Research article Topical Sections

Regional energy planning based on distribution grid hosting capacity

  • In a liberalized energy market, policymakers cannot over-impose the deployment of new distributed generators, either in terms of location or in terms of size/technology; on the opposite, they are asked to promote incentives, penalties or constraints in order to foster a generation portfolio evolution fitting with the energy need of the loads.
    In the paper, given a local distribution grid, a two-step procedure is proposed to define the most effective energy policy, willing to drive a proper evolution of the generation portfolio, i.e., to maximize the renewable sources exploitation taking into account the grid constraints. The approach proposed is based on a stochastic (Monte Carlo) procedure. Given a generation portfolio, many scenarios are evaluated, changing generators’ nominal power, point of common coupling and also a slightly different technologies share. Actually, the final goal of the procedure proposed is to simulate the stochastic behavior of users with respect to the regional energy policy (i.e., to perform a multi-dimensional sensitivity analysis) in order to validate the proposed generation portfolio.
    In particular, in the first step of the procedure, it is defined a portfolio in which generators are aggregated with respect to the power plant technology (PV, wind, small hydro, big hydro, etc.). Such a portfolio is optimized in order to maximize the matching between local production and local consumption. In the second step, a Monte Carlo simulation is implemented to stochastically take into account a significant number of possible configurations of each portfolio (number of generators, unit size, location, etc.). Given the generator’s distribution, a probability index based on a Hosting Capacity concept is proposed as a performance index. Conductors’ thermal limits and slow voltage variations on the electrical network are evaluated for several generator’s distributions and for different dispersed generation penetrations. The final goal of the approach proposed is to define the optimal local generation portfolio fitting both with the load profiles and with the bounds of the distribution grid already in place. Such an output resulted to be a valuable piece of information for decisionmakers in order to properly promote regional energy planning policies.
    In order to validate the approach and demonstrate its capabilities, the procedure proposed has been applied to the real medium voltage distribution grid relevant to the Italian city of Aosta, i.e., real-life topologies, renewable-based generation and load fluctuation have been simulated.

    Citation: Matteo Moncecchi, Davide Falabretti, Marco Merlo. Regional energy planning based on distribution grid hosting capacity[J]. AIMS Energy, 2019, 7(3): 264-284. doi: 10.3934/energy.2019.3.264

    Related Papers:

    [1] Zhen Yu, Sheng-Huang Lin, Chia-Ching Cho, Changping Chen . Performance management algorithm of financial shared service center based on Internet of Things public cloud privacy protection. Mathematical Biosciences and Engineering, 2023, 20(7): 12510-12528. doi: 10.3934/mbe.2023557
    [2] Kaimeng Chen, Chin-Chen Chang . High-capacity reversible data hiding in encrypted images based on two-phase histogram shifting. Mathematical Biosciences and Engineering, 2019, 16(5): 3947-3964. doi: 10.3934/mbe.2019195
    [3] Lihong Guo, Weilei Gao, Ye Cao, Xu Lai . Research on medical data security sharing scheme based on homomorphic encryption. Mathematical Biosciences and Engineering, 2023, 20(2): 2261-2279. doi: 10.3934/mbe.2023106
    [4] Li-na Zhang, Chen-yu Cui, Xiao-yu Zhang, Wei Wu . Adaptive visual cryptography scheme design based on QR codes. Mathematical Biosciences and Engineering, 2022, 19(12): 12160-12179. doi: 10.3934/mbe.2022566
    [5] Anichur Rahman, Muaz Rahman, Dipanjali Kundu, Md Razaul Karim, Shahab S. Band, Mehdi Sookhak . Study on IoT for SARS-CoV-2 with healthcare: present and future perspective. Mathematical Biosciences and Engineering, 2021, 18(6): 9697-9726. doi: 10.3934/mbe.2021475
    [6] Zilong Liu, Jingbing Li, Jing Liu . Encrypted face recognition algorithm based on Ridgelet-DCT transform and THM chaos. Mathematical Biosciences and Engineering, 2022, 19(2): 1373-1387. doi: 10.3934/mbe.2022063
    [7] Xiaoping Li, Yanjun Liu, Hefeng Chen, Chin-Chen Chang . A novel secret sharing scheme using multiple share images. Mathematical Biosciences and Engineering, 2019, 16(6): 6350-6366. doi: 10.3934/mbe.2019317
    [8] Lina Zhang, Jing Zhang, Jiaqi Sun, Qingpeng Chen . A global progressive image secret sharing scheme under multi-group joint management. Mathematical Biosciences and Engineering, 2024, 21(1): 1286-1304. doi: 10.3934/mbe.2024055
    [9] Feng Liu, Xuehu Yan, Lintao Liu, Yuliang Lu, Longdan Tan . Weighted visual secret sharing with multiple decryptions and lossless recovery. Mathematical Biosciences and Engineering, 2019, 16(5): 5750-5764. doi: 10.3934/mbe.2019287
    [10] Xuehu Yan, Longlong Li, Lintao Liu, Yuliang Lu, Xianhua Song . Ramp secret image sharing. Mathematical Biosciences and Engineering, 2019, 16(5): 4433-4455. doi: 10.3934/mbe.2019221
  • In a liberalized energy market, policymakers cannot over-impose the deployment of new distributed generators, either in terms of location or in terms of size/technology; on the opposite, they are asked to promote incentives, penalties or constraints in order to foster a generation portfolio evolution fitting with the energy need of the loads.
    In the paper, given a local distribution grid, a two-step procedure is proposed to define the most effective energy policy, willing to drive a proper evolution of the generation portfolio, i.e., to maximize the renewable sources exploitation taking into account the grid constraints. The approach proposed is based on a stochastic (Monte Carlo) procedure. Given a generation portfolio, many scenarios are evaluated, changing generators’ nominal power, point of common coupling and also a slightly different technologies share. Actually, the final goal of the procedure proposed is to simulate the stochastic behavior of users with respect to the regional energy policy (i.e., to perform a multi-dimensional sensitivity analysis) in order to validate the proposed generation portfolio.
    In particular, in the first step of the procedure, it is defined a portfolio in which generators are aggregated with respect to the power plant technology (PV, wind, small hydro, big hydro, etc.). Such a portfolio is optimized in order to maximize the matching between local production and local consumption. In the second step, a Monte Carlo simulation is implemented to stochastically take into account a significant number of possible configurations of each portfolio (number of generators, unit size, location, etc.). Given the generator’s distribution, a probability index based on a Hosting Capacity concept is proposed as a performance index. Conductors’ thermal limits and slow voltage variations on the electrical network are evaluated for several generator’s distributions and for different dispersed generation penetrations. The final goal of the approach proposed is to define the optimal local generation portfolio fitting both with the load profiles and with the bounds of the distribution grid already in place. Such an output resulted to be a valuable piece of information for decisionmakers in order to properly promote regional energy planning policies.
    In order to validate the approach and demonstrate its capabilities, the procedure proposed has been applied to the real medium voltage distribution grid relevant to the Italian city of Aosta, i.e., real-life topologies, renewable-based generation and load fluctuation have been simulated.


    Internet of Things (IoT) is an emerging technology that utilises cloud connected devices to collect data for analysis. Healthcare industry is one of the most promising fields that have adopted IoT solutions since its early stage. The development of wearable technology, wireless body area network and cloud computing has established a new way for medical practitioners to acquire health data from patients. It greatly benefits health monitoring, epidemiological studies, and pharmaceutical research [1,2,3,4,5]. A common IoT-based architecture for healthcare applications is illustrated in Figure 1, which consists of a gateway device, a cloud server and several sensor nodes. Each sensor node can be viewed as a wearable equipment used for monitoring the health status of an individual, such as heart rate, blood pressure, brain wave, glucose level, etc. Under the given framework, the sensor nodes send the medical data to a local gateway device via wireless communication such as Wi-Fi or Bluetooth, whereas the gateway device agammaegates the data and store it in the cloud server for further analysis. However, there are risks of information leakage during data transmission and storage. For example, an adversary may attempt to eavesdrop the wireless communication, attack the gateway device or even access to the cloud server. Therefore, it is advisable to encrypt the data at each sensor node immediately after it is produced and incorporate secret sharing schemes to realise access control. In more details, each sensor node transmits the encrypted data to the gateway device by which data is integrated and encoded into shares of information. Due to security concerns, these shares are stored in separate cloud servers and the data retrieval must conform with the access policy. To realise this system, we present a novel research upon secret sharing in the encrypted domain.

    Figure 1.  An IoT-based healthcare architecture. The health data acquired from the sensor nodes (e.g. heart rate, blood pressure, brain wave, and glucose level) is aggregated at the gateway and store in the cloud.

    Secret sharing is a study in cryptography originated independently by Blakley [6] and Shamir [7] in 1979. A secure (t, n)-threshold scheme is defined as splitting a secret message into n pieces of information in such a way that any fewer than tn pieces reveal no information about the secret. Only in the presence of t or more pieces will the secret be determined. Each piece of information is generally called a 'share' (as Sharmir's terminology) or a 'shadow' (as Blakley's terminology). An intuitive way of splitting a secret message, say, 'password' is to split it literally into shares: 'pa------', '--ss----', '----wo--', and '------rd'. This naïve approach is, however, insecure in the sense that every share leaks a part of the secret. Shamir proposed an elegant solution to share the secret in a secure manner. Suppose that a dealer wants to share a secret to n participants in such a way that only more than t participants pool their shares together will the secret be reconstructed. Let the secret be denoted by s and we generate t1 random numbers denoted by r1, r2, ..., and rt1. Then, we form a polynomial

    f(x)s+r1x+r2x2++rt1xt1(modP), (1.1)

    where P is a randomly chosen prime number. Let us draw any n points from the polynomial, for example, (1,f(1)), (2,f(2)), ..., and (n,f(n)), and distribute them to n participants respectively as shares. It is observed that there are t unknown variables in the polynomial and thus with t different points one is able to solve for the variables including the secret (i.e. the constant term). In other words, the reconstruction process is to simply use Lagrange interpolation to solve a set of t simultaneous equations. Shamir's scheme is algebraic in nature in contrast to Blakley's scheme based on geometric structures. As a toy example of Blakley's construction, consider the secret as a point in a three-dimensional space and the shadows as hyperplanes whose common intersection is the secret point. Any three of the planes suffice to identify the point. As each successive shadow is exposed, however, the range of possible values of the secret narrows. Since the introduction of secret sharing, numerous extended problems have appeared. The study towards a general access structure was considered by Ito, Saito, and Nishizeki [8] and had become a principal study since then [9,10,11,12]. To manage various malicious behaviour by dishonest parties, the notion of verifiable secret sharing was introduced by Chor et al. [13] and had been studied extensively thereafter [14,15,16,17,18,19]. Another closely related branch is visual cryptography originated by Naor and Shamir [20] for the secrecy of visual information, including greyscale, colour, and halftone images [21,22,23].

    Over the past decades, secret sharing schemes have found various applications. One of the possible applications in the healthcare industry is to protect the privacy of patients' health records against cybersecurity threats while allowing efficient access for a group of authorised physicians and surgeons. In IoT-based healthcare applications, a patient's health record often contains medical data acquired from different sensor nodes. A full measure of privacy protection ought to even prevent data revelation between sensor nodes. More generally, we consider the problem of sharing multiple secrets (i.e. health data) generated from t different sources (i.e. sensor nodes) amongst a society of n participants (i.e. cloud servers of medical institutions). Every secret is prohibited from being revealed to another source as well as the dealer (i.e. gateway device). We remark that this statement can also be applied to other mutually distrustful situations, especially in the case of commercial applications. This problem, though different, is similar to that studied by Iirgemarsson and Simmons [24]. In their study, they noted that the problem of sharing the secret in the absence of a trusted dealer has been largely ignored by researchers in this area. In response to this, they introduced a two-level control protocol to share a secret determined by a democratic consent scheme without mutually trusted parties. Each participant equally contributes a private input to the determination of the secret and distributes the contribution among other participants through an autocratic sharing scheme.

    In the following, let us consider two naïve solutions to our research problem and analyse their pros and cons. Among a variety of privacy protection mechanisms, encryption has a high level of reliability and universality. Naturally, the secrets are encrypted once they have been produced from the sources. The problem is therefore reduced to the sharing of encrypted data. Consider a key server who has a pair of public and private keys. The public key is used for encryption, whereas the private key is employed for decryption. The first solution is to create shares of the private key by arranging the key as the constant term in Eq. (1.1). The encrypted files, instead of being encoded as shares, are stored in a database. At the time when the number of collaborative participants are as many as required, the private key will be reconstructed and then the files in the database can be deciphered. On the one hand, this solution is simple and the computational load of the sharing procedure is light. On the other hand, however, to access the secret files, one must perform one reconstruction algorithm for the key plus one decryption algorithm for the files. In addition to this, this scheme requires different pairs of public and private keys for different sets of secret files (e.g. different patients' health records); otherwise, once the participants reconstruct the private key, they will be able to decipher all the files stored in the database. Furthermore, storing all the important files in a central database may be vulnerable to a number of cyber attacks. Thus, it is reasonable to share the files to authorised participants to reduce the risk of cyber threats.

    The second solution is that suppose there are t encrypted secrets denoted by E(s0), E(s1), ..., and E(st1). We form a polynomial by arranging t encrypted secrets as t coefficients in Eq. (1.1). More generally, we can assume that there are k encrypted secrets, where kt, and choose tk random numbers as the rest of the coefficients to complete the polynomial. Either way, we can draw n points as the shares for individual participants. In the presence of t shares or more, the encrypted data will be reconstructed. With the decryption key, the data will eventually be revealed. In practice, this scheme has a non-trivial issue of key distribution amongst the participants. It may be addressed by one of the following approaches. First, use a secure channel to transmit the key to individual participants. Second, let the pair of encryption and decryption keys be generated by a key agreement protocol (e.g. Diffie–Hellman key exchange protocol [25]) amongst the group of participants, instead of being generated by the key server. Third, encrypt the key with each participant's public key and send it to the corresponding one as an instance of asymmetrical cryptography (e.g. elliptic curve cryptosystems [26]). Aside from the issue of key distribution, this scheme still requires extra efforts of participants, namely, one reconstruction step for the encrypted data plus one decryption step for the original data. It may be troublesome in particular situations. For instance, when there is a surgical emergency, the time delay for accessing health records becomes problematic. Hence, we conclude that these naïve solutions, though feasible, are deficient in several aspects, which motivate us towards finer constructions.

    In this paper, we study how multiple sources are possible to share their secrets amongst a group of n participants without revealing their own secrets to one another. We analyse the pros and cons of several possible solutions and develop practical schemes: a simple (2, 2)-threshold scheme, an extended (n, n)-threshold scheme, and a generalised (t, n)-threshold scheme. The developed schemes follow Sharmir's construction in which a collusion of fewer than t participants has no better chance of guessing the secret than a non-participant who has no privileged information at all. The remainder of this paper is organised as follows. Section 2 gives the preliminaries of privacy homomorphisms. Section 3 reviews a naïve (2, 2)-threshold scheme. Section 4 discusses an extended (n, n)-threshold scheme. Section 5 studies a generalised (t, n)-threshold scheme. The paper is concluded in Section 6 with directions for future research.

    The term 'privacy homomorphisms' was coined by Rivest et al. to describe special encryption functions which permit encrypted data to be operated on [27]. These special algebraic mappings between the paintext and ciphertext spaces allow the result of operations on the ciphertexts, when deciphered, to match the result of operations on the plaintexts. Let us see a well-understood example of privacy homomorphisms. Let p and q be two large primes and the modulus N=pq. Let e and d be the public and private keys of the RSA cryptosystem, respectively. Note that e and d satisfy the condition that

    ed1(modϕ(N)), (2.1)

    where ϕ is Euler's phi function, i.e. ϕ(N)=(p1)(q1). The RSA cryptosystem has an encryption function

    cme(modN), (2.2)

    and a decryption function

    mcd(modN), (2.3)

    where m denotes the message and c denotes the ciphertext. Suppose that we wish to generate the encrypted result which, when decrypted, matches the product of two messages m1 and m2 through the operations on the ciphertexts c1 and c2. This is achieved by

    (m1e)(m2e)(m1m2)e(modN). (2.4)

    For more information about the RSA cryptosystem, the reader is referred to [28].

    Since the introduction of privacy homomorphisms, there has been a surge of interests in the design of homomorphic cryptosystems (e.g. ElGamal [29], Okamoto–Uchiyama [30], and Damgård–Jurik [31] cryptosystems). One of the well-studied homomorphic cryptosystems is the Paillier cryptosystem [32]. Let m1 and m2 be two arbitrary messages, N be the product of two large primes, E() be the encryption function, and D() be the decryption function. The Paillier cryptosystem permits homomorphic addition:

    D(E(m1)E(m2)modN2)m1+m2(modN), (2.5)

    and homomorphic multiplication:

    D(E(m1)m2modN2)m1m2(modN). (2.6)

    More details of the Paillier cryptosystem are described as follows. This consists of three phases: key generation phase, encryption phase, and decryption phase. In the key generation phase, we choose two large primes p and q. Then, we compute N=pq and λ=lcm(p1,q1), where 'lcm' stands for least common multiple. Afterwards, we select a random integer gZ/N2Z and calculate

    μ(L(gλ(modN2)))1(modN), (2.7)

    where

    L(x)=x1N. (2.8)

    As a result, the public key is (n,g) and the private key is (λ,μ). In the encryption phase, let m be a message to be encrypted and r be a randomly selected integer, where m,rZ/NZ. The ciphertext is then computed as

    cgmrN(modN2). (2.9)

    This scheme has a ciphertext expansion phenomenon as the message space is M=Z/NZ and the ciphertext spac is C=Z/N2Z. In the decryption phase, the plaintext message is deciphered by

    mL(cλ(modN2))μ(modN). (2.10)

    It is observed that the decryption process involves a modular exponentiation, which is computationally expensive, with the addition of other operations of minor cost. Therefore, as aforementioned, in some time-sensitive applications, one would wish not to involve decryption in the secret reconstruction process. In the remainder of this paper, we assume all the homomorphisms applied are those of the Paillier cryptosystem unless otherwise specified. Nevertheless, the applicable homomorphisms are included but by no means limited to the homomorphisms of this particular cryptosystem.

    Recently, we proposed a (2, 2)-threshold multi-secret sharing scheme to split a batch of two secrets into two shares via a semi-honest (or honest-but-curious) cloud service provider [33]. Only in the presence of two shares, the batch of two secrets can be restored. Let us describe how this scheme can solve the problem of privacy-preserving secret sharing. Let s1 and s2 be two secrets generated from two separate sources, respectively. To preserve the privacy of secrets, s1 and s2 are encrypted immediately after being produced. The encrypted secrets E(s2) and E(s2) are uploaded to the dealer for sharing. Let x1 and x2 be any integers that satisfy

    gcd(x1+x2,N)=1,gcd(x1x2,N)=1. (3.1)

    Note that 'gcd' stands for greatest common divisor. It is not difficult to find proper x1 and x2 because N is the product of two large primes. Since

    x12x22(x1+x2)(x1x2)(modN), (3.2)

    we derive

    gcd(x12x22,N)=1. (3.3)

    This also implies

    gcd(x12x22,N)=1. (3.4)

    Then, two shares are created as

    E(y1)E(s1)x1E(s2)x2(modN2),E(y2)E(s1)x2E(s2)x1(modN2). (3.5)

    Following the homomorphic properties, we rewrite

    E(y1)E(s1x1+s2x2)(modN2),E(y2)E(s1x2+s2x1)(modN2). (3.6)

    The dealer distributes x1 and x2 to two participants and sends E(y1) and E(y2) to the key server for decryption. The decrypted results are

    y1s1x1+s2x2(modN),y2s1x2+s2x1(modN). (3.7)

    Then, y1 and y2 are also dispensed to the participants. When the participants pool their shares (x1,y1) and (x2,y2) together, they compute

    x1y1x2y2(x12x22)s1(modN). (3.8)

    Note that

    x1y1(x12s1+x1x2s2)(modN)x2y2(x22s1+x1x2s2)(modN). (3.9)

    Since gcd(x12x22,n)=1, we know there exists one and only one modular multiplicative inverse such that

    (x12x22)(x12x22)11(modN). (3.10)

    The value of (x12x22)1 can be solved by the extended Euclidean algorithm. Eventually, the secret s1 is unveiled by

    s1(x1y1x2y2)(x12x22)1(modN). (3.11)

    In the same manner, the secret s2 is decoded as

    s2(x2y1x1y2)(x22x12)1(modN). (3.12)

    It is worth noting that even though y1 and y2 have been disclosed to the key server during the process, s1 and s2 are still kept secret since the key server has no knowledge about x1 and x2. The secret reconstruction process does not involve the decryption operation and thus is time-efficient.

    Let us extend the previous (2, 2)-threshold scheme to a (n, n)-threshold scheme. For conciseness, we omit modulus symbols in the following description where there is no ambiguity. Let n secrets generated from sources be denoted by s1, s2, , and sn. After encryption, the encrypted results, written as E(s1), E(s2), , and E(sn), are transmitted to the dealer for sharing. The dealer chooses n random numbers x1, x2, , and xn such that a matrix

    X=(x1x2x3xnx2x3x4x1xnx1x2xn1) (4.1)

    has a modular multiplicative inverse X1 in Z/NZ. Alternatively, X must satisfy gcd(det(X),N)=1 and det(X)0. Note that 'det' stands for determinant. Let the dealer compute

    E(y1)=E(s1)x1E(s2)x2E(sn)xn,E(y2)=E(s1)x2E(s2)x3E(sn)x1,E(yn)=E(s1)xnE(s2)x1E(sn)xn1. (4.2)

    According to the homomorphic properties, we derive

    E(y1)=E(s1x1+s2x2++snxn),E(y2)=E(s1x2+s2x3++snx1),E(yn)=E(s1xn+s2x1++snxn1). (4.3)

    The sharing process can be fulfilled by cloud computing to relieve the dealer of computational burdens without revealing the private information about the secrets. The dealer dispenses x1, x2, , and xn to n participants respectively and passes E(y1), E(y2), , and E(yn) to the key server for decryption. The decrypted results, written as

    (y1y2yn)=X(s1s2sn), (4.4)

    are allocated to individual participants as well. When all the participants pool their shares together, they retrieve the secrets by

    (s1s2sn)=X1(y1y2yn). (4.5)

    Example. Let us demonstrate that the previous (2, 2)-threshold scheme is actually a special case of the (n, n)-threshold scheme. In the case where there are two secrets s1 and s2 to be encoded, the dealer randomly chooses x1 and x2 to form a matrix

    (x1x2x2x1).

    Then, we compute

    E(y1)=E(s1)x1E(s2)x2=E(s1x1+s2x2),E(y2)=E(s1)x1E(s2)x2=E(s1x2+s2x1),

    which are equivalent to the results in Eq. (3.5) and Eq. (3.6). By decryption, we obtain

    (y1y2)=(x1x2x2x1)(s1s2),

    which are equal to the results in Eq. (3.7). Eventually, we retrieve the secrets by

    (s1s2)=(x1x2x2x1)1(y1y2),

    which are identical to the results in Eq. (3.11) and Eq. (3.12).

    As an extension of the (2, 2)-threshold scheme, this scheme has the same security strength. It is theoretically secure in the sense that any subset of participants has absolutely no knowledge about the secrets unless all the shares are in presence. The secret reconstruction procedure does not involve decryption. Thus, it is time-efficient and can be established without the means of key distribution.

    In light of the previous (n, n)-threshold scheme, we further derive a generalised (t, n)-threshold scheme. Before we proceed further, let us discuss some possible (t, n)-threshold schemes and analyse their pros and cons. Let {si}ti=1 denote t secrets generated from separate sources and P be a large prime. With Shamir's algorithm, the dealer constructs a polynomial

    f(x)ti=1sixi1(modP), (5.1)

    and draws n points (x1, f(x1)), (x2, f(x2)), , (xn, f(xn)) as shares for n participants. In our defined scenario, the secrets are encrypted into {E(si)}ti=1 immediately after being produced. Let k denotes the decryption key. The first possible scheme is to split k into n shares by drawing n points from the following polynomial:

    f1(x)k+t1j=1rjxj(modP), (5.2)

    where {rj}t1j=1 are t1 randomly chosen integers. The encrypted data has to be stored in a database so that when t or more participants reconstruct the key collaboratively, they can retrieve and decrypt the data. Nonetheless, the database may be vulnerable to numerous cyber attacks. The second possible scheme is to create shares according to the following polynomial:

    f2(x)ti=1E(si)xi1(modP). (5.3)

    When t or more participants co-operate, they can reconstruct the encrypted data. In order to decrypt the data, the scheme must engage a key distribution protocol to share the key amongst the participants. To compensate for the shortcomings, one may think of combining the previous two solutions and build a polynomial in the following form:

    f3(x)k+t1j=1E(sj)xj(modP). (5.4)

    In this way, the authorised subset of participants is able to reconstruct and decrypt the data from the shares. With the knowledge of the key, however, the dealer is able to decipher the data and thus the privacy is threatened. Regrettably, as previous strategies all have obvious limitations, we need to find another way to do so.

    For a moment, let us forget about the problem of sharing ciphertexts and only consider sharing the plaintexts since extending the idea to the sharing of the ciphertexts is easy once the following concepts are understood. Let st,1 denote a vector of t secrets, yn,1 denote a vector of n shares, and Xn,t denote an n×t matrix. We define an encoding function

    yn,1=Xn,tst,1 (5.5)

    and a decoding function

    st,1=X1t,tyt,1, (5.6)

    where yt,1yn,1, and Xt,tXn,t. In the case of (n, n)-threshold secret sharing, the above encoding and decoding functions are equivalent to Eq. (4.4) and Eq. (4.5), respectively. In the previous special case, we only require that Xn,n has a modular multiplicative inverse. In the current generalised case, however, we require that any t×t sub-matrix of Xn,t has a modular multiplicative inverse. In fact, when t=n, the current requirement reduces to the previous one since the one and only sub-matrix of Xn,t is Xn,t itself. Our question is hence 'is it possible to construct a valid matrix Xn,t such that any square matrix Xt,t consisting of t rows of Xn,t has a multiplicative inverse?'.

    A matrix A is invertible if and only if its determinant is non-zero. When t and n are small numbers, we could use trial and error to construct a valid Xn,t such that det(Xt,t)0 for any Xt,t. This approach is, however, not practical since collisions become difficult to be handled as the ratio between n and t, implying the number of possible combinations, grows large. To obtain a valid matrix in a systematic way, one of the possible solutions is to construct a Vandermonde matrix.

    Definition (Vandermonde matrix). An n×t Vandermonde matrix has a form

    An,t=(α10α11α12α1t1α20α21α22α2t1αn0αn1αn2αnt1).

    For a t×t square Vandermonde matrix, the determinant is given by

    det(At,t)=1i<jt(αjαi).

    Example. Let us compute det(A), where

    A=(1α1α121α2α221α3α32).

    The determinant of A is given by

    det(1α1α121α2α221α3α32)=det(1α1α120α2α1α22α120α3α1α32α12)=det(α2α1α22α12α3α1α32α12)=(α2α1)(α3α1)det(1α2α11α3α1)=(α2α1)(α3α1)det(1α2α10α3α2)=(α2α1)(α3α1)(α3α2)

    Corollary (Invertible Vandermonde matrix). A square Vandermonde matrix is invertible if and only if all αi are distinct. When the condition suffices, the matrix has a nonzero determinant.

    Given the above preliminaries, we can start with the detailed construction of sharing ciphertexts. Consider a Vandermonde matrix written as

    Xn,t=(x10x11x12x1t1x20x21x22x2t1xn0xn1xn2xnt1), (5.7)

    where {xi}ni=1 are all distinct. The shares are created as

    E(y1)=E(s1)x10E(s2)x11E(st)x1t1,E(y2)=E(s1)x20E(s2)x21E(st)x2t1,E(yn)=E(s1)xn0E(s2)xn1E(st)xnt1. (5.8)

    Due to privacy homomorphisms, the above results are equivalent to

    E(y1)=E(s1x10+s2x11++stx1t1),E(y2)=E(s1x20+s2x21++stx2t1),E(yn)=E(s1xn0+s2xn1++stxnt1). (5.9)

    After decryption, the results become

    y1=s1x10+s2x11++stx1t1,y2=s1x20+s2x21++stx2t1,yn=s1xn0+s2xn1++stxnt1, (5.10)

    or alternatively, as expressed in Eq. (5.5). Each participant will receive a share (xi, yi), where i{1,2,,n}. Suppose that a subset of participants has gathered a collection of shares, say, (xj, yj), where j{1,2,,t}. Hence, the participants form a matrix

    Xt,t=(x10x11x12x1t1x20x21x22x2t1xt0xt1xt2xtt1), (5.11)

    and reconstruct the secrets with Eq. (5.6). Note that Xt,t is a square Vandermonde matrix, thus invertible. The reader may have observed that when Xn,t is a Vandermonde matrix, Eq. (5.5) and Eq. (5.6) are the encoding and decoding functions of Shamir's scheme per se. Let f(x) denote Shamir's encoding function, while g(x) denote ours. The connection between two functions can be expressed as

    g(x)=ti=1E(si)xi1=E(ti=1sixi1)=E(f(x)). (5.12)

    Except for the processing domain (either the plaintext or ciphertext domain), a noticeable difference between two schemes is the decoding process for which Shamir uses the Lagrange interpolation and we utilise a matrix multiplication. We remark that there are many studies on fast algorithms for matrix inversion [34] and multiplication [35,36,37].

    In this paper, we address a novel research problem of secret sharing in the encrypted domain for IoT-based healthcare applications. We study the problem of sharing encrypted data, acquired from different sensor nodes, among a set of cloud servers. In conclusion, the proposed schemes are theoretically secure in the following senses. First, since the secret data is concealed by a secure encryption algorithm immediately after its creation, the dealer as well as other sources cannot access the secret data. Second, the key server only has partial shares and thus is also unable to retrieve the secret data. Third, conforming with the access policy, a subset of fewer than a certain number of participants does not suffice to decode the secrets either. In addition to this, the data is not required to be stored in a common database so that the scheme is not vulnerable to cyber threats against the database. Furthermore, since data retrieval does not involve computationally expensive decryption operations, the scheme is advantageous in time-sensitive circumstances. In the near future we intend to extend this work into a more general access structure based on the assumption that there are dishonest parties involved. Another line of further investigation is the application of this work in visual cryptography.

    This work was supported by the Marie Skłodowska-Curie actions of EU Horizon 2020 programme through the project entitled 'Computer Vision Enabled Multimedia Forensics and People Identification' (Project No. 690907, Acronym: IDENTITY).

    All authors declare no conflicts of interest in this paper.



    [1] Santos IN, Ćuk V, Almeida PM, et al. (2015) Considerations on Hosting Capacity for harmonic distortions on transmission and distribution systems. Electr Power Syst Res 119: 199–206. doi: 10.1016/j.epsr.2014.09.020
    [2] Lopes JAP, Hatziargyriou N, Mutale J, et al. (2007) Integrating distributed generation into electric power systems: A review of drivers, challenges and opportunities. Electr Power Syst Res 77: 1189–1203. doi: 10.1016/j.epsr.2006.08.016
    [3] Iyer H, Ray S, Ramakumar R (2006) Assessment of distributed generation based on voltage profile improvement and line loss reduction. In Proceedings of the IEEE Power Engineering Society Transmission and Distribution Conference 1171–1176.
    [4] AEEG (2008) Delibera ARG/elt 99/08-Testo integrato delle connessioni attive TICA, Gazzetta ufficiale della Repubblica Italiana (www.arera.it).
    [5] Singh B, Sharma J (2017) A review on distributed generation planning. Renewable Sustainable Energy Rev 76: 529–544. doi: 10.1016/j.rser.2017.03.034
    [6] Keane A, Ochoa LF, Borges CLT, et al. (2013) State-of-the-Art techniques and challenges ahead for distributed generation planning and optimization. IEEE Trans Power Syst 28: 1493–1502. doi: 10.1109/TPWRS.2012.2214406
    [7] Mahesh K, Nallagownden PAL, Elamvazuthi IAL (2015) Optimal placement and sizing of DG in distribution system using accelerated PSO for power loss minimization. In 2015 IEEE Conference on Energy Conversion (CENCON) 193–198.
    [8] Keane A, Zhou Q, Bialek JW, et al. (2009) Planning and operating non-firm distributed generation. IET Renew Power Gener 3: 455–464. doi: 10.1049/iet-rpg.2008.0058
    [9] Zhu D, Broadwater RP, Tam KS, et al. (2006) Impact of DG placement on reliability and efficiency with time-varying loads. IEEE Trans Power Syst 21: 419–427. doi: 10.1109/TPWRS.2005.860943
    [10] Ochoa LF, Dent CJ, Harrison GP (2010) Distribution network capacity assessment: Variable DG and active networks. IEEE Trans Power Syst 25: 87–95. doi: 10.1109/TPWRS.2009.2031223
    [11] Zeng F, Bie Z, Li X, et al. (2018) Annual renewable energy planning platform: Methodology and design. 13th IEEE Conference on Automation Science and Engineering (CASE) 1392–1397.
    [12] Georgopoulou E, Lalas D, Papagiannakis L (1997) A Multicriteria Decision Aid approach for energy planning problems: The case of renewable energy option. Eur J Oper Res 103: 38–54. doi: 10.1016/S0377-2217(96)00263-9
    [13] Meng T, Qian M, Zhao D (2018) Peak regulation strategy of regional power systems for large-scale renewable generation accommodation. 2018 IEEE International Conference on Energy Internet (ICEI) 99–104.
    [14] Hong B, Chen J, Zhang W, et al. (2018) Integrated energy system planning at modular regional-user level based on a two-layer bus structure. CSEE J Power Energy Syst 4: 188–196. doi: 10.17775/CSEEJPES.2018.00110
    [15] Wang D, Liu L, Jia H, et al. (2018) Review of key problems related to integrated energy distribution systems. CSEE J Power Energy Syst 4: 130–145. doi: 10.17775/CSEEJPES.2018.00570
    [16] Liu Z, Yang P, Peng J, et al. (2018) Capacity allocation for regional integrated energy system considering typical day economic operation. 2018 IEEE International Conference on Energy Internet (ICEI) 60–65.
    [17] Tannirandon A, Gerdsri N (2016) Energy planning for sustainable development-challenge and experience sharing from Thailand. 2016 IEEE International Conference on Management of Innovation and Technology (ICMIT) 115–120.
    [18] Brand B, Missaoui R (2014) Multi-criteria analysis of electricity generation mix scenarios in Tunisia. Renewable Sustainable Energy Rev 39: 251–261. doi: 10.1016/j.rser.2014.07.069
    [19] Şengül Ü, Eren M, Shiraz SE, et al. (2015) Fuzzy TOPSIS method for ranking renewable energy supply systems in Turkey. Renewable Energy 75: 617–625. doi: 10.1016/j.renene.2014.10.045
    [20] Malkawi S, Al-Nimr M, Azizi D (2017) A multi-criteria optimization analysis for Jordan's energy mix. Energy 127: 680–696. doi: 10.1016/j.energy.2017.04.015
    [21] Volkart K, Weidmann N, Bauer C, et al. (2017) Multi-criteria decision analysis of energy system transformation pathways: A case study for Switzerland. Energy Policy 106: 155–168. doi: 10.1016/j.enpol.2017.03.026
    [22] Mourmouris JC, Potolias C (2013) A multi-criteria methodology for energy planning and developing renewable energy sources at a regional level: A case study Thassos, Greece. Energy Policy 52: 522–530. doi: 10.1016/j.enpol.2012.09.074
    [23] Baležentis T, Streimikiene D (2017) Multi-criteria ranking of energy generation scenarios with Monte Carlo simulation. Appl Energy 185: 862–871. doi: 10.1016/j.apenergy.2016.10.085
    [24] Mirbagheri SM, Moncecchi M, Falabretti D, et al. (2018) Hosting Capacity evaluation in networks with parameter uncertainties. 18th International Conference on Harmonics and Quality of Power.
    [25] Falabretti D, Ilea V, Merlo M, et al. (2018) Hosting Capacity analysis: A review and a new evaluation method in case of parameters uncertainty and multi-generator. 2018 IEEE International Conference on Environment and Electrical Engineering and 2018 IEEE Industrial and Commercial Power Systems Europe, (EEEIC/I&CPS Europe).
    [26] Ministero dello Sviluppo Economico (2012) Decreto Ministero dello Sviluppo Economico 15 marzo 2012. Definizione e qualificazione degli obiettivi regionali in materia di fonti rinnovabili e definizione della modalità di gestione dei casi di mancato raggiungimento degli obiettivi da parte delle regioni. Gazzetta ufficiale della Repubblica Italiana (www.gazzettaufficiale.it).
    [27] European Parliament (2009) Directive 2009/28/EC of the european parliament and of the council of 23 April 2009. Off J Eur Union 140: 16–62.
    [28] Zio E, Delfanti M, Giorgi L, et al. (2015) Monte Carlo simulation-based probabilistic assessment of DG penetration in medium voltage distribution networks. Int J Electr Power Energy Syst 64: 852–860. doi: 10.1016/j.ijepes.2014.08.004
    [29] Widén J, Wäckelgård E, Paatero J, et al. (2010) Impacts of distributed photovoltaics on network voltages: Stochastic simulations of three Swedish low-voltage distribution grids. Electr Power Syst Res 80: 1562–1571. doi: 10.1016/j.epsr.2010.07.007
    [30] Kolenc M, Papič I, Blažič B (2015) Assessment of maximum distributed generation penetration levels in low voltage networks using a probabilistic approach. Int J Electr Power Energy Syst 64: 505–515. doi: 10.1016/j.ijepes.2014.07.063
    [31] Ballanti A, Pilo F, Navarro-Espinosa A, et al. (2013) Assessing the benefits of PV var absorption on the Hosting Capacity of LV feeders. 2013 4th IEEE/PES Innovative Smart Grid Technologies Europe, ISGT Europe 2013 1–5.
    [32] Abdmouleh Z, Gastli A, Ben-Brahim L, et al. (2017) Review of optimization techniques applied for the integration of distributed generation from renewable energy sources. Renewable Energy 113: 266–280. doi: 10.1016/j.renene.2017.05.087
    [33] Pesaran MHA, Huy PD, Ramachandaramurthy VK (2017) A review of the optimal allocation of distributed generation: Objectives, constraints, methods, and algorithms. Renewable Sustainable Energy Rev 75: 293–312. doi: 10.1016/j.rser.2016.10.071
    [34] Conti S, Raiti S (2007) Probabilistic load flow using Monte Carlo techniques for distribution networks with photovoltaic generators. Sol Energy 81: 1473–1481. doi: 10.1016/j.solener.2007.02.007
    [35] Delfanti M, Falabretti D, Merlo M (2013) Dispersed generation impact on distribution network losses. Electr Power Syst Res 97: 10–18. doi: 10.1016/j.epsr.2012.11.018
    [36] Bertini D, Falabretti D, Moneta D, et al. (2011) Hosting Capacity of italian distribution networks. CIRED 21st Int Conf Electr Distrib.
    [37] Delfanti M, Merlo M, Monfredini G, et al. (2010) Hosting dispersed generation on Italian MV networks: Towards smart grids. 14th International Conference on Harmonics and Quality of Power.
    [38] Delfanti M, Falabretti D, Mandelli S, et al. (2016) Energy planning approach for an efficient distribution grid. In CIRED Workshop 2016.
    [39] CEI (2014) Regola tecnica di riferimento per la connessione di Utenti attivi e passivi alle reti AT ed MT delle imprese distributrici di energia elettrica. Norma 0–16. Comitato Elettrotecnico Italiano (www.cei.it).
  • This article has been cited by:

    1. Guo-Dong Su, Chin-Chen Chang, Chia-Chen Lin, Zhi-Qiang Yao, Secure high capacity tetris-based scheme for data hiding , 2021, 1751-9659, 10.1049/iet-ipr.2019.1694
    2. Xiao-Zhu Xie, Chin-Chen Chang, Ji-Hwei Horng, An EMD-based data hiding scheme for JPEG images, 2020, 0954-0091, 1, 10.1080/09540091.2020.1853055
    3. Ya Liu, Guangdong Feng, Chuan Qin, Haining Lu, Chin-Chen Chang, High-Capacity Reversible Data Hiding in Encrypted Images Based on Hierarchical Quad-Tree Coding and Multi-MSB Prediction, 2021, 10, 2079-9292, 664, 10.3390/electronics10060664
    4. Shuying Xu, Chin-Chen Chang, Yanjun Liu, A high-capacity reversible data hiding scheme for encrypted images employing vector quantization prediction, 2021, 1380-7501, 10.1007/s11042-021-10698-2
    5. Chin-Chen Chang, Ji-Hwei Horng, Chia-Shou Shih, Xu Wang, VQ-oriented data hiding based on adjustable error compensation strategy, 2021, 0954-0091, 1, 10.1080/09540091.2021.1900073
    6. Hyeji Roh, Seulgi Shin, Jinseo Han, Sangsoon Lim, A deep learning-based medication behavior monitoring system, 2021, 18, 1551-0018, 1513, 10.3934/mbe.2021078
    7. Yang Ming, Xiaopeng Yu, Xiaoqin Shen, Efficient Anonymous Certificate-Based Multi- Message and Multi-Receiver Signcryption Scheme for Healthcare Internet of Things, 2020, 8, 2169-3536, 153561, 10.1109/ACCESS.2020.3018488
    8. Ching-Chun Chang, Chi-Hua Chen, Cryptospace Invertible Steganography with Conditional Generative Adversarial Networks, 2021, 2021, 1939-0122, 1, 10.1155/2021/5538720
    9. Guo-Dong Su, Ching-Chun Chang, Toward high-capacity crypto-domain reversible data hiding with huffman-based lossless image coding, 2022, 0178-2789, 10.1007/s00371-022-02613-z
    10. Maha A. Sayal, Mali H Hakem Alameady, 2022, Homomorphic Encryption between Client and Cloud Server, 978-1-6654-7013-1, 227, 10.1109/ISMSIT56059.2022.9932781
    11. Yung-Hui Li, Ching-Chun Chang, Guo-Dong Su, Kai-Lin Yang, Muhammad Saqlain Aslam, Yanjun Liu, Coverless image steganography using morphed face recognition based on convolutional neural network, 2022, 2022, 1687-1499, 10.1186/s13638-022-02107-5
    12. Chin-Chen Chang, Ji-Hwei Horng, Jui-Feng Chang, 2021, High-Payload Data Hiding Scheme Based on Ordered Shifting of AC Coefficients for JPEG Images, 978-1-6654-3358-7, 1, 10.1109/iFUZZY53132.2021.9605080
    13. Haoyang Kang, Lu Leng, Chin-Chen Chang, Overlapped (7,4) hamming code for large-capacity and low-loss data hiding, 2023, 1380-7501, 10.1007/s11042-023-14502-1
    14. Guo-Dong Su, Chia-Chen Lin, Chin-Chen Chang, Chi-Hua Chen, Privacy-Preserving Reversible Data Hiding for Medical Images Employing Local Rotation, 2021, 2021, 2040-2309, 1, 10.1155/2021/5709513
    15. Chuan Qin, Chanyu Jiang, Qun Mo, Heng Yao, Chin-Chen Chang, Reversible Data Hiding in Encrypted Image via Secret Sharing Based on GF(p) and GF(2⁸), 2022, 32, 1051-8215, 1928, 10.1109/TCSVT.2021.3091319
    16. Chin-Chen Chang, Jui-Feng Chang, Wei-Jiun Kao, Ji-Hwei Horng, Two-Layer Reversible Data Hiding for VQ-Compressed Images Based on De-Clustering and Indicator-Free Search-Order Coding, 2021, 13, 1999-5903, 215, 10.3390/fi13080215
    17. Chin-Chen Chang, Guo-Dong Su, Chia-Chen Lin, Yung-Hui Li, Position-Aware Guided Hiding Data Scheme with Reversibility and Adaptivity for Dual Images, 2022, 14, 2073-8994, 509, 10.3390/sym14030509
    18. Sisheng Chen, Ching-Chun Chang, Isao Echizen, Steganographic Secret Sharing With GAN-Based Face Synthesis and Morphing for Trustworthy Authentication in IoT, 2021, 9, 2169-3536, 116427, 10.1109/ACCESS.2021.3105590
    19. Xiaoping Li, Ching-Chun Chang, Yanjun Liu, A generalized Chinese remainder theorem-based proactive multi-secret sharing scheme for global wide area network, 2021, 78, 1018-4864, 49, 10.1007/s11235-021-00791-0
    20. Xiao-Zhu Xie, Chin-Chen Chang, Hiding data in dual images based on turtle shell matrix with high embedding capacity and reversibility, 2021, 80, 1380-7501, 36567, 10.1007/s11042-021-11368-z
    21. Shuying Xu, Chin-Chen Chang, Ji-Hwei Horng, A Steganography Based on Optimal Multi-Threshold Block Labeling, 2023, 44, 0267-6192, 721, 10.32604/csse.2023.026046
    22. Kai-Meng Chen, Chin-Chen Chang, High-capacity separable reversible data-Hiding method in encrypted images based on block-level encryption and Huffman compression coding, 2021, 33, 0954-0091, 975, 10.1080/09540091.2021.1926930
    23. Arup Kumar Chattopadhyay, Sanchita Saha, Amitava Nag, Sukumar Nandi, Secret sharing: A comprehensive survey, taxonomy and applications, 2024, 51, 15740137, 100608, 10.1016/j.cosrev.2023.100608
    24. Guo-Dong Su, Chin-Chen Chang, Chia-Chen Lin, An effective compressed image authentication scheme based on N-variant AMBTC, 2024, 83, 1380-7501, 3801, 10.1007/s11042-023-15486-8
    25. Saja Kareem Ismael, Mohamed Ibrahim Shujaa, Ahmed Bahaaulddin A. Alwahhab, 2024, 3232, 0094-243X, 020017, 10.1063/5.0236652
    26. Yongning Guo, Guodong Su, Zhiqiang Yao, Wang Zhou, Reversible data hiding scheme for encrypted JPEG bitstreams using adaptive RZL rotation, 2024, 25, 2095-9184, 1353, 10.1631/FITEE.2300749
    27. Yuan Guo, Ziqi Liu, Coverless Steganography for Face Recognition Based on Diffusion Model, 2024, 12, 2169-3536, 148770, 10.1109/ACCESS.2024.3477469
    28. Avinash Srinivasan, Gordon Morewood, Kellie Simmons-Massey, Yanhua Li, 2024, SAFE-CARE: Reversible Privacy-preserving Physician Feedback Framework to Improve Patient Care Quality, 979-8-3315-0689-6, 131, 10.1109/CyberC62439.2024.00032
  • Reader Comments
  • © 2019 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(6232) PDF downloads(1541) Cited by(3)

Figures and Tables

Figures(10)  /  Tables(5)

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog