoin [19]. After passing through the frenzy period of digital currency, blockchain has become one of the research hotspots in academia due to its decentralization, trustlessness, openness and transparency. With continuous research, the application range of blockchain has become more and more extensive, and it is no longer limited to the financial sector. The integration of blockchain into the energy industry can provide new solutions to the above problems. Different from the traditional centralized system, each node on the blockchain is given the same power. Even if a single point of failure occurs, it will not affect the entire blockchain system [20]. Unguru [21] analyzed the advantages and risks of blockchain application in the energy sector, and conclused that the advantages far outweigh the disadvantages for consumers. A survey of decision makers in the German energy industry was conducted by Burger et al. [22], which showed that most people think that blockchain technology has great potential in the energy field. Hasse et al. [23] introduced the history of blockchain technology and its potential impact in different industries, and then emphatically analyzed the feasibility of applying blockchain technology to the energy industry from the perspective of consumers. At the same time, the challenges from laws or rules faced by the application of blockchain in the energy industry were also described in detail. Starting from the concepts and characteristics of blockchain technology and virtual power plant, Starting from the concepts and characteristics of blockchain technology and virtual power plant, He and Ai [24] analyzed the feasibility of blockchain technology in VPP and the complementarity between the two fusions. With the continuous growth of DER, how to reasonably integrate new participants into the energy market has become a key problem that must be solved. Therefore, Galici et al. [25] designed a physical platform to simulate the local electricity market. The platform was mainly managed by an integrator who plays the role of VPP. The integrator needed to collect and publish the quotation information of transaction participants, and then used blockchain technology to complete the user's business transaction. The development of technology promotes the evolution of smart grid to EI. For the better development of EI, Lu et al. [26] established a blockchain-based VPP transaction model for EI driven by electricity prices in real time. In order to simplify the existing complex power transaction and settlement process, a VPP distributed energy transaction smart contract based on blockchain technology was proposed. The promotion of electric vehicles not only brings clean and environmental protection, but also makes the power transaction, especially caused by charging and discharging, face more severe security challenges. Li and Hu [27] designed a two-layer optimized dispatch architecture based on consortium blockchain, and realized safe two-way power trading between electric vehicles and smart grids under the constraints of circuit power flow and vehicle travel demand. Most of the above-mentioned documents focus on the energy dispatch and transaction process, without too much analysis of blockchain technology. This paper focuses on the specific role of blockchain technology to realize the energy dispatch and transaction process in the operation of VPP. The main contributions are summarized as follows: a) Considering that the amount of real-time data generated by DER is too large, a storage architecture based on dual blockchains is proposed, which consists of a private blockchain at the bottom and a consortium blockchain at the top. The private blockchain is formed by each DER supplier to store the production information required for VPP scheduling calculation. The central node of the private blockchain has the risk of tampering with data. We use a more secure alliance blockchain to ensure the security of private chain data, mainly by storing private blockchain abstracts. The alliance blockchain is composed of all nodes in the system. It not only stores the private blockchain abstracts, but also stores transaction information involving the interests of participants. b) A large amount of data and information are needed in the VPP scheduling process. To avoid malicious tampering of key information and ensure the confidentiality and authenticity of the information, a hybrid attribute proxy re-encryption algorithm based on ciphertext strategy is proposed. Agents can convert ciphertext based on attribute encryption into ciphertext identity-enabled encryption, which reduces the decryption cost of data visitors. c) In order to ensure that participants have good market behavior, a reputation-based continuous double auction mechanism is proposed, which combines a reputation with market segmentation mechanism and a continuous double auction mechanism. The reputation value and identity of the participants are the basis for their classification. The higher the reputation value, the more preferential treatment the participants can get. In addition, this paper proposes the concept of energy currency to facilitate transactions in the electricity market, which will be the only currency in system transactions.
The rest of this paper is arranged as follows: Section 2 introduces the preliminary knowledge. In Section 3, we discuss the basic framework diagram of virtual power plant resource scheduling and transaction mechanism based on dual blockchains. We described the specific implementation details of the scheme, such as the process of re-encryption based on the attribute proxy of the blockchain, the process of the reputation-based blockchain energy transaction mechanism, and the process of block generation in Section 4. In Section 5, we conduct a safety analysis and performance evaluation of the proposed scheme. Finally, we summarize the whole paper.

Preliminaries
Blockchain As a whole, blockchain, which enables data storage, circulation and processing by integrating various existing technologies, is a new distributed computing parading. It uses the distributed node consensus algorithm to generate and update the data, uses cryptography to ensure the immutability and unforgeability of the stored data, and the data transmission between nodes is completed through the point-to-point network [28]. Currently, in the light of different modes of node participation, blockchain network can be divided into three types: public blockchain, consortium blockchain and private blockchain [29].
Among them, non-public blockchains such as consortium blockchain and private blockchain can be collectively referred to as permissioned blockchain. The public blockchain is also known as the permissionless blockchain, which allows any user with a network computer in the world to freely join and read block information freely. It is a completely decentralized blockchain in the true sense. Consortium blockchain refers to a multicentralized blockchain composed of multiple organizations or institutions with the characteristics of common maintenance and access mechanisms. Only institutions certified by the consortium can join the consortium blockchain. A private blockchain refers to a blockchain in which the write permission of each node is completely controlled by an organization, and the read permission is selectively opened to the outside world by the organization. Although the consensus and verification processes of private blockchains are strictly limited to specific scopes by belongs institutions, they still have a general structure of multi-node blockchains, and private blockchains are often regarded as public blockchains within a small-scale system. The model diagram of the three blockchains is shown in Fig. 1.

Virtual power plant
The Virtual Power Plant (VPP) originated from the definition of virtual public facilities which proposed by Awerbuch and Preston [30]. Virtual public facilities refer to a flexible cooperative relationship between independent entities driven by the market. This virtual cooperative relationship enables participating entities to provide consumers with high-quality power services without having to own corresponding physical assets.
The traditional VPP is committed to regional power integration, so as to provide better power services for internal users. Nevertheless, with the addition of emerging technologies such as Demand Response (DR), Demand-Side Management (DSM) and Local Energy Market (LEM), VPP has gradually played the role of the unified DER agent in LEM. While realizing the integrated scheduling of DER, it is also necessary to provide technical support for DER to participate in the bidding and ancillary services of the electricity market. For VPP, its nerve center is the dispatching control center. Wei et al. [31] divides it into two modules according to their functions-Commercial VPP (CVPP) and Technical VPP (TVPP). The operation process and division of responsibilities of the two modules are shown in Fig. 2. CVPP is a VPP considered from the perspective of commercial revenue, aiming to improve the overall benefits of VPP. CVPP, regardless of the impact of VPP on the distribution network, adds DER to the electricity market in the same way as traditional power plants. CVPP receives economic parameters from DER, and then combines these parameters with market intelligence to develop a profit-driven bidding plan. Once the market authorization is obtained, CVPP will sign a medium and long-term contract with LEM, and submit DER generation schedule and operation cost information to TVPP [32]. CVPP can represent any number of DER, and DER can also arbitrarily select a CVPP to join in order to enter the electricity market for energy trading. Such as energy suppliers, trusted third parties or new market entrants can assume the responsibilities of CVPP. The purpose of CVPP is to maximize the benefits.
Different from CVPP, TVPP, from the perspective of system scheduling, mainly responsible for parameter collection and operation monitoring. After TVPP integrates the data parameters provided by CVPP and DER, it calculates the contribution that the DER belongs to, and then declares the operating characteristics of the VPP to the power dispatch operation center. When the dispatching center finds the risk of power flow overrun or power imbalance in the operation plan of VPP, the dispatching center will send dispatching instructions to TVPP, so that TVPP can ensure the stability and security of power system by responding to the dispatching instructions in a timely manner. It should be noted that the operation plan of VPP is evaluated together with that of traditional power plants. If the evaluation is approved, DER shall strictly follow the plan issued by TVPP.
Economy and safety are important cornerstones to ensure the lasting and stable operation of VPP, whereas CVPP and TVPP correspond to these two characteristics respectively. Namely, to ensure the economy and security of VPP is to ensure the stable operation of CVPP and TVPP.

Bilinear pairing
Supposing the three cyclic groups G x , G y and G z of order p and the generator g, based on bilinear pairing, there is a mapping relationship e : G x × G y → G z , and the following properties are satisfied [33]: a) Bilinear: For g x ∈ G x , g y ∈ G y , q; h∈Z Ã p , there is always Ǝ eðg q x ; g h y Þ ¼ eðg x ; g y Þ qh . b) Non-degeneracy: Always exists g x ∈ G x , g y ∈ G y , such that e(g x , g y ) ≠ 1. c) Computability: There is an effective algorithm that makes e(g x , g y ) computable under the condition of g x ∈ G x , g y ∈ G y .
When G x =G y , the pairing can be called symmetric bilinear pairing, otherwise it is asymmetric. It should be noted that the bilinear pairing mentioned here is based on the prime order, that is, p is a prime number.
It should be noted that the bilinear pairing mentioned here is based on the prime order, that is, p is a prime number. Boneh et al. [34] introduced a new bilinear pairing based on composite order to the field of cryptography. The composite order bilinear pairing can prove its safety under the premise of realizing high-complexity functions through the orthogonality of sub-groups.

Access structure
Assume there is a set of parties P = {P 1 , P 2 , …, P n }, then we define a collection A ⊆ 2 P . The collection is monotonic if for any B and C, we can conclude that C ∈ A when B ∈ A and B ⊆ C. An access structure is a collection A of nonempty subsets of P (access structure and collection A are monotonic), such as A ⊆ 2 P \∅. The set in A are called authorized sets, on the contrary, they are called unauthorized sets.

Smart contract
The concept of smart contract first proposed by Szabo [35] in the late 1990s. Its basic idea is to embed part of contract into hardware or software in the form of code, so as to achieve a certain degree of decoupling with people when executing the contract, and to reduce the possibility of breach and increase the cost of breach. The essence of a smart contract is a treaty signed and recognized by both parties or even multiple parties. To ensure the effective execution of the contract, a trusted third party or arbitration institution will be needed. The smart contract incorporates the concept of machines into the execution of the contract, virtualizing part of the functions of the arbitration institution. If one party breaches the contract, the software or hardware of the machine needs to be modified, which increase the difficulty of breaching the contract.
Since 2016, the smart contract technology represented by Ethereum [36] has attracted increasing attention. The European Conference held in February 2017 pointed out that smart contract technology is the most promising one among the various applications of blockchain. Smart contracts are typically stored in blockchain as scripts, whose stored procedures can be referenced from operations in relational database management systems. Blockchain technology is the basis of smart contract, which solves the problem of contract execution in the absence of a trusted third party. Smart contract reflects its value through blockchain, and the value of blockchain is also released due to smart contract.

VPP data storage and sharing model System global model
In view of the lack of transparent VPP platform and the difficulty of data analysis, this paper proposes an information storage system based on blockchain technology. Different from most storage systems based on blockchain technology, this system will adopt two sets of blockchain systems: consortium blockchain and private blockchain. As shown in Fig. 3, VPP is divided into CVPP transaction information storage layer based on consortium blockchain and TVPP scheduling information storage layer based on private blockchain, which are referred to as Commercial Transaction Consortium Blockchain (CTCB) and Technology Scheduling Private Blockchain (TSPB).
Through the design of VPP information storage and sharing architecture of dual blockchains, the advantages of the consortium blockchain and private blockchain can be fully combined, so that they can play advantages at the level of their respective managements. Energy trading is an important part of national management. In the CVPP transaction layer, the consortium blockchain can be used to set the threshold for the entry of nodes, and the data access right of nodes can also be set and controlled. Meanwhile, the consortium chain inherits the advantages of partial decentralization of the public blockchain, and avoids the monopoly pressure similar to the high concentration of the private blockchain. Since the number of nodes in the consortium blockchain is known, a more efficient consensus algorithm can be used to improve the system performance and transaction efficiency without consuming huge computing power to maintain the system. In addition, when VPP performs energy dispatch, it needs a large amount of production information form DER, such as energy type, working power, generation quota and other external information as for local time, geographical location, weather and so on. Using private blockchain in TVPP scheduling layer can achieve efficient, large capacity and low-cost information storage. Therefore, the purpose of this paper is to realize the complementarity of the two blockchains to form a practical information storage scheme.

TSPB local storage model
TSPB is mainly used to record the relevant information required by energy dispatching in the region under the jurisdiction of VPP, and relies on the nature of blockchain technology to ensure the authenticity, integrity and privacy of relevant information. TSPB is composed of TVPP, Power Dispatching Control Center (PDCC) and DER which TVPP belongs, each VPP can build its own TSPB. Data storage in TSPB is similar to Bitcoin, when a new block is allowed to be added to the blockchain, distributed nodes link it to the longest legal blockchain. The information recorded by the blockchain exists in these blocks, which are divided into block header and block body [37]. The block header is mainly used to store version number, previous block hash, timestamp, Merkel root and current block hash. Merkel root represents the total hash value of all transaction combinations contained in the block. The concrete information of the transaction is stored in the block body. The transaction data is hashed by pairwise pairing through the Merkel tree [38], and finally points to the Merkel root in the block header. The specific data storage model is shown in Fig. 4 (a).

CTCB local storage model
CTCB is mainly used as LEM's energy transaction record. It also relies on the nature of blockchain technology to ensure the authenticity, integrity, openness and traceability of the transaction process. CTCB is composed of Power Exchange Center (PEC), CVPP, residences, factories and DER which CVPP belongs. Unlike TSPB, there is only one CTCB in EI, and its operation is jointly maintained by all nodes in the network. CTCB adopts the data storage mode of Ethereum. Ethereum has improved the storage mode of bitcoin and proposed an accountbased data storage mode. Based on the storage mode of Ethereum, there is an additional LogsBloom filter in the block header. This filter is mainly used to judge whether the transaction of a block has generated a log, thereby avoiding the storage of log information in the block and saving space. What's more, it stores Merkel Patricia tree (MPT) roots instead of Merkel roots. MPT is composed of Merkel tree and Patricia tree (PT). The difference between MPT and PT is that the pointer of connection node is hash pointer, and a Merkel root will be saved in the end. PT is a variant of the prefix tree. Its working principle is similar to that of the prefix tree, but the characters of the prefix tree are compressed to save storage space. There are three types of MPT root in Ethereum: status root, transaction root and receipt root. There is only one status tree in the whole system, which records the account status of the whole blockchain network, such as account balance. In each block, there will be a transaction tree and a receipt tree. The former records the transaction information of the block, and the latter records the transaction receipt of the block. In order to ensure the security of data in TSPB, the transaction tree of CTCB should store not only transaction information, but also TSPB block hash value. The CTCB data storage model is shown in Fig. 4  Coordinated control technology The objects controlled by the coordinated control technology are mainly DER such as DG, energy storage system, controllable load and EV etc., and the purpose is to realize the electric energy output of diversified DERs to users with high demand [31]. Considering the randomness or intermittence of renewable energy (light and wind) power stations, the DG classified into VPP should include at least one fully controllable power station (conventional power station) [39]. VPP can be divided into centralized control, decentralized control and hybrid control according to its internal DG composition and operation mode [40].
In centralized control mode, the energy coordination in the region under the jurisdiction of VPP is performed by the Control Coordination Center (CCC) located in the VPP center. CCC processes and analyzes the data from DER through appropriate algorithms (mathematical algorithm or heuristic algorithm, the former is used to solve linear programming problems, and the latter is used to solve nonlinear programming problems), so as to obtain the scheduling of each DER, then DER works according to the CCC scheduling scheme to achieve global coordination. However, this structure is only used when CCC has very strong computing power and communication bandwidth, and a single point of failure of CCC will cause the system to crash. In decentralized control mode, VPP no longer owns CCC, and each DER is in an independent alliance relationship. VPP here only provides key parameters and information exchange channels for DER, and does not participate in DER energy scheduling process. The DER belonging to it realizes self-scheduling according to the information from VPP. Under this mode, the composition of VPP is loose, and the competition between DER is fierce, which is not conducive to long-term development. The hybrid mode integrates the characteristics of the above two patterns, which not only has CCC to coordinate the global scheduling, but also gives DER part of the autonomous control. In this mode, DERs with the same ownership are integrated and managed by the same agent, and VPP directly interacts with each agent for information. Agents share part of the integration tasks of virtual power plants, which, compared with the centralized control mode, reduces the computing burden of CCC and alleviates the communication pressure. Compared with decentralized control mode, DER ensures the internal coordination of VPP system while guaranteeing a certain degree of autonomy.
Intelligent metering technology Intelligent metering technology is an important part of VPP. Intelligent devices such as smart meters using intelligent metering technology are embedded into the power supply side or the terminal of equipment on the power side to realize real-time data recording and uploading. Finally, the data is aggregated to the VPP, and VPP will perform the aforementioned coordination scheduling based on the data. To ensure the authenticity of recorded data, smart devices should have tamper-proof features.

Information communication technology
The technology guarantees the normal communication between VPP and DER. VPP mainly adopts two-way communication technology. On the one hand, VPP can receive the status information transmitted by the intelligent devices embedded in each unit. On the other hand, it can send scheduling control information to each unit.

Security scheduling model
Since VPP is data-driven, damaging the data authenticity will seriously affect the stability of the system. Different from traditional VPP information interaction, this paper adopts blockchain technology to share information. Blockchain technology can only guarantee the invariability of recorded data, while the credibility of input data cannot be guaranteed, it is necessary to use tamperproof intelligent metering devices to input data [41]. The data of smart metering devices are updated and uploaded in real time. If it is directly transmitted to the VPP through the blockchain technology, it will cause a huge communication burden. VPP usually aggregates data every 5 or 15 minutes. To ensure the authenticity and confidentiality of data during this period, smart metering devices encrypt the data and store it in the blockchain. When data is encrypted, it is difficult to share it with other users who want to access it. Proxy reencryption [42] can convert the encrypted file into ciphertext that the data requester can decrypt with his/her private key through a semi-trusted agent without disclosing the private key of the delegator. In the hybrid control model, each DER agent can just act as the identity of the re-encryption proxy. The specific security scheduling model is shown in Fig. 5.
The various process steps occurring in the system model are described as follows: Step 1. The verification organization verifies the nodes that apply to join, and the verified nodes use identitybased encryption algorithms to generate exclusive public-private key pairs (PK ID , SK ID ). In the scheduling process, it is mainly to analyze and process the information uploaded by DER. In order to ensure the confidentiality and sharing of the uploaded information, this paper adopts the ciphertext-based hybrid proxy reencryption technology. Therefore, verification organization needs to additionally generate an encryption key SK S for DER, which is generated by an attribute-based encryption algorithm and can encrypt uploaded information according to attributes.
Step 2. DER with built-in tamper-proof intelligent metering device uses encryption keys SK S to encrypt the real-time production data according to attributes, and then stores the encrypted data in the private chain TSPB. At the same time, DER continuously conducts energy transactions through CVPP, and its transaction information is stored in the consortium blockchain CTCB. To ensure the security of private blockchain data, the private blockchain hash will also be stored in the consortium blockchain.
Step 3. Under the hybrid control model, DER agents share the operating pressure of TVPP, and DER agents are responsible for the same ownership of DER. When TVPP in the private chain needs a new round of scheduling, it needs to send a data access application to the DER agent.
Step 4. After receiving the data access application from TVPP, the DER agent aggregates from the private blockchain TSPB the data CT A that has been encrypted and uploaded by DER during the period since the last scheduling.
Step 5. Since the DER agent has the ownership of the DER under its jurisdiction, the proxy re-encryption key RK S→ID VPP is directly generated by the DER agent, without the need for DER generation and forwarding to the DER agent. The SK S required in the re-encryption key generation algorithm is issued and obtained by the verification organization in the Step 1. After generating RK S→ID VPP , DER agents use it to re-encrypt the ciphertext CT A to obtain the re-encrypted ciphertext CT ID VPP .
Step 6. After CT ID VPP is generated, the DER agent immediately sends it to TVPP. TVPP obtains CT ID VPP and decrypts it with its own private key SK ID VPP to obtain the data required for scheduling.
Step 7. The CVPP based on the alliance blockchain collects the quotation information within its jurisdiction, and then promotes the electric energy transaction through the continuous double auction mechanism based on reputation. Participants who have not successfully traded will be handled by PTC. During the transaction, DER's reputation value and transaction volume and other relevant economic information will be transmitted in VPP's internal communications. It should be noted that the internal communication of VPP is two-way, which means that CVPP can also obtain messages from TVPP at this stage.
Step 8. Collecting production information from DER and economic parameter information from CVPP, TVPP calculates the optimal global scheduling plan by using mathematical algorithms or intelligent heuristic algorithms. During the calculation process, DER agents can share the calculation pressure for TVPP. In addition, the reputation value of DER can affect the final result to a certain extent, and those with high reputation value will appropriately consider allocating more production quotas.
Step 9. TVPP first sends the calculated scheduling plan to PDCC for security verification. If the verification passes, TVPP sends the plan to all DER agents in the same private blockchain. If the verification fails, TVPP needs to recalculate the new optimal scheduling plan.
Step 10. The DER agent sends the received scheduling plan to the DER under its jurisdiction, and then supervises the DER to respond to the scheduling optimization plan. The response rate and the degree of completion of the plan will affect the evaluation of the reputation value.

VPP market trading model
At present, DER transactions are mainly divided into two ways: P2P transactions and centralized clearing [43]. The former is a direct transaction between individuals, in which both parties have only Power Units (PU) and Generation Units (GU), and the transaction is automatically executed through a pre-made contract. The latter is a unified transaction under the optimal scheduling of the intermediary, that is, in addition to the two parties of the transaction, there should also be a third-party platform to match the transaction. For DER transactions based on blockchain, centralized clearing may be a good choice.
According to the way of quotation, the centralized clearing can be further subdivided into call auction and Continuous Double Auction (CDA) [43]. Under the call auction mode, once the two parties of a transaction give a quotation, it is impossible to modify it. The third-party platform summarizes all the quotations and matches them according to the quotation and demand of both parties. Instead, CDA allows both parties to modify their quotations during each auction. Compared with the two parties, CDA is more conducive to realizing the goal of maximizing benefits, which is also the specific transaction mode adopted by the transaction model proposed in this paper.
To ensure that both parties have good market behavior, we have introduced the concept of reputation in the CDA auction mechanism, each user has its own reputation. The reputation of both parties to the transaction will be re-evaluated after a certain period of time, the level of the value is directly linked to the economic interests of the users, the higher reputation points of users, the more able to maximize their own interests. In addition, we will introduce a new digital cryptocurrency, named energy coin, in the transaction process. All the power transaction clearing processes in this paper are based on energy coin, and the specific transaction model is shown in Fig. 6.
The basic flow of the trading model is as follows: Initializing variables Same as Step 1 in the scheduling process, the function of initialization is to verify the identity of the trader and provide a public-private key pair (PK ID , SK ID ) for the passer. Only users with accounts can conduct communication transactions on the consortium chain CTCB, and (PK ID , SK ID ) are the prerequisite for generating accounts.
Reputation-based CDA auction stage PU and GU send their own quotations, demand and reputation to CVPP. CVPP matches transactions according to the reputationbased CDA auction mechanism, and continuously feeds back matching information to each participant entities, so as to make timely quotation revisions. Once the transaction is matched successfully, CVPP will broadcast the transaction information in the CTCB of the alliance blockchain. At this time, it is not recorded in the block. Only when all stages are completed will the transaction information be stored in the block. After the auction ends, the unmatched information will be sent to PTC, and PTC will be responsible for related transactions. More details about the reputationbased CDA auction mechanism will be introduced in subsequent sections. It should be noted that when DER agents aggregate all local DER quotations and submit them to CVPP, their DERs have been continuously uploading production information to their private blockchain TSPB.
Transaction and settlement stage The successfully matched GU checks the transaction information, and after confirmation is correct, it supplies power to the corresponding PU according to the determined transaction power. After the PU receives the determined amount of electricity, it pays energy coins at the price negotiated in advance. In this process, any party who fails to complete the transaction as required will be punished economically by the system, and a certain amount of reputation value will be deducted. PU that has not successfully matched can choose to sell the excess electricity to PTC, thereby obtaining a certain amount of energy currency as a reward. At the same time, the PU can also choose to store electrical energy in its own energy storage equipment and wait for the next round of auctions. The unmatched power users directly purchase electricity from PTC.
Energy currency is the only transaction currency of this system. When the user registers for the first time, the system will give a certain amount of energy currency to the user. When users have insufficient energy coins, they can purchase energy coins from PTC or DER agents. In addition, users with good reputation have the opportunity to participate in the consensus process of the system, thereby obtaining energy coins rewarded by the system.

System implementation
Hybrid attribute proxy re-encryption scheme based on ciphertext policy Attribute-based proxy re-encryption (ABPRE) [44] is an encryption mode. Proxy can convert ciphertext encrypted based on ciphertext policy (CP) or key policy (KP) into new re-encrypted ciphertext under the authorization of the data owner. The process does not change the plaintext information. However, most ABPRE schemes have efficiency problems when applied to incentive scenarios, because these schemes need to calculate the key components of all internal attributes in the re-encryption key generation stage, even if the data applicant has only one attribute. This working mechanism is likely to cause waste of computing power and time.
To solve this problem, we combine the cost-effective identity-based encryption algorithm (IBE) [45] with ABPRE, and propose a hybrid attribute proxy reencryption algorithm based on ciphertext strategy (CP-HAPRE).
CP-HAPRE consists of a tuple (Setup, KGen, Enc, RKGen, ReEnc, Sig, Dec, ReDec). In the actual VPP security scheduling information sharing model, DER uses the ciphertext strategy attribute to encrypt the information recorded by the tamper-proof meter in real-time and upload it to the blockchain. When VPP requires DER to provide information for related scheduling operations, the DER agent uses the CP secret key SK S and the ID of the VPP to generate a re-encryption secret key RK S→ID VPP , and then uses RK S→ID VPP to generate a reencrypted ciphertext CT ID VPP , which VPP can decrypt with the private key generated by its own ID. The combination of this algorithm and the blockchain ensures that VPP can obtain real and safe DER information. VPP performs a series of calculations and predictions based on this information, and finally obtains a reliable scheduling scheme. The variable notations involved in the CP-HAPRE scheme are shown in Table 1. The following is a specific program description: Step1: System initialization Setup(1 ℓ , U) → (GP, MSK): The verification organization executes the algorithm. Input the system safety parameters ℓ and the system attribute set U, and then construct two multiplicative cyclic groups G and G T of order p, with p being a prime number. The g, g 1 , g 2 and g 3 are all generators of G, G and G T satisfy the bilinear mapping relationship e : G × G → G T . Randomly select an element α∈Z Ã p and define three hash functions H 1 : (0, 1) * → G, H 2 : G T → G, H 3 : G T →Z Ã p . Finally, output the system public parameters GP and the master key MSK.
It should be noted that the system public parameters and master key of IBE have been included in Eq. 1. The specific IBE system public parameters GP IBE and master key MSK IBE are as follows.
From the master key MSK IBE , the system public key is PK IBE ¼ g α 1 .
Step2: Key generation KGen IBE (GP IBE , MSK IBE , ID) → SK ID : Input the IBE system public parameters, master key MSK IBE and user ID ∈ (0, 1) * , and output the public-private key pair corresponding to the ID.
KGen CP (GP, MSK, S) → SK S : Input the system public parameters GP, master key MSK and DER attribute set S = {a 1 , …, a |S| } ⊆ U, |S| means the base of S. Randomly choose t∈Z Ã p , then calculate The verification organization outputs the key of the attribute set S as Step3: Data encryption Enc CP (GP, (A, ρ), M) → CT A : Input system public parameters GP, access structure (A, ρ) (A is a l × n matrix, and the function ρ : [l] maps each row of the matrix A to an attribute) and plaintext information M ∈ G T . Choose a random element s∈Z Ã p and form a vector v * ¼ ðs; y 2 ; …y n Þ. y 2 , …y n is also randomly selected from Z Ã p . For the i-th row A i of A, we have λ i ¼ v * A i ði ¼ 1; 2; …; lÞ. Randomly selectlparameters t 1 ; t 2 ; …; t l ∈Z Ã p , and calculate the following formula.
CP-HAPRE provides two encryption options for DER: When DER only wants to share data with DER agents and does not want to re-encrypt the data, then the output ciphertext is When DER needs to re-encrypt the data, it must calculate W 4 ¼ g s 3 , and the final output ciphertext is Since only the ciphertext referred to in Eq. 8 supports re-encryption, we will focus on the ciphertext.
Step4: Re-encryption key generation RKGenðGP; SK S ; PK ID VPP Þ→RK S→ID VPP : The algorithm inputs the system public parameters GP, the CP key SK S of DER and the public key PK ID VPP of VPP. DER agent randomly selects elements t 0 ; s 0 ∈Z Ã p and calculates Finally, the complete re-encryption key is shown in Eq. 10 Step5: Re-encryption ReEncðGP; RK S→ID VPP ; CT A Þ→CT ID VPP : Input the system public parameters GP, re-encryption key RK S→ID VPP and ciphertext CT A . If the attribute set S satisfies the access structure (A, ρ), let I = {i : ρ(i) ∈ S}, then there is a coefficient fω i ∈Z Ã p g i∈I , so that ∑ i ∈ I ω i A i = (1, 0, …, 0). Then, the DER agent calculates where j is the index of attribute ρ(i) in S. After finding V, the DER agent re-encrypts the ciphertext The final re-encrypted ciphertext output by the DER agent is Step6: Digital signature SigðGP; W 0 ; SK ID proxy Þ→σ : Input the system public parameters GP, part of the re-encrypted ciphertext W ' and the private key SK ID proxy of the DER agent. DER agent randomly selects two random numbers k 1 ; k 2 ∈Z Ã p , and then calculates The final digital signature output by the DER agent is σ = (U, q).
Step7: Ciphertext decryption Dec(GP, CT A , SK S ) → M: Input the system public parameters GP, ciphertext CT A and DER CP key SK S . If the attribute set S satisfies the access structure (A, ρ), for I = {i : ρ(i) ∈ S}, there is a coefficient fω i ∈Z Ã p g i∈I , such that ∑ i ∈ I ω i A i = (1, 0, …, 0). Decryption algorithm calculation where j is the index of attribute ρ(i) in S. The plaintext information is M = W/M ' .
Step8: Re-encrypted ciphertext decryption ReDecðGP; CT ID VPP ; SK ID VPP ; PK IBE ; PK ID proxy ; σÞ→M : Input system public parameters GP, re-encrypted ciphertext CT ID VPP , VPP IBE private key SK ID VPP , system IBE public key PK IBE , DER agent's IBE public key PK ID proxy and re-encrypted ciphertext signature σ.
Finally, VPP recovers the plaintext information M

Correctness verification
We first prove the correctness of the initial ciphertext decryption. When the ciphertext is CT A and the key is SK S , if the attribute set S satisfies the access structure (A, ρ), ∑ i ∈ I ω i λ i = s can be obtained, therefore Then, DER can get the plaintext message by calculating M = W/M ′ = Me(g s , g α )/e(g s , g α ) = M.
Next, we prove the correctness of the decryption of the re-encrypted ciphertext. If the attribute set satisfies the access structure, the DER agent can calculate Q i∈I e g λi 1 ; g t e g ti 2 ; g t Then, the DER agent continues to calculate and W 0 0 =H 2 e g; g ð Þ αs 0 ¼ H 2 e g; g ð Þ αs 0 g t 0 =H 2 e g; g ð Þ αs 0 Finally, VPP can get the plaintext information that it wants to access by calculating

Reputation-based continuous double auction mechanism
CDA is an effective market mechanism to solve the problem of distributed resource allocation. Distributed resource allocation usually involves multiple participants, and each participant wants to maximize his own revenue. CDA improves the overall efficiency by constantly matching the quotations of transaction participants. According to the identity of the participant who submitted the quotation, CDA stores the received quotations in the Bid List (BL) of the buyer and the Offer List (OL) of the seller, respectively. In BL, the sorting rule is price from high to low (descending order); on the contrary, the sorting rule in OL is sorting from low to high price (ascending order). The buyer's highest quotation is called the optimal buying price, and the seller's lowest quotation is called the optimal selling price. Only when the optimal buying price is greater than or equal to the optimal selling price, the buyer and seller can match successfully. To maximize the interests of each participant, the transaction price is the average of the optimal buying price and the optimal selling price. It should be noted that CDA is matched according to the matching rule of "price first, time first". When the price is the same, it will be matched with the participant who submitted the quotation earlier.
Reputation-based trading system can ensure that participants have good market behavior, which is composed of market segmentation mechanism and priority-value-order mechanism [41]. The market segmentation mechanism divides the corresponding list according to the reputation level. Its purpose is to enable the buyer or seller with high reputation values to obtain more and better quotations. The detailed market segmentation mechanism is shown in Table 2. Priority-value-order mechanism is a sort method based on user reputation and quotation. The reputation-based CDA mechanism proposed in this paper mainly integrates the reputation-based market segmentation machine into the CDA mechanism. The sorting mechanism still uses the original CDA sorting mechanism instead of the reputation-based priorityvalue-order mechanism.
The reputation-based CDA mechanism includes three entities: buyers, sellers and auctioneers. In this paper, PU such as houses and factories represent buyers, GU such as photovoltaic power plants and hydroelectric power plants represent sellers, and CVPP assumes the responsibility of auctioneer. At the beginning of the trading cycle, PU and GU submit the initial B 1 i;k and S 1 j;k to CVPP, respectively. B 1 i;k represents the transaction information submitted by PU i for the first time in the k-th transaction cycle. Similarly, S 1 j;k means that the transaction information submitted by GU j for the first time in the k-th transaction cycle. The concrete content of the two is as follows: In the formula,  the identity and reputation value of the information submitter. Different from the traditional CDA mechanism, a reputation-based market segmentation mechanism is introduced here. According to this mechanism, we further divide BL and OL. The specific division is shown in Eq. 25 It can be seen that both BL and OL are divided into three lists, where t represents the number of rounds of the transaction, RL i represents the reputation level of PU i , and the relationship between RL and RS is shown in Table 2. Only part of the symbol definitions are explained here, other symbol definitions are similar to the explained symbols. BL t 1 ¼ fRL i ¼ 1g means that BL t 1 only contains PU with RL = 1. OL t 1 ¼ fRL j ¼ 3g means that OL t 1 only contains GU with RL = 3. After the construction of the matching list, the CVPP performs matching between lists according to Table 2, that is, BL t l matches for OL t l transaction matching (l = 1, 2, 3). At the beginning of the trading cycle, both PU and GU want to obtain more benefits, so the initial purchase price of PU will be the lowest, and the initial sale price of will be the GU highest. In this case, the number of successful trade matches in the first round will be relatively small. For more matches in subsequent transactions, after each round of transactions, CVPP needs to do two things. The first thing is to match the successfully matched PU i and GU j for transaction, and upload the transaction information Tx ij to the blockchain, Tx ij is as follow ID i represents the identity of PU i , E ij represents the capacity of electricity traded between PU i and the GU j , and P ij represents the trading amount between the two.
The second thing is to calculate the competitive equilibrium price E p and announce it to the unmatched transaction parties. The calculation method of E p is as follows A represents the estimated starting transaction number, B represents the ending transaction number, s represents an increasing integer from A to B, p s represents the transaction price of the s-th transaction, and ω s represents the weight of the transaction price. The sum of ω s in the estimation range [A, B] is 1, and ω s + 1 = βω s , β represents the weight coefficient.
Before the start of the next round of trading, PU and GU which have not yet been matched will recalculate their quotations P t i;b and P t j;o according to E p , respective. The calculation formula is as follows The value range of η is [0, 1]. From the above formula, it is not difficult to see that the constraint con- In addition, P t j;o should be greater than the power generation cost of GU j . After calculating the bid price of the next round of transaction, both parties submit the transaction information of the new round as follows CVPP receives the transaction information and looks at the current total matching time T M of each round of transactions. If T M < T, T represents the total duration of each transaction cycle, a new round of matching will be performed. If T M ≥ T, the period of the transaction ends, and the transaction information is submitted to the power trading center. So far, the power required by PU is directly provided by the power grid controlled by PTC. GU can choose to sell the remaining power to PTC at a low price, or store it in its own storage device, and then trade in the next trading cycle.
After each round of the trading cycle, the system will conduct a new round of reputation value evaluation based on the trading performance of each participant in this cycle. If some unexpected event occurs during the energy transaction, this will activate the trigger. Then, CVPP restarts Algorithm 1 and re-initializes the parameters.
Bitcoin has opened the 1.0 era of blockchain, and Ethereum integrated with smart contract has opened the 2.0 era of blockchain. Smart contract gives the blockchain more possibilities, so that the blockchain is no longer restricted to the financial field. Algorithm 1 is the pseudo code of reputation-based CDA algorithm. The actual code needs to be deployed to the blockchain network in the form of smart contract.

Generation of data blocks
The system mentioned in this article is mainly composed of a globally maintained transaction consortium blockchain and multiple scheduling private blockchains constructed by VPP itself. On the private chain constructed by VPP, we uniformly adopt the strong-leader Raft consensus mechanism [46] to generate new data blocks. There are three identities of leader, candidate and follower in the Raft consensus mechanism. Under normal working conditions, there is only one leader, and all other nodes are followers. The difference between a candidate and a follower is that when the leader cannot function normally, a new leader will be selected from the candidates. Here, we will briefly explain the workflow of using the Raft consensus mechanism to generate new blocks in the scheduling of private blockchains. First, the leader node reviews the data from DER and sends it to the DER agent for re-inspection. Secondly, the DER agent rechecks the data sent by the leader node and returns the result of the recheck to the leader node. Finally, the leader node packs the data that has passed the verification and re-inspection into blocks and uploads it to the private blockchain, and sends its block hash value to the transaction consortium blockchain.
As mentioned above, PoW is usually a consensus algorithm adopted by public blockchain and has the highest security. However, its work efficiency is low and resource consumption is large, and it cannot meet the real-time needs of users. Although PoS reduces the resource consumption problem of PoW to a certain extent, it has the problem of excessive concentration. Therefore, the consortium blockchain usually uses the PBFT consensus algorithm to complete the generation of new blocks. The transaction consortium blockchain proposed in this paper uses the PBFT consensus algorithm to generate new blocks. The difference is that the consensus node in this article is constantly changing. According to the reputation value of participating nodes, the system randomly selects a certain number of nodes to form a consensus committee. Before each transaction cycle in the system starts, a new consensus committee will be generated, and the working time of the consensus committee is the transaction cycle time. After the transaction cycle ends, the system will reconfigure a new consensus committee based on the current node reputation value. It should be noted that the total number of nodes in the consensus committee remains unchanged, except for the first configuration of the committee consensus nodes are all new nodes, and subsequent reconfigurations only randomly replace a certain number of old nodes. After the consensus committee is generated, it starts to run the PBFT consensus algorithm. There are two types of consensus nodes in the PBFT algorithm, leader nodes and replica nodes. There is only one leader node in the consensus process, and the others are replica nodes. The specific PBFT distributed consensus process is divided into five stages: request, pre-prepare, prepare, commit and reply. The three stages of pre-prepare, prepare and commit determine the correctness of the final consensus result. The simplified PBFT algorithm consensus process has 5 stages, which are shown in Fig. 7.
Request stage when a client sends a request to any node, the consensus node that first activates the node service operation is called the leader.
Pre-prepare stage after receiving the information request from the client, the leader node broadcasts the execution sequence of the transaction to each replica node.
Prepare stage when each replica node receives a message from the leader node, there are two different options, the first is to accept and spread the message again, the second is to not accept and refuse to make any response. In Fig. 7, replica1 and replica2 choose the first option, and replica3 chooses the second option. At this time, the replica3 may be down or maliciously hijacked.
Commit stage if each consensus node receives (n − f) identical requests in the "prepare stage", it will enter the "commit stage" and broadcast the commitment information throughout the network. n is the total number of consensus nodes, f is the maximum number of Byzantine nodes that can be accommodated in the consensus node.
Reply stage if the consensus node collects enough same commitment information, the node will feed it back to the client. If and only if f ≤ (n − 1)/3 [28], the consensus result is trustworthy.
The verified information will be constructed into a new block, and then linked to the end of the current transaction consortium blockchain, the block height adds 1. In order to encourage nodes to participate more actively in the consensus process, all selected consensus nodes can receive energy coins issued by the system as rewards during the block generation process.

System security analysis
In the scheduling and transaction process of VPP, the security of data sharing and storage process is very important for the entire system. In this section, we compare with the existing schemes in terms of system security, and the comparison results are shown in Table  3. The comparison results show that the security of this scheme is better than other schemes, and it is more suitable for data sharing and storage in VPP. In the meantime, we theoretically explained how to uses blockchain technology to realize the security features in the process of data sharing and storage.
Authenticity This paper repeatedly mentions that VPP is a data-driven technology. If VPP cannot get real data, then all subsequent operations are meaningless. Most of the existing literatures default that the data on the blockchain is real. In nature, blockchain technology can only guarantee the authenticity of the data on the chain, but cannot guarantee the authenticity of the input data. To ensure the authenticity of the input data, this paper proposes to use tamper-proof smart metering equipment for data collection at the data end, and upload the collected data to the local blockchain in real time. So far, Table 3 Security comparison between our scheme and some references Security Features Ref. [24] Ref. [25] Ref. [26] Our scheme the data on the chain and off-chain are authentic, and VPP can process the data with confidence.
Confidentiality Tamper proof intelligent metering equipment will upload users' various data and information in real time. If this information are not encrypted before uploading, it is easy to cause user privacy disclosure. When the DER want to share encrypted data with VPP, it needs to download the ciphertext CT A and decrypt it, and then encrypt it with the public key PK ID VPP of the VPP. In this case, encrypting data brings a lot of extra cost to the DER, which is not worth it. In order to solve this problem, this paper uses proxy re-encryption technology to re-encrypt CT A , so that CT A can be accessed by VPP without decrypting through the DER. This method effectively reduces the cost of the data owner and protects the confidentiality of the data.

Transparency and Traceability
The data stored on the blockchain is open and transparent to all nodes that join.
Although for confidentiality of the data, the stored here may be ciphertext CT A , but it can be passed to the data owner submit an application to gain access. Furthermore, the public and private keys (PK ID , SK ID ) in this paper are generated based on identity, and each piece of information on the blockchain will be closely linked to its own (PK ID , SK ID ). It is also worth noting that the blockchain is linked by a hash pointer to the blocks containing the previous block hash. The characteristics of the hash function make the information stored in the blockchain not lost and falsify. Under the combined effect of these conditions, the information stored on the blockchain is traceable.
Immutability and Non-repudiation Immutability on the blockchain is related to the adopted consensus mechanism. In the dual blockchains architecture used in this paper, the private blockchain uses the strong leader Raft consensus algorithm, and the consortium blockchain uses the PBFT consensus algorithm. In the private blockchain, the leader may tamper with the data. To avoid this situation, we store the hash of the private chain in the consortium blockchain, and rely on the unforgeability of the consortium blockchain to ensure the non-tamperable modification of the private blockchain. Since the consensus nodes of the consortium blockchain are selected based on reputation, and nodes with higher reputation can reap more benefits, more than one-third of high-reputation consensus nodes attacking the alliance blockchain at the same time violate their own interests and are unlikely to happen. Therefore, it can guarantee the unforgeability of consortium blockchain and private blockchain. Non-repudiation is achieved by digital signatures. The generation of each transaction requires the user to sign the transaction.
Once the user denies, we can use his public key PK ID to verify the correctness of the signature σ to achieve the purpose of accountability.

CP-HAPRE algorithm performance evaluation Computational overhead evaluation
The computational cost of the algorithm is mainly composed of four operations: encryption, re-encryption, decryption and re-decryption. In the literature we consulted, we did not find similar literature with the same ideas as ours in terms of energy. In order to better evaluate the algorithm performance, we found papers using similar ideas to solve information security problems in cloud, Internet of things and Internet of vehicles for performance comparison. These papers are represented in references [47,48] and [49], the computational cost of the CP-HAPRE algorithm is compared and analyzed. The comparison results of computational overhead are shown in Table 4 with these references. In this table, T P represents the time required for the bilinear pairing operation, and T E represents the exponential operation time. Since other operations time is very small compared with these two operations, we ignore the operation time of other operations here. In addition, |l| represents the number of attributes in the access structure, and |I| represents the number of attributes that satisfy the access structure. T p : bilinear pairing operation time; T E : exponential operation time; |l|: the number of attributes in the access structure; |I|: the number of attributes that satisfy the access structure A test run was performed on a computer with an Intel i5 processor CPU with a running memory of 8G and a frequency of 3.0GHz. Finally, it was concluded that the above two operations took 1.57ms and 0.31ms respectively. Based on this data, we can get a comparison Ref. [47] T p +(3|l|+6)T E (2|I|+3)T P (2|I|+3)T P +T E (2|I|+4)T P +T E Ref. [48] (6|l|+3)T E (8|I|+3)T P +2T E (4|I|+2)T P 2T P +(4|I|+1)T E Ref. [49] T p +(3|l|+2)T E (4|I|+9)T P (2|I|+5)T P +(|I|+1)T E 3T P +2(|I|+1)T E Our scheme T p +(3|l|+1)T E (3|I|+1)T P (3|I|+1)T P 6T P diagram of each part of the computational overhead as shown in Fig. 8 with references [47,48] and [49]. Fig. 8 (a) shows the encryption overhead that occurs as the number of attributes increases, and the least encryption overhead is our scheme. Fig. 8 (b) shows the reencryption calculation overhead, which changes with the number of attributes. It can be seen from the figure that the re-encryption overhead in [47] is the smallest, followed by ours. Fig. 8 (c) shows the decryption overhead comparison chart. Our scheme ranks third, which is only slightly less expensive than literature [48]. This is the disadvantage of our scheme. Fig. 8 (d) shows the redecryption overhead. It is not difficult to find that our scheme will not change with the number of attributes, and its re-decryption time is always maintained at 9.42ms. Compared with the other three schemes, our scheme is at a disadvantage when the number of attributes is less than 5. This is because we join the signature verification process, so that we can be held responsible when the data is wrong. However, when the number of  attributes exceeds 5, our scheme has obvious advantages, and the more the number of attributes, the greater the advantage.
Based on the four-part comparative performance, our scheme performed unsatisfactorily in the decryption stage, while in the re-decryption stage, our solution showed great superiority. In actual application, the encrypted data uploaded by DER is mainly shared to TVPP for viewing. Therefore, during the entire algorithm operation process, the decryption operation process will be very few, most of the time is running the re-decryption process, this concept coincides with our solution. In summary, the comparison of computational overhead shows the applicability and efficiency of our solution in the actual application scenarios of this paper.

Communication overhead evaluation
Here, we assume that |G| and |G T | represent the lengths of the cyclic groups G and G T , respectively, with values of 60 bits and 40 bits. Since the length of Z Ã p is very small, we ignore it. The communication overhead comparison is shown in Table 5, where |U| represents the size of the attribute complete set, |S| represents the size of the user attribute set, and |l| and |I| are defined as above. Fig. 9 shows a comparison diagram of various parts of the communication overhead, including system parameters, encryption key, ciphertext and re-encrypted ciphertext. Fig. 9 (a) shows the comparison of the communication overhead of the system parameters. It can be seen from the figure that, except for the literature [48], which changes with the number of attributes, the other three schemes are kept constant. The system parameter length of our scheme and literature [49] is the smallest, both are 400 bits, while the length of literature [47] is 560 bits. Fig. 9 (b) shows the comparison of encryption key. Reference [49] and our scheme equals the encryption key length, tied for the first performance. The communication overhead comparison of ciphertext is shown in Fig. 9 (c). At this time, as the number of attributes increases, the minimum ciphertext length comes from literature [47], and our scheme still ranks second. The length of re-encrypted ciphertext shown in Fig. 9 (d) is similar to the re-decryption process in comparison of the computational cost. The length of the reencrypted ciphertext in our scheme is always maintained at 280 bits, once again showing the great advantages of the algorithm. Combining the evaluation of computational cost and communication cost, we can conclude that the algorithm in this paper has superior performance, whether in comparison of computational cost or communication cost. In the re-decryption calculation cost and re-encrypted ciphertext communication cost stage, we are far ahead of the other three schemes. This advantage helps us realize the rapid sharing of re-encrypted ciphertext, which is very suitable for the use scenarios of this paper.

Evaluation of effectiveness of the reputation-based CDA algorithm
Assuming that there are 16 DER generation units and 16 residential power units participating in the electricity bidding auction process organized by CVPP in this area, the quotation information they submit to CVPP is shown in Table 6. After CVPP receives the quotation information from each participant, it performs list division and list matching according to the reputation-based CDA algorithm. For details, see Tables 7, 8 and 9. The quotation information, capacity and reputation value in the table are all generated by random functions, and the  Analyzing the validity of algorithm to PU From Table 6, we can find that the quotations of PU 7 and PU 15 are both 1.18 USD/Unit, and the quotation of PU 10 is 1.19 USD/Unit. After this round of matching, PU 7 is matched successfully, but PU 10 and PU 15 failed to match. The main reason is that the reputation value of PU 7 is 5.74 , which is in the third level. In the case given in this paper, there are only 3 PU with reputation at third level, and 16 GU that can be selected. The reputation values of PU 10 and PU 15 are in the first level. As shown in Table 7, there are only 3 GU that can be matched, while 8 PU are waiting to be matched. Under such conditions, even though the bid of PU 7 is lower, it can still be successfully matched, which is the benefit of high reputation value to PU.

Analyzing the validity of algorithm to GU
For GU, the higher the reputation value, the more benefits can be obtained. Taking GU 2 and GU 12 as examples, the offer of GU 12 is 1.24 USD/Unit, and the offer of GU 2 is 1.20 USD/Unit. In the normal CDA auction mechanism, only after the number of GU 2 to be sold is purchased, the higher offer of GU 12 may be successfully  matched. But in our proposed reputation-based CDA auction mechanism, GU 12 with a higher offer was matched successfully, and GU 2 with a lower offer failed. The main reason is that GU 12 has a reputation value of 4.14 and the reputation value of GU 2 was only 0.07. According to the market segmentation mechanism, the reputation level of GU 12 is 3 and the reputation level of GU 2 is 1. Therefore, the quotation of GU 12 can be seen by all PU. However, the quotation of GU 2 can only be seen by PU with a reputation level of 3. In the end, GU 12 was successfully matched in Table 7 where the supply exceeded demand, while GU 2 failed in Table 9, where supply exceeded demand. The GU which fails to match need to continue to lower their offers and then participate in the next round of auctions. On the contrary, the PU which fails to match needs to increase their bids. Participants' specific quotations for the next auction can be obtained according to Eq. (28), where E p is provided by CVPP from Eq. 27.
Analyzing the validity of algorithm to the whole transaction Analyzing Tables 7, 8 and 9 according to the CDA auction mechanism, we can find that PU 4 , PU 13 and PU 14 in Table 7 can be successfully matched to GU, and PU in Table 8 that can be successfully matched are PU 1 , PU 3 , PU 8 , PU 11 and PU 16 . All 3 PU included in Table 9 can be matched successfully. After summarizing, it is found that among the 16 PU, 11 PU in this round of transactions can be successfully matched in this auction, and the unmatched ones are PU 2 , PU 5 , PU 9 , PU 10 and PU 15 . In the ordinary CDA auction mechanism, there is only one matching list, and the reason why participants fail to match is only related to the price. The reputationbased CDA auction mechanism proposed in this paper divides three matching lists according to the reputationbased market segmentation mechanism. In this mechanism, the reason for the failure of the participants to match is not only related to the price, but also to the reputation value of the participants. All in all, the reputation-based CDA auction mechanism proposed in this paper can not only operate normally in CVPP, but also encourage all participants to develop good market behavior. Because the reputation value directly affects their own interests, it can be foreseen that each participant will strive to increase the reputation value in order to maximize their own interests. Even if the reputation values of all participants are at the same level, according to the matching mechanism of "price first, reputation first, time first", our program can still operate normally.

Conclusion
Based on the virtual power plant existing storage, scheduling and trade issues, this paper proposes a VPP security scheduling and transaction mechanism with dual blockchains. In order to store huge data sets from DER in real time and quickly, we adopt a private chain structure. Since the data in the private blockchain may be tampered with by the leader node, we store the hash value of the private blockchain in the consortium blockchain, which is mainly used to store the transaction information of the electricity market participants. The transparency and traceability of the blockchain itself can provide VPP with a low-cost, transparent and open information and transaction platform. In the process of VPP scheduling, the authenticity of data is particularly important. Under the premise of ensuring the authenticity of data and the confidentiality of user information, we propose the CP-HAPRE algorithm. Performance evaluation shows that the algorithm has great advantages in the process of secure data sharing. There are many participants in the electricity market, we put forward a reputation-based CDA auction mechanism to maximize the benefits of each participant. Effectiveness analysis shows that the scheme can effectively operate and create an electricity market with good trading behavior.