A Permissioned Blockchain-Based Energy Management System for Renewable Energy Microgrids

: Peer-to-peer (P2P) energy management is one of the most viable solutions to incentivize prosumers in renewable energy microgrids. As the application of blockchain expends from the ﬁnance ﬁeld to energy ﬁeld, blockchain technology provides a new opportunity for distributed energy systems. However, a distributed energy system based on blockchains allows any node in the whole network to read data. In many application scenarios, user privacy cannot be effectively protected, and there is a security problem that the attack cannot be traced. In this paper, we propose an energy management mode based on a permissioned blockchain for a renewable energy microgrid. The novel permissioned blockchain framework uses entity mapping with a unique identity for each enterprise, natural person, or device, in order to avoid ineligible participants to join the microgrid. Each peer entity keeps the transaction information index of the whole network, but only keeps its own speciﬁc transaction information, so they can retrieve the transaction information of other peer entities but cannot obtain the details without permission. Moreover, this model could avoid communication delays and promote plug-and-play due to the distributed nature of the permissioned blockchain. The performance of the proposed method is evaluated with a demonstration program which is designed and deployed on a Hyperledger Fabric permissioned blockchain. Simulation results show the feasibility of the proposed method, and the model is conducive to the protection privacy and P2P energy management for decentralized energy systems. multi-zone buildings. It is used by engineers and researchers around the to validate new energy concepts. It is well to the detailed analysis of any system whose behavior depends on the passage of time. The main applications include solar thermal and PV systems, low energy buildings, heating ventilation air con-ditioning systems, renewable energy systems, cogeneration, and FC systems [53].


Introduction
The process of electrification has been greatly developed, and complete microgrid systems have been established in vast areas [1]. A microgrid refers to a network composed of multiple distributed power sources and their related loads according to a certain topological structure. It is a typical method of active distribution network and enables the transition from traditional power grids to smart power grids [2,3]. As the cost of renewable energy generation decreases and people pay more attention to environmental problems, microgrids are increasingly adopted for distributing renewable energy [4]. The energy management of microgrids becomes more important due to the intermittency of renewable energy generation [5,6].
There are three major classical energy management methods for microgrid systems: centralized management, multi-agent management, and peer-to-peer (P2P) energy management [7][8][9]. Centralized management is the traditional mode and needs a center or 1.
Blockchain technology for power market transactions or energy management are almost established and implemented on the public blockchain. Any node in the public blockchain can join or leave the network at any time without any permission, which hinders the supervision of power institutions.

2.
The blockchain network would contain all the details of energy producers and users, which includes private data that need to be protected [22,23]. The distributed data structure also exposes the privacy of users to the risk of leakage and reduces enthusiasm to participate.

3.
Energy management systems developed on the consortium blockchain platform would solve the problem of privacy exposure to some extent. However, some malicious nodes can register accounts many times and re-join the energy systems.
According to the defect of existing technology, the paper proposes a privacy-preserving P2P energy management for microgrids based on a permissioned blockchain. The main contributions of the paper are summarized as follows:

1.
A decentralized energy management system is proposed based on the permissioned blockchain framework, which enhances user privacy protection for renewable energy microgrids.

2.
Taking a typical renewable energy microgrid as the study scenario, a P2P energy system established on permissioned blockchain network can avoid the communication delay and promotes the plug-and-play of power units.

3.
This paper designs and deploys a permissioned blockchain platform in the Hyperledger Fabric to evaluate the performance of the above mode. The mode is verified to be a simple and effective engineering way for developing renewable energy microgrids.
The remainder of this paper is organized as follows. Section 2 introduces the concept of blockchain and provides the permissioned blockchain technology. Section 3 describes the energy management method of permissioned blockchains by a typical renewable energy microgrid. In Section 4, a case study proves the effectiveness and feasibility of the method. Section 5 draws the final conclusion and elaborates on potential future work.

Types of Blockchain
A blockchain is an open database that maintains a distributed ledger typically deployed within a P2P network. It comprises a continuously growing list of records called blocks that contain transactions [24]. With the birth of bitcoin, blockchain technology has developed into a new research field. Through the development of blockchains, three typical technological forms have gradually been formed. They are public blockchain, private blockchain, and consortium blockchain. These different types of blockchains have different technical features [25].
Any node of the public blockchain is open to all participants, and each user can participate in the calculation and trading of the blockchain. Moreover, any user can download the complete blockchain data information. Bitcoin and Ethereum are the typical public blockchains. In private blockchain, only when this node is licensed by the developer, can a participator participate in and view all data information. It is only applied to internal applications of a particular institution, such as data management and auditing. In the consortium blockchain, all the nodes need to be registered and certified to join, and they can realize the trusted interaction of data without fully trusting each other. However, the completely closed network structure reduces the decentralization which is original intention of blockchain technology [26].
The main features of public blockchains, private blockchains, and consortium blockchains are compared in Table 1.

Permissioned Blockchains
Microgrids have typical characteristics of the modern energy industry, such as multiple regions and multiple devices. There are risks of key loss and key leakage in complex processing processes in the certificate interaction between authentication entities. It is urgent to strengthen the security of intelligent terminals to realize secure and trusted data access. According to the classification of the blockchain underlying structure, the above types cannot meet the needs of the energy industry. Therefore, we classify the blockchain technologies used in the energy sector into two categories: permissioned blockchains and permissionless blockchains.
Permissionless blockchains enable distributed consensus without the need to establish a pre-existing identity or trusted third party. This network structure supports applications such as cryptocurrencies and smart contracts. However, this consensus is based on data sent over peer-to-peer networks and generated by applications. Although network-layer attacks are always discussed, there is not yet a systematic way to combine the various requirements, known attacks, and network-layer design spaces.
Permissioned blockchains establish secure channels based on identity access. They adopt collaborative consensus instead of the competitive consensus of public blockchains, and improve the real-time performance and the flux of transactions. Some consortium blockchains and private blockchains belong to the permissioned blockchains, but their underlying structures are only exposed to existing nodes, seriously reducing the decentralized advantages of blockchains. Based on the registration mode of distributed cryptography, some public blockchains can integrate the permission mechanism of consortium blockchains to form an innovatively supervised scheme for public users. Permissioned blockchains not only establish the security and privacy correspondence between individuals and accounts, but the new architecture is also flexible and efficient, which can support complex practical applications, especially for the energy management of microgrids [32].
All information on the permissioned blockchain would be open and transparent under conditions of full privacy protection. Addresses on the blockchain correspond to devices or vendors. Entity identification (ID) information is separated from entity authentication by means of entity mapping protocol and zero knowledge proof. On the one hand, the existing blockchain algorithms could be optimized by making full use of entity mapping information, including network sharding algorithms, consensus algorithms, virtual machines, etc. On the other hand, it can provide functions that anonymous blockchains do not have, such as voting by person and penalizing by address. The multiple ID model of a permissioned blockchain is shown in Figure 1.

Permissioned Blockchains
Microgrids have typical characteristics of the modern energy industry, such as multiple regions and multiple devices. There are risks of key loss and key leakage in complex processing processes in the certificate interaction between authentication entities. It is urgent to strengthen the security of intelligent terminals to realize secure and trusted data access. According to the classification of the blockchain underlying structure, the above types cannot meet the needs of the energy industry. Therefore, we classify the blockchain technologies used in the energy sector into two categories: permissioned blockchains and permissionless blockchains.
Permissionless blockchains enable distributed consensus without the need to establish a pre-existing identity or trusted third party. This network structure supports applications such as cryptocurrencies and smart contracts. However, this consensus is based on data sent over peer-to-peer networks and generated by applications. Although network-layer attacks are always discussed, there is not yet a systematic way to combine the various requirements, known attacks, and network-layer design spaces.
Permissioned blockchains establish secure channels based on identity access. They adopt collaborative consensus instead of the competitive consensus of public blockchains, and improve the real-time performance and the flux of transactions. Some consortium blockchains and private blockchains belong to the permissioned blockchains, but their underlying structures are only exposed to existing nodes, seriously reducing the decentralized advantages of blockchains. Based on the registration mode of distributed cryptography, some public blockchains can integrate the permission mechanism of consortium blockchains to form an innovatively supervised scheme for public users. Permissioned blockchains not only establish the security and privacy correspondence between individuals and accounts, but the new architecture is also flexible and efficient, which can support complex practical applications, especially for the energy management of microgrids [32].
All information on the permissioned blockchain would be open and transparent under conditions of full privacy protection. Addresses on the blockchain correspond to devices or vendors. Entity identification (ID) information is separated from entity authentication by means of entity mapping protocol and zero knowledge proof. On the one hand, the existing blockchain algorithms could be optimized by making full use of entity mapping information, including network sharding algorithms, consensus algorithms, virtual machines, etc. On the other hand, it can provide functions that anonymous blockchains do not have, such as voting by person and penalizing by address. The multiple ID model of a permissioned blockchain is shown in Figure 1.  Zero knowledge proof technology is adopted to carry out distributed registration under the premise that the user does not provide personal data, so as to ensure the security of personal data. Linkable ring signature technology is also used to ensure the internal correlation between the three IDs. Therefore, the network of permissioned blockchains has the advantages of public and consortium blockchains [33,34].

Energy Management Method
Photovoltaic (PV) power generation technology has developed rapidly, because it generates no pollutant emissions in the process of power generation and is not restricted by resource distribution region. According to the Renewables 2019 Global Status Report from the International Energy Agency, the global installed PV capacity has increased from 15 GW to 505 GW in the past decade [35]. In order to reduce the impact of the uncertainty of PV power generation on the power system, especially in off-grid microgrids [36,37], hydrogen fuel cells (FCs) are used as energy storage devices to form microgrid systems in combination with PV technology. FCs have higher energy density and longer service life than chemical energy storage batteries. Therefore, PV/FC generation microgrids are a potential choice to improve the efficiency and reliability of individual generation technologies by complementing each other to overcome the challenge of intermittency [38,39].
This section takes a simple off-grid PV/FC microgrid as the scenario and introduces the proposed energy management method. The off-grid microgrid operates independently and is not connected to the main distribution network. There are basically three layers of this structure: the physical layer, scheduling layer, and executive layer. The physical layer includes renewable PV power generation units besides FC power generation, as well as electricity load. The scheduling layer is responsible for formulating the electric power dispatching strategy, including the supply and storage of electrical energy. In the executive layer, the executing of the electricity dispatching strategy has been formulated. This PV/FC microgrid performs privacy-preserving P2P energy management based on the permissioned blockchain technology.

Physical Layer
PV technology is simple in structure, stable in performance, and does not produce any pollutants in the process of power generation; therefore, it is very suitable as a renewable power source in microgrids. The introduction of hydrogen FCs as an energy storage unit can reduce the impact of PV power generation uncertainty and improve the power supply stability of the microgrid system. The power generation parts of a typical PV/FC microgrid system are composed of the PV system, electrolyzer, compressor, tank, and FC. The schematic diagram of the whole microgrid system is shown in Figure 2. The PV technology commonly used is polycrystalline silicon because it is widely commercially available and economic in cost. It converts solar irradiation into electricity. PV is a standalone power generation, responsible for supplying load and providing excess power to FC. It converts solar irradiation to electricity, and the photoelectric effect electric current is: where q is the electron charge, V is the cell voltage, and and ℎ are resistance connected in series and shunt resistance, respectively. K, T, and n are the Boltzmann constant, The PV technology commonly used is polycrystalline silicon because it is widely commercially available and economic in cost. It converts solar irradiation into electricity. PV is a standalone power generation, responsible for supplying load and providing excess power to FC. It converts solar irradiation to electricity, and the photoelectric effect electric current is: where q is the electron charge, V is the cell voltage, and R s and R sh are resistance connected in series and shunt resistance, respectively. K, T, and n are the Boltzmann constant, operation temperature, and ideality factor of diode, respectively. Equations (2) and (3) are the light-generated electric current and saturation electric current, respectively.
where G, G re f , and T re f are solar irradiation, solar irradiation at standard condition, and reference temperature, respectively. Equation (4) is the reverse saturation electric current, and is expressed as: where V oc and K i are open circuit voltage and short circuit current coefficient, respectively. The power of the PV model is obtained by the multiplied model current and voltage, and expressed as: The electrolyzer is an electrochemical device that mainly consists of a cell frame, electrode (anode and cathode), electrolyte, and separating diaphragm. When direct current passes through an electrolyzer, chemical reactions take place at the cathode and the anode, to decompose water (H 2 O) into hydrogen (H 2 ) and oxygen (O 2 ). The electrolyte is usually an aqueous solution of potassium hydroxide (KOH) with a concentration of 20-40%, which can enhance the ionic conductivity of the electrolyte. Bidirectional alkaline electrolyzers are very widely used in small and medium-sized microgrid systems [40,41]. The compressor is a mechanical device that boosts low pressure gas into high pressure gas by reducing the volume of the gas. In this system, it increases static pressure of the gas and delivers the gas at a specified pressure and flow rate. A multi-stage polytrophic compressor is chosen for the purpose of compressing hydrogen gas from low mass density to high mass density with a certain pressure level for easily storing in the tank. The proton exchange membrane (PEM) FC is chosen to be a backup power generator due to its ability to rapidly respond to switching on/off compared to other FC technology. It uses hydrogen and oxygen for producing power through chemical reactions between the cathode and anode. The chemical reaction of PEM FC is as follows.
An FC is combined of numbers of cells connected in series to constitute stacks; each cell has a voltage, and several cells connected are given a stack voltage. The voltage of an individual cell can be named as FC voltage, and written as Equation (8): where e f f f c is the efficiency of the PEM FC. V f c is the voltage of a single cell. Stack voltage is a summation of an individual cell's voltage, and the number of cells can be obtained by an equation written as: where N c is the number of the cells, V stack is the stack voltage, and x is the number of samples. The FC electric power output can be expressed by Equation (10):

Scheduling Layer
In order to modularize the generation unit, the control strategy of dispatching layer is simplified to achieve peer energy management. This paper takes the electrolyzer, compressor, tank, and FC as the whole FC. The simplified microgrid system includes three types of units: PV, FC, and load, among which load is all kinds of electricity load in the smart village. PV is firstly responsible for feeding the load and providing excess power for hydrogen energy production. If the PV power supply is insufficient to meet the load, the FC takes hydrogen energy which is stored in tank and behaves as a backup power source to share the energy generation with the PV system for meeting the load deficit. At night or early morning, solar irradiation is not available, and the load energy is completely provided by FC.
The sampling time of energy management is decided per hour based on scaled hourly data of load and solar irradiation. The energy conservation law of electric power can be written as: P pv > 0, f or P pv < P L : P pv + P f c = P L (12) In the above formula, P ex is excess power of the microgrid system, and P L is Load power. Each physical unit can be regarded as an organization of the permissioned blockchain, including PV, FC, and Load. Every organization is a complete network node and contains Endorser Peer, Leader Peer, Committer Peer, and Anchor Peer. Each Node is connected with Orderer Node information, so there is no information delay when the system conducts power dispatching. FC is a special organization because it has a dual identity of the power supplier and the power user. Therefore, it is necessary to make a dual identity registration for FC in the system modularization phase.

Executive Layer
When the generation and consumption units of the renewable energy microgrid are determined, the power energy management method can be established to be the executive layer. It will build the system on a permissioned blockchain, and chain code operations are performed by deploying and invoking smart contracts.
The basic network architecture of a permissioned blockchain contains the following nodes: Client Node, certificate authority (CA) Node, Peer Node, and Orderer Node, and it is shown in Figure 3.
Client Node, which can act as an application, represents an entity operated by the end user. It needs to connect to the Peer Node or Orderer Node before communication.
The client submits a proposal to the Endorser Peer, and when enough endorsements have been collected, the transaction is broadcasted to the Orderer Node for sorting and generates a block. determined, the power energy management method can be established to be the ex layer. It will build the system on a permissioned blockchain, and chain code ope are performed by deploying and invoking smart contracts.
The basic network architecture of a permissioned blockchain contains the fo nodes: Client Node, certificate authority (CA) Node, Peer Node, and Orderer No it is shown in Figure 3. Client Node, which can act as an application, represents an entity operated end user. It needs to connect to the Peer Node or Orderer Node before commun The client submits a proposal to the Endorser Peer, and when enough endorsemen been collected, the transaction is broadcasted to the Orderer Node for sorting and ates a block.
The CA Node is responsible for managing all certificates in the network and ing a standard public key infrastructure (PKI) service. It is composed of the CA-ser CA-client in the permissioned blockchain. The CA is introduced in the blockch work to achieve privilege control and supervision of transaction parties by control public and private keys of the participants.
The Orderer Node is responsible for sorting all transactions sent to the netwo arranging the sorted transactions into blocks according to the convention in the c ration. Finally, it is submitted to the Leader Peer for processing.
The Peer Node is special in that it can play four roles: Endorser Peer, Lead Committer Peer, and Anchor Peer. Each Peer Node must be a Committer Peer, an The CA Node is responsible for managing all certificates in the network and providing a standard public key infrastructure (PKI) service. It is composed of the CA-server and CA-client in the permissioned blockchain. The CA is introduced in the blockchain network to achieve privilege control and supervision of transaction parties by controlling the public and private keys of the participants.
The Orderer Node is responsible for sorting all transactions sent to the network, and arranging the sorted transactions into blocks according to the convention in the configuration. Finally, it is submitted to the Leader Peer for processing.
The Peer Node is special in that it can play four roles: Endorser Peer, Leader Peer, Committer Peer, and Anchor Peer. Each Peer Node must be a Committer Peer, and it can also play one or more other roles simultaneously. Each organization can have one or more Peer Nodes.
The establishment of energy management modes requires the deployment of smart contracts. When network parameters have been defined, power producers or users could generate transaction key pairs based on their ID. They request for authority to a CA Node, and receive an authority verification key. If the new member's ID mappings meet the permission conditions, they could obtain issue credentials, otherwise they ca not join the system. The permissioned members use the verification and credentials anonymously for transaction processing, and the trusted consensus nodes that have been elected in the blockchain network verify the transaction to determine execution or rejection. The CA Node is elected by trusted consensus nodes and is dynamically updated based on its trustworthiness. It should be noted that, in microgrids, the trusted consensus nodes are generally composed of regional energy authorities and reliable power suppliers. A typical trade in the permissioned blockchain is shown in Figure 4. transaction processing, and the trusted consensus nodes that have been elected in the blockchain network verify the transaction to determine execution or rejection. The CA Node is elected by trusted consensus nodes and is dynamically updated based on its trust worthiness. It should be noted that, in microgrids, the trusted consensus nodes are gener ally composed of regional energy authorities and reliable power suppliers. A typical trade in the permissioned blockchain is shown in Figure 4.

Hyperledger-Based Energy Management
The modular architecture of Hyperledger Fabric makes it highly scalable and flexible It is divided into four parts: identity management, account management, transaction man agement, and intelligent contract, and from the bottom-up point of view is divided into four components: member management, consensus services, chain code services, and se curity and encryption services [42]. Hyperledger Fabric demonstrates unique security mechanisms such as private data collections, which allow certain permissioned participants to only access specific data [43]. Therefore, more and more energy P2P trading pro jects choose Hyperledger as the underlying architecture.
Ref 44 proposed a blockchain-based privacy-preserving payment mechanism tha can satisfy the requirements of data sharing and privacy protection in vehicle-to-grid net works [44]. The Hyperledger Fabric framework used in the payment mechanism guaran teed the reliability of the payment process. One study proposed a distributed renewable energy transaction authentication model, which is, in accordance with the transaction principle, divided into two stages; namely, the off-chain certification stage and on-chain certification stage, and reduces the credit costs [45]. Essential chaincodes in the transaction authentication were designed and deployed on a Hyperledger Fabric blockchain site. Re 46, also based on the Hyperledger blockchain platform, proposed an energy trading plat form for electric vehicles in smart campus parking lots [46]. This platform provided profits for participants, as well as enabled balancing for the university load demand locally. In dustry stakeholders, utility companies, and energy decision-makers have taken a grea

Hyperledger-Based Energy Management
The modular architecture of Hyperledger Fabric makes it highly scalable and flexible. It is divided into four parts: identity management, account management, transaction management, and intelligent contract, and from the bottom-up point of view is divided into four components: member management, consensus services, chain code services, and security and encryption services [42]. Hyperledger Fabric demonstrates unique security mechanisms such as private data collections, which allow certain permissioned participants to only access specific data [43]. Therefore, more and more energy P2P trading projects choose Hyperledger as the underlying architecture.
Ref 44 proposed a blockchain-based privacy-preserving payment mechanism that can satisfy the requirements of data sharing and privacy protection in vehicle-to-grid networks [44]. The Hyperledger Fabric framework used in the payment mechanism guaranteed the reliability of the payment process. One study proposed a distributed renewable energy transaction authentication model, which is, in accordance with the transaction principle, divided into two stages; namely, the off-chain certification stage and on-chain certification stage, and reduces the credit costs [45]. Essential chaincodes in the transaction authentication were designed and deployed on a Hyperledger Fabric blockchain site. Ref 46, also based on the Hyperledger blockchain platform, proposed an energy trading platform for electric vehicles in smart campus parking lots [46]. This platform provided profits for participants, as well as enabled balancing for the university load demand locally. Industry stakeholders, utility companies, and energy decision-makers have taken a great interest in blockchain technologies. Hyperledger is more suitable for energy systems because of its excellent scalability. Investors and technical experts are increasingly focusing on Hyperledger-based energy management projects, especially P2P power transactions [47].
In this paper, we used Hyperledger as the underlying architecture to build the proposed permissioned blockchain energy management system. The smart contract established in the permissioned blockchain can be invoked after the deployment is completed. A typical trade in the permissioned blockchain based on Hyperledger Fabric is shown Figure 5. on Hyperledger-based energy management projects, especially P2P power transactions [47].
In this paper, we used Hyperledger as the underlying architecture to build the proposed permissioned blockchain energy management system. The smart contract established in the permissioned blockchain can be invoked after the deployment is completed. A typical trade in the permissioned blockchain based on Hyperledger Fabric is shown Figure 5.

Client Node
Step 8 Step 8 Step 6

Committer Peer
Step 9

Anchor Peer
Step 5
Step 1. Submit a transaction proposal. After being permissioned to join into the system, the Client Node constructs a transaction proposal. According to the endorsement strategy, the Endorser Peer is selected to execute the transaction proposal and endorses the signature. Under normal circumstances, the execution result of the Endorser Peer is consistent; only the endorsement signature is different.
Step 2. Simulate the implementation of the proposal and endorse. The Endorser Peer verifies after receiving the transaction proposal. After the verification is passed, the Endorser Peer simulates the execution of the chain code's business logic according to the current state database and generates a read/write set. The ledger is not updated in this simulation. The Endorser Peer then signs the read or write set to generate a proposal response and returns it to the application.
Step 3. Collect the transaction endorsement. After the application receives the proposal response, it will permit the signature of the Endorser Peer. If the chain code only performs the operation of query with the ledger, the application only needs to check the query response and does not submit the transaction to the Orderer Node. If the chain code has an invoke operation with the ledger, the transaction needs to be submitted to the Orderer Node to update the ledger.
Step 4. Construct a transaction request and send it to the Orderer Node. After the application has received the signatures of all the Endorser Peers, it calls the software development kit (SDK) to generate the transaction according to the endorsement signature and broadcasts it to the Orderer Node. It is noticed that the endorsement signature would be permissioned by the CA node.
Step 5. Orderer Node orders the transactions and generates blocks. The Orderer Node receives transactions from all channels in the network, reads the transaction envelope to obtain the channel ID, orders the information of the transaction by the receiving time of transactions on each channel, and generates blocks.
Step 6. Orderer Node broadcasts blocks to the Leader Peers. The Orderer Node broadcasts the block which contains the information of the transaction to the Leader Peers of different organizations on the channel.
Step 7. Committer Peers verify the block's content and writes it to the ledger. All Peers are Committer Peers that record the ledger data. After receiving the block generated Step 1. Submit a transaction proposal. After being permissioned to join into the system, the Client Node constructs a transaction proposal. According to the endorsement strategy, the Endorser Peer is selected to execute the transaction proposal and endorses the signature. Under normal circumstances, the execution result of the Endorser Peer is consistent; only the endorsement signature is different.
Step 2. Simulate the implementation of the proposal and endorse. The Endorser Peer verifies after receiving the transaction proposal. After the verification is passed, the Endorser Peer simulates the execution of the chain code's business logic according to the current state database and generates a read/write set. The ledger is not updated in this simulation. The Endorser Peer then signs the read or write set to generate a proposal response and returns it to the application.
Step 3. Collect the transaction endorsement. After the application receives the proposal response, it will permit the signature of the Endorser Peer. If the chain code only performs the operation of query with the ledger, the application only needs to check the query response and does not submit the transaction to the Orderer Node. If the chain code has an invoke operation with the ledger, the transaction needs to be submitted to the Orderer Node to update the ledger.
Step 4. Construct a transaction request and send it to the Orderer Node. After the application has received the signatures of all the Endorser Peers, it calls the software development kit (SDK) to generate the transaction according to the endorsement signature and broadcasts it to the Orderer Node. It is noticed that the endorsement signature would be permissioned by the CA node.
Step 5. Orderer Node orders the transactions and generates blocks. The Orderer Node receives transactions from all channels in the network, reads the transaction envelope to obtain the channel ID, orders the information of the transaction by the receiving time of transactions on each channel, and generates blocks.
Step 6. Orderer Node broadcasts blocks to the Leader Peers. The Orderer Node broadcasts the block which contains the information of the transaction to the Leader Peers of different organizations on the channel.
Step 7. Committer Peers verify the block's content and writes it to the ledger. All Peers are Committer Peers that record the ledger data. After receiving the block generated by the Orderer Node, the Committer Peers verifies the validity of the transaction in the block, submits it to the local ledger, and generates an event about the block, and the application that listens to the block event performs subsequent processing.
Step 8. Leader Peers synchronize the latest blocks within the organization. If the new energy management transaction is invalid, the blocks will also be generated in chronological order, and the system state will not be affected, in that the invalid information will not perform energy scheduling.
Step 9. Block is saved to the ledger, and all value information is distributed and visible to all participants. The privacy-preserving measures of the proposed system include the following four aspects. Firstly, asymmetric cryptography and zero-knowledge proof separate the transaction data, protecting privacy from the underlying algorithm. Secondly, the digital certificate management guarantees the legitimacy of the energy management. Thirdly, the multichannel design separates the information between different channels. Finally, privacy data collection further satisfies the need for the isolation of privacy data between different nodes within the same channel [48].
In general, privacy attacks on microgrids mainly focus on the detailed supply information of power equipment and the energy use behavior of power users; for example, using the power user load curve to confirm when no one is at home. In the Hyperledgerbased energy management, the two most distinctive methods are the channel and privacy data collection. The channel separates the privacy data from the distributed storage data. For example, the PV power generation unit uploads the trading demand to the platform, but does not disclose the equipment model, cash flow, and other energy supply regulars. On the other hand, privacy data collection implements P2P energy trading among permissioned nodes through entity mapping. The real identity of each participant can be seen in all systems, and malicious acts such as stealing privacy will also be exposed. The malicious behavior is eliminated to a certain extent, thereby protecting operation safety and privacy protection of the energy systems. The energy suppliers and users on the channel use the hash value of the private data when sorting and writing the endorsement as evidence of the existence of the transaction and for state validation and auditing.

Case Validation
To verify the feasibility of the proposed method, a privacy-preserving P2P energy management system was carried out for a PV/FC generation microgrid. It was assumed that PV equipment was added to solve the problem of power shortage. Through registering new devices and joining the permissioned blockchain network, as well as the verification and storage of all the information on each node, it was shown that this method has high privacy security. Finally, the new device in plug-and-play mode was simulated to improve energy supply during power shortages, demonstrating the feasibility of the system.

Parameter Setting
The scenario consisted of a set of PV and hydrogen FC microgrid power generation systems, and a typical remote village's electricity Load. The system was composed of PV technology, an electrolytic bath, compressor, tank, FC, and electricity Load. The basic dimensions of power generation equipment were as follows: PV installed capacity was 160 kW, maximum power of the electrolyzer was 50 kW, 10.7 kW for the compressor, 2 m 3 hydrogen tank at 20 bar, and 5 kW FC power. As smart villages become more and more dependent on electricity for agricultural production and daily life, some new power generation equipment has been built to solve the problem of power shortage. It was assumed that an additional PV generating unit with an installed capacity of 75 kW was added to the original microgrid system to provide power for village residents. Therefore, we established a PV/FC microgrid system that can realize electric power interactions based on permissioned blockchain technology. In addition, it focused on demonstrating how to register and join the permissioned blockchain for newly added PV power generation units, and supply power to other units in the system.
In order to facilitate energy management of the system, we divided the original microgrid into PV1, FC, and Load. The FC contained the electrolyzer, compressor, tank, FC device, and other hardware equipment. The newly added PV power generation equipment was named PV2. We set the price of electricity for all PV equipment at USD 0.15 per kWh [49]. Due to the high construction cost of current energy storage equipment, the power generation price of FC was set at USD 0.18 per kWh. The loss of the FC's charge and discharge was 6%. An off-grid microgrid on an island in East China (122.40 • E, 30.10 • N) was utilized for the simulation analysis of the PV equipment. The PV radiation intensity parameters α and β were selected as 0.3 and 8.54, respectively, based on the one-week solar radiation data on the island [50]. The generated output of PV1 and PV2 was calculated, and is shown in Figure 6. device, and other hardware equipment. The newly added PV power generation ment was named PV2. We set the price of electricity for all PV equipment at USD 0 kWh [49]. Due to the high construction cost of current energy storage equipme power generation price of FC was set at USD 0.18 per kWh. The loss of the FC's and discharge was 6%. An off-grid microgrid on an island in East China (122.40° E N) was utilized for the simulation analysis of the PV equipment. The PV radiation sity parameters α and β were selected as 0.3 and 8.54, respectively, based on the on solar radiation data on the island [50]. The generated output of PV1 and PV2 was lated, and is shown in Figure 6.

Deploying the Energy Management Platform
The energy management platform of the PV/FC microgrid was set up on the p sioned blockchain. This paper adopted Hyperledger Fabric, which is a blockcha work, as the system platform. Hyperledger Fabric was originally contributed by IB Digital Asset to the Hyperledger project that was dominated by the Linux founda December 2015. It supports three consensus algorithms, including distributed (Kafka), simple byzantine fault tolerance (SBFT), and single node consensus (Sol The transaction information of each node in Hyperledger is processed by the Orde vice node, sorting several transactions issued at the same time, packaging them into after confirmation, and then handing them to peer nodes to store data. This method the double flower problem, no longer makes miners necessary, and even does not n set a Token.
Hyperledger is one of the typical frameworks of blockchains, which could pro platform for distributed ledgers; it has distributed blocks and ledgers to make dec ized trading by using blockchain technology for the internet of energy. P2P energ agement is an important factor of distributed systems. Therefore, it will suit the ar ture of distributed energy system well [52].
We established a permissioned blockchain named PV&FC Power Chain as t derlying technology framework for energy interaction, as shown in Figure 7. Al contracts in this permissioned blockchain were created on the Hyperledger Fabr form. The smart contract for the PV/FC generation microgrid consisted of thre Nodes, one CA Node, and an Order Node. Peer Nodes are used to process blocks o

Deploying the Energy Management Platform
The energy management platform of the PV/FC microgrid was set up on the permissioned blockchain. This paper adopted Hyperledger Fabric, which is a blockchain network, as the system platform. Hyperledger Fabric was originally contributed by IBM and Digital Asset to the Hyperledger project that was dominated by the Linux foundation in December 2015. It supports three consensus algorithms, including distributed queue (Kafka), simple byzantine fault tolerance (SBFT), and single node consensus (Solo) [51]. The transaction information of each node in Hyperledger is processed by the Orderer service node, sorting several transactions issued at the same time, packaging them into blocks after confirmation, and then handing them to peer nodes to store data. This method solves the double flower problem, no longer makes miners necessary, and even does not need to set a Token.
Hyperledger is one of the typical frameworks of blockchains, which could provide a platform for distributed ledgers; it has distributed blocks and ledgers to make decentralized trading by using blockchain technology for the internet of energy. P2P energy management is an important factor of distributed systems. Therefore, it will suit the architecture of distributed energy system well [52].
We established a permissioned blockchain named PV&FC Power Chain as the underlying technology framework for energy interaction, as shown in Figure 7. All smart contracts in this permissioned blockchain were created on the Hyperledger Fabric platform. The smart contract for the PV/FC generation microgrid consisted of three Peer Nodes, one CA Node, and an Order Node. Peer Nodes are used to process blocks of data, approve transfers, update and maintain ledger status, and verify identities. The nodes deployed and performed included PV1, Load and FC. The CA Node is a public key infrastructure and manages all certificates in the system, and it is functional node that the blockchain platform permits access to new equipment. The Order Node is responsible for processing all transactions in the system and maintaining the structure of the blockchain. Through deploying the energy management platform, the generation and power equipment of the microgrid system can interact with data and power. approve transfers, update and maintain ledger status, and verify identities. The nodes deployed and performed included PV1, Load and FC. The CA Node is a public key infrastructure and manages all certificates in the system, and it is functional node that the blockchain platform permits access to new equipment. The Order Node is responsible for processing all transactions in the system and maintaining the structure of the blockchain. Through deploying the energy management platform, the generation and power equipment of the microgrid system can interact with data and power.

Deploying PV2 Addition
The next step was to permit PV2 to the existing smart contracts in plug-and-play mode, and realize the P2P energy management of PV2 and other Peer Nodes. These works were carried out in the following steps, including the registration and permission of PV2, dispatching instructions of electric power, traceability of transaction information, and so on. We discuss how to interact data by means of smart contracts and operate the system through a user interface (UI) in a step-by-step process, as visualized in Figures 8-10. 1. Register and permit a new power generating unit.
The permissioned blockchain that has been deployed contained only one PV power generation unit. We then registered and permitted a new PV Peer Node named PV2. PV2 obtained a specific account through PV&FC Power Chain which was the user's permanent identity. Figure 8a shows the key computer code for new users to join the system, and Figure 8b demonstrates the UI of PV2 registration and verification. ID information of PV2 was separated from entity authentication by means of an entity mapping protocol and zero knowledge proof. It should be noted that the behaviors of voting by person and penalizing by address could be recorded, but only the CA Node can refer to private information, such as entity mapping for PV2.

Users create new power dispatch instructions.
Take the power dispatch in the PV/FC generation microgrid as an example: at 12:00-13:00, there was 8.4 kWh of power energy demand. We ordered PV2 to supply electricity power to Load, and the electricity was represented by the virtual currency Token, assuming the value of 1 coin per kWh. Figure 9a,b illustrate the key procedure codes and UI for

Deploying PV2 Addition
The next step was to permit PV2 to the existing smart contracts in plug-and-play mode, and realize the P2P energy management of PV2 and other Peer Nodes. These works were carried out in the following steps, including the registration and permission of PV2, dispatching instructions of electric power, traceability of transaction information, and so on. We discuss how to interact data by means of smart contracts and operate the system through a user interface (UI) in a step-by-step process, as visualized in Figures 8-10. this dispatching strategy. The scheduling instruction time and power load can be set according to the actual needs. These transact anonymously using the verification and credentials, and the trusted consensus nodes that have been elected in the blockchain network verify the transaction to determine execution or rejection. In this scenario, power distribution network and energy regulatory agency could be the trusted consensus nodes.

Search and extract historical information.
All the power dispatching and transaction information can be compiled by cryptography. There is complete decentralization inside permissioned blockchains, and all data are confirmed and stored on each Peer, which makes the system have high information security. In Figure 10, we queried the power dispatching information of PV2 during a certain historical period. Each type of transaction information has a specific Transaction ID for easy query and translation. The traceability of data information enables the recording of power energy transactions and facilitates the settlement of costs in the microgrid system.

Simulation and Results
The physical layer of this scenario is visualized in Figure 2; each main unit involved in the system required a computer. These computers can act as agents of machines to transfer and process data in the blockchain network and display them visually on the monitor. In this section, the physical machines were replaced by dynamic physical simulations in TRNSYS.
TRNSYS is a complete and extensible simulation environment for the transient simulation of systems, including multi-zone buildings. It is used by engineers and researchers around the world to validate new energy concepts. It is well suited to the detailed analysis of any system whose behavior depends on the passage of time. The main applications include solar thermal and PV systems, low energy buildings, heating ventilation air conditioning systems, renewable energy systems, cogeneration, and FC systems [53].

Simulation and Results
The physical layer of this scenario is visualized in Figure 2; each main unit involved in the system required a computer. These computers can act as agents of machines to transfer and process data in the blockchain network and display them visually on the monitor. In this section, the physical machines were replaced by dynamic physical simulations in TRNSYS.
TRNSYS is a complete and extensible simulation environment for the transient simulation of systems, including multi-zone buildings. It is used by engineers and researchers around the world to validate new energy concepts. It is well suited to the detailed analysis of any system whose behavior depends on the passage of time. The main applications include solar thermal and PV systems, low energy buildings, heating ventilation air conditioning systems, renewable energy systems, cogeneration, and FC systems [53]. Register and permit a new power generating unit.
The permissioned blockchain that has been deployed contained only one PV power generation unit. We then registered and permitted a new PV Peer Node named PV2. PV2 obtained a specific account through PV&FC Power Chain which was the user's permanent identity. Figure 8a shows the key computer code for new users to join the system, and Figure 8b demonstrates the UI of PV2 registration and verification. ID information of PV2 was separated from entity authentication by means of an entity mapping protocol and zero knowledge proof. It should be noted that the behaviors of voting by person and penalizing by address could be recorded, but only the CA Node can refer to private information, such as entity mapping for PV2.

2
Users create new power dispatch instructions.
Take the power dispatch in the PV/FC generation microgrid as an example: at 12:00-13:00, there was 8.4 kWh of power energy demand. We ordered PV2 to supply electricity power to Load, and the electricity was represented by the virtual currency Token, assuming the value of 1 coin per kWh. Figure 9a,b illustrate the key procedure codes and UI for this dispatching strategy. The scheduling instruction time and power load can be set according to the actual needs. These transact anonymously using the verification and credentials, and the trusted consensus nodes that have been elected in the blockchain network verify the transaction to determine execution or rejection. In this scenario, power distribution network and energy regulatory agency could be the trusted consensus nodes. 3 Search and extract historical information.
All the power dispatching and transaction information can be compiled by cryptography. There is complete decentralization inside permissioned blockchains, and all data are confirmed and stored on each Peer, which makes the system have high information security. In Figure 10, we queried the power dispatching information of PV2 during a certain historical period. Each type of transaction information has a specific Transaction ID for easy query and translation. The traceability of data information enables the recording of power energy transactions and facilitates the settlement of costs in the microgrid system.

Simulation and Results
The physical layer of this scenario is visualized in Figure 2; each main unit involved in the system required a computer. These computers can act as agents of machines to transfer and process data in the blockchain network and display them visually on the monitor. In this section, the physical machines were replaced by dynamic physical simulations in TRNSYS.
TRNSYS is a complete and extensible simulation environment for the transient simulation of systems, including multi-zone buildings. It is used by engineers and researchers around the world to validate new energy concepts. It is well suited to the detailed analysis of any system whose behavior depends on the passage of time. The main applications include solar thermal and PV systems, low energy buildings, heating ventilation air conditioning systems, renewable energy systems, cogeneration, and FC systems [53].
According to the energy usage characteristics of general residential areas, a typical daily supply load was set. There are two electricity consumption peaks in the day: in the morning to noon for agricultural production, and in the evening for life needs. Based on the energy management system and the operation strategies of PV and FC, the daily operation data of the original basic microgrid system and PV2 added to the microgrid were simulated, respectively. Figure 10 provides the operation before and after the addition of PV2 to the system. The original microgrid power generation system could not meet the demand, and the residential area was short of electricity by 101 kWh during the day, as shown in Figure 11a. After the newly built PV2 was added to the original microgrid system in plug-and-play mode, the power shortage phenomenon was effectively reduced, which is shown in Figure 11b. By simulation and calculation, the power shortage problem was reduced by nearly 70% after the addition of the PV2 generating units to the system. According to the energy usage characteristics of general residential areas, a typical daily supply load was set. There are two electricity consumption peaks in the day: in the morning to noon for agricultural production, and in the evening for life needs. Based on the energy management system and the operation strategies of PV and FC, the daily operation data of the original basic microgrid system and PV2 added to the microgrid were simulated, respectively. Figure 10 provides the operation before and after the addition of PV2 to the system. The original microgrid power generation system could not meet the demand, and the residential area was short of electricity by 101 kWh during the day, as shown in Figure 11a. After the newly built PV2 was added to the original microgrid system in plug-and-play mode, the power shortage phenomenon was effectively reduced, which is shown in Figure 11b. By simulation and calculation, the power shortage problem was reduced by nearly 70% after the addition of the PV2 generating units to the system. The PV&FC Power Chain was built on the permissioned blockchain platform; thus, the power data were verified and stored on all nodes. Electricity supply side and demand side carried out the transaction calculations of electricity charges according to the agreed price. They conducted P2P transactions without the involvement of third-party interme- The PV&FC Power Chain was built on the permissioned blockchain platform; thus, the power data were verified and stored on all nodes. Electricity supply side and demand side carried out the transaction calculations of electricity charges according to the agreed price. They conducted P2P transactions without the involvement of third-party intermediaries. According to the simulated one-day electricity data, before and after the increase in PV2, Load needed to pay electricity charges, as shown in Table 2. In addition, the energy management method has some advantages of blockchain smart contracts. One advantage is that it can reduce the number of operators and has a low operating cost. In Table 3, the personnel costs of the traditional method and PV&FC Power Chain are compared during the operation and scheduling of a microgrid. In the traditional PV/FC system, it is necessary to set up a post of operation to manage and monitor the system 24 h a day, which requires three technicians to take turns on duty. Generally, for simple microgrid systems in remote areas, operating technicians can also serve as electricity transaction and settlement staff. Therefore, in the traditional method, there is no need to add additional staff solely responsible for transactions and settlement. In the method of PV&FC Power Chain, it is theoretically necessary to set up only one person for trade settlements and monitor the operation of the system regularly. The new method reduces the involvement of two staff members compared with the traditional method, and, estimated at an annual staff wage cost of USD 15,000, the personnel cost savings of the proposed energy management method is 30,000 USD/year. The renewable energy microgrid system constructed in this scenario had a simple structure and contained few power generation and consumption units. Therefore, this method did not reduce large numbers of operators, but in more complex microgrid systems, the reduction in operating costs will be more obvious. Moreover, because data in the blockchain can be traced back and cannot be tampered with, it theoretically eliminates the smart meter in the microgrid system. However, with the progress of technology, the cost of smart meters has been very low. As a result, this paper did not consider the economic benefits brought by smart meters.

Conclusions
In order to reduce the credit cost of energy management in a renewable energy microgrid, a privacy-preserving P2P mode based on permissioned blockchain was established. According to the blockchain technology, a model of permissioned blockchain was proposed first. A typical renewable energy microgrid is divided into three layers, which includes a set of PV units and hydrogen FC. The executive layer realizes the decentralized information and power interaction based on permissioned blockchain technology. The effectiveness and validity of the proposed methodology have been demonstrated by adding new equipment to the microgrid system through the permission mechanism. Therefore, the proposed energy management model has the permission mechanism to guarantee the information security and privacy protection of the system. Moreover, through simulation and calculation, the proposed method based on permissioned blockchain network can promote plug-andplay of power generation equipment, and improve the scalability of microgrid systems.
Due to the large amount of electricity transactions, it would cause huge losses when users' privacy is threatened. The energy blockchain technology with privacy protection is in its infancy, and many problems remain to be solved. Firstly, with the development of mathematics, cryptography, and quantum computing technology, the asymmetric encryption mechanism of blockchains would become more vulnerable, and the way to hide identities through encryption algorithms becomes more insecure. Secondly, the application of laws and regulations also needs to be continuously improved. The blockchain development has conflicts with the existing legal system to a large extent. Moreover, the blockchain transaction throughput needs to be improved to cope with the increasingly large-scale distributed energy system. The throughput of the current mainstream blockchain platform cannot meet the needs of a large number of energy users for real-time transactions.
The proposed energy management framework can be utilized in distributed energy systems, especially if applicable to decentralized renewable energy microgrids. Further studies will focus on the permissioned blockchain technology and applying it into the integrated energy system, in a scenario of multiple energy interactions, to show its wider applicability. In addition, there are many fields to explore using blockchains, such as the application of public and private keys, smart contracts, side chain development, and so on. It is hoped that the future research in blockchain technology can induce greater vitality to the power industry.