Proxy Signature-Based Management Model of Sharing Energy Storage in Blockchain Environment

: Sharing energy storage (SES) is a novel business model in order to increase the proﬁts and improve the utilization rate of idle energy storage facilities. On the other hand, blockchains can be competently applied in the transaction and operation of SES because of distributed network architecture, traceability and tamper proof. In this paper, a management model of SES based on proxy signatures in the blockchain environment is proposed. Many management models including the principal-agent model are analyzed for SES in terms of beneﬁt, cost, resources, and so on. Moreover, a blockchain framework and a typical transaction process of SES is presented. Finally, a proxy signature mechanism based on the ElGamal algorithm is proposed in order to address the problem that the signature power of nodes cannot be transferred on blockchains. Simulation results show that the proposed proxy signature mechanism can achieve the delegation of digital signature power under the premise of security and reliability, which is suitable for the management model of SES on blockchains.


Introduction
With the increase in renewable energy sources (RESs) such as wind turbines and photovoltaic generation, massive amounts of clean energy are supplied to users all over the country, reducing carbon dioxide emissions and slowing down fossil energy consumption significantly [1]. However, the security and stability of power systems are worsening because of the intermittent, highly erratic and weather-dependent characteristics of RESs [2,3]. On the other hand, China has put forward rigid requirements for the consumption rate of RESs in each province in order to accelerate the energy transformation and stimulate the development of RESs' industry chain [4]. To address the above problems, energy storage systems are employed to provide a reliable solution [5,6]. By the end of 2019, the total installed capacity of China's energy storage projects reached 32.4GW, of which the installed capacity of electrochemical energy storage was 1706.9 MW, with a year-on-year increase of 59.4%.
Although the development of energy storage technology and related projects is extremely rapid, the return on investment in energy storage projects is not optimistic because of the smaller price difference of peak and valley electricity, the developing and incomplete electricity ancillary service market and the lower utilization rate. In this situation, sharing energy storage (SES) will be a novel business model in the energy storage field, improving the utilization rate of idle energy storage resources and making profits in a competitive market. In [7], based on a sharing economy, a new

Basic Concept and Characteristics of SES
SES is not a novel energy storage technology akin to superconducting the magnetic energy storage or Li-Ion batteries, but a business model based on a sharing economy for energy storage technology. Under this model, suppliers, owners of idle energy storage resources, could transfer the right to use the resources to demanders. The suppliers obtain the improved utilization rate of the idle resources and additional economic profits, and the demanders create greater value by using the energy storage resources. Consequently, total social welfare is improved.
There are three types of resources that can be shared as follows: • Energy storage technologies and facilities: With the permission of policy and technology, the idle energy storage resources based on different kinds of technologies (mechanical storage, electrochemical storage or electrical storage) can all be shared and provide services to demanders. • Energy storage application scenarios: According to the location and function of energy storage facilities, the application scenarios are classified into three types: power generation side, grid side and user side. The energy storage facilities in these scenarios can all be shared. For example, a wind farm can store electricity either in the SES facilities on the power generation side or the facilities on the user side, which depends on the cost of use. Moreover, the energy storage resources from different scenarios could be integrated as a whole to provide sharing services. • Energy storage product form: Electric energy is the main product form for SES because energy storage facilities are shared to store or release electric energy. Otherwise, the service provided by energy storage is also a sharing product. For example, the peak regulation service of several RESs could be provided by an SES facility. Information is a by-product in the sharing process of energy storage resources.
A basic framework of SES is shown in Figure 1. It can be seen that the SES is made up of one or more energy storage facilities within a certain range. The electricity from centralized or distributed generation will be stored in SES facilities through the power network when wind and solar curtailment happens or power generation exceeds its planned output. Moreover, SES can also purchase electricity from power companies when electricity price is low. In the discharge mode, SES simultaneously releases the stored electricity to different users such as residential users, industrial users and power plants. For SES, the existing energy storage functions and profit models, such as peak-valley price arbitrage, smoothing generation curve and power auxiliary service, can be realized in a sharing way.

Basic Concept and Characteristics of SES
SES is not a novel energy storage technology akin to superconducting the magnetic energy storage or Li-Ion batteries, but a business model based on a sharing economy for energy storage technology. Under this model, suppliers, owners of idle energy storage resources, could transfer the right to use the resources to demanders. The suppliers obtain the improved utilization rate of the idle resources and additional economic profits, and the demanders create greater value by using the energy storage resources. Consequently, total social welfare is improved.
There are three types of resources that can be shared as follows:  Energy storage technologies and facilities: With the permission of policy and technology, the idle energy storage resources based on different kinds of technologies (mechanical storage, electrochemical storage or electrical storage) can all be shared and provide services to demanders.  Energy storage application scenarios: According to the location and function of energy storage facilities, the application scenarios are classified into three types: power generation side, grid side and user side. The energy storage facilities in these scenarios can all be shared. For example, a wind farm can store electricity either in the SES facilities on the power generation side or the facilities on the user side, which depends on the cost of use. Moreover, the energy storage resources from different scenarios could be integrated as a whole to provide sharing services.  Energy storage product form: Electric energy is the main product form for SES because energy storage facilities are shared to store or release electric energy. Otherwise, the service provided by energy storage is also a sharing product. For example, the peak regulation service of several RESs could be provided by an SES facility. Information is a by-product in the sharing process of energy storage resources.
A basic framework of SES is shown in Figure 1. It can be seen that the SES is made up of one or more energy storage facilities within a certain range. The electricity from centralized or distributed generation will be stored in SES facilities through the power network when wind and solar curtailment happens or power generation exceeds its planned output. Moreover, SES can also purchase electricity from power companies when electricity price is low. In the discharge mode, SES simultaneously releases the stored electricity to different users such as residential users, industrial users and power plants. For SES, the existing energy storage functions and profit models, such as peak-valley price arbitrage, smoothing generation curve and power auxiliary service, can be realized in a sharing way.

Management Model of SES
The essence of a sharing economy is the separation of ownership and use rights of goods, and temporary transfer of the use rights. Therefore, an SES market is necessary to provide a platform for matching, bidding and trading between supply and demand sides. Suppliers need to quantify and commercialize idle energy storage resources, which will be traded to demanders in the market. Demanders purchase the use rights of idle energy storage resources from the market and utilize the resources in real time or in a specified period of time. It is worth mentioning that the SES market can rely on the existing power market and its platform or build a special market where only the use rights of SES are traded.
All the owners of idle energy storage resources constitute the supply side of the SES market. According to the scale of resources, cost and management ability, the management model of SES can be classified into two categories: a self-operation model and principal-agent model.
• Self-operation model: In this model, the owners of idle energy storage resources directly participate in the market as an independent market entity. They are personally responsible for the market behaviors including bidding or pricing, credit behavior, signing and executing contracts, and so on. Moreover, the cost of labor and equipment, the obligations of market entities as well as the market risk are borne by the owners. Meanwhile, they will enjoy all the profits from the transactions of SES. Based on the above characteristics, this model is more suitable for the owners with large-scale energy storage facilities. Firstly, they possess sufficient technicians and information resources to maintain the competitiveness in the market. Moreover, the energy storage resources controlled by them can meet the market access conditions for energy storage according to the operating rules of the power market in China, which could obtain better profit prospects from it. • Principal-agent model: In this model, the owners of energy storage resources delegate the agents to participate in the market on their behalf. The agents can exercise the rights of the principals in the market and complete the market behaviors. On the basis of the delegated scope, there are two types of principal-agent model-i.e., full delegation and partial delegation. The ownership of energy storage resources belongs to the owners, but the management rights, including operation, maintenance, personnel management and market transactions, are transferred to the agents in the full delegation relationship. In this paper, partial delegation only refers to the delegation of transaction rights to the agents. The full delegation model has been applied in some railway enterprises in China [29]; however, the partial delegation model is common in the financial field. On the other hand, the one-to-one model and many-to-one model are also two types of principal-agent model according to the number and relationship of principals and agents. The difference between these two models is that the resources controlled by an independent market entity from one owner or many owners.
For SES, the agents in the principal-agent model can be defined as sharing energy storage operators (SESOs). Compared with most of the owners, the advantages of SESOs include more professional and experienced market traders, superior information systems and more improved databases. Moreover, the small-scale idle energy storage resources can be aggregated by SESOs to meet the market access conditions. Through the agent of SESOs, the owners reduce expenditures on management, labor, equipment and transaction costs, and may obtain more profits from the market than independent operation. SESOs charge owners who delegate them a certain percentage of management fees. Based on the above characteristics, the principal-agent model is more suitable for the owners with small-scale energy storage facilities, as well as the owners who lack the experience and ability to trade in the market.
A flowchart for selecting the appropriate management model of SES is shown in Figure 2. The owners can select the right management model considering the energy storage scale, budget cost, profit expectation, management ability and market rules. As shown in Figure 2, firstly, the energy storage resources held by the owner are checked, and one or more target markets to participate in are chosen according to the scale and type of energy storage resources and the requirements of the owner. In addition, the budget cost and management capacity of human resources and facilities of the owner are evaluated to assist the decision-making of the management model. Moreover, the rules of energy storage facilities for the target markets are analyzed and the market access conditions for the given types of energy storage resources can be obtained. If the energy storage of the owner cannot meet the access conditions, the owner needs to participate in the markets jointly with other owners of small-scale energy storage resources under the aggregation of an SESO. The owner can delegate all the management rights to the SESO provided his budget cost and management capacity is insufficient-i.e., the many-to-one full delegation model is selected. Otherwise, the owner can select the many-to-one partial delegation model where only the transaction rights are delegated to the SESO. On the other hand, if the energy storage of the owner can meet the access conditions, the owner can participate in the markets as an independent market entity. Provided that the owner is a mature operator who has a sufficient budget, management capacity, market experience and information sources, the self-operation model is suitable for him due to the higher profit expectation. Otherwise, the one-to-one full delegation model and the one-to-one partial delegation model can be selected according to the evaluation of the above indexes for the owner.
Appl. Sci. 2020, 10, x FOR PEER REVIEW 5 of 19 In addition, the budget cost and management capacity of human resources and facilities of the owner are evaluated to assist the decision-making of the management model. Moreover, the rules of energy storage facilities for the target markets are analyzed and the market access conditions for the given types of energy storage resources can be obtained. If the energy storage of the owner cannot meet the access conditions, the owner needs to participate in the markets jointly with other owners of smallscale energy storage resources under the aggregation of an SESO. The owner can delegate all the management rights to the SESO provided his budget cost and management capacity is insufficienti.e., the many-to-one full delegation model is selected. Otherwise, the owner can select the many-toone partial delegation model where only the transaction rights are delegated to the SESO. On the other hand, if the energy storage of the owner can meet the access conditions, the owner can participate in the markets as an independent market entity. Provided that the owner is a mature operator who has a sufficient budget, management capacity, market experience and information sources, the self-operation model is suitable for him due to the higher profit expectation. Otherwise, the one-to-one full delegation model and the one-to-one partial delegation model can be selected according to the evaluation of the above indexes for the owner.

Blockchain Background
A blockchain is a decentralized and distributed database, which is maintained collectively by the nodes on the blockchain. A blockchain is a collection of many basic technologies, such as a blockchain data structure, distributed storage, consensus mechanism, cryptography and smart

Blockchain Background
A blockchain is a decentralized and distributed database, which is maintained collectively by the nodes on the blockchain. A blockchain is a collection of many basic technologies, such as a blockchain data structure, distributed storage, consensus mechanism, cryptography and smart contracts. All affairs in a period of time are stored in a block, and these blocks are connected to a chain data structure in chronological order [14]. The hash of the previous block and Merkle root produced by cryptography, bytes version and time stamp constitute the header of the current block. The characteristics of tamper proof and traceability are determined by the blockchain data structure. Distributed storage means that the database is replicated and copied onto all the nodes of the blockchain, where the security and stability of the blockchain system is guaranteed even if a single point of failure occurs because of both technical failures and malicious attacks [14,17]. In addition, the nodes must reach an agreement on which the transactions and data are verified to guarantee that there will be no corrupt branches and divergences. Therefore, the uniformity of the distributed database is achieved by a consensus mechanism, providing a trustworthy system for decentralized nodes [15]. Asymmetric cryptography is the base of the encryption/decryption method and digital signature, bringing authentication, integrity and non-repudiation into blockchains [16]. Smart contracts are a kind of computer protocol which aims to spread, verify and execute contracts by means of information. With smart contracts, a contract can be automatically executed when the preset conditions are completed, reducing the transaction cost related to contracts [30].

Blockchain Framework of SES
As a novel information technology, blockchains are not a panacea that deal with all existing problems. The reason for applying blockchains in a scenario is that blockchains have more advantages and a lower cost in this scenario, compared with other technologies. Therefore, the compatibility between blockchains and SES is as follows.
First of all, the supply side and the demand side are, respectively, composed of energy storage resources and demanders with different locations, types and capacities. Therefore, SES is a distributed energy network, which is consistent with the distributed and decentralized characteristics of blockchains. In a blockchain, the participants of SES can act as a node to maintain the distributed database with other nodes. The distributed database is more fault-resistant and reliable than the centralized one, and every participant has a database backup locally.
Secondly, the demands of SES for fairness, equality and trust can be met by blockchains. According to organizational relation, the SES market is classified into two types: a center-dominated type and decentralized type. For example, the peak regulation market, where SES resources accommodate wind and solar power from different centralized power plants, is dominated by the power grid in China [31]. Under these circumstances, the power grid and other dominant institutions can issue a security statement by using blockchains. The security statement demonstrates that the market is fair and equal through the disclosure and sharing of key information on the blockchain. Although their power will be limited, the trust of the institutions from participants and regulators is improved. On the other hand, the SES market on the user side includes a large number of participants. The status and authority of these participants are equal, and therefore this market is decentralized. Blockchains realize the mutual balance and trust among the participants in a multiparty governance mode, even if the participants do not know each other or are even competitors.
Thirdly, the efficient, reliable and safe sharing process of energy storage can be achieved by blockchains. In a platform based on traditional information technologies, it is only a digital medium of the off-line trade. The signing, auditing and executing of contracts, a key step in transactions, still need tedious and time-consuming manual processing, which delays the time of completing a transaction and introduces many human factors that may affect fairness. However, smart contracts are utilized in blockchains to execute the procedure without human intervention. Moreover, blockchains can provide smart contracts with a reliable environment. The use of smart contracts improves the transaction efficiency and reduces the labor cost because the contracts execute automatically once the preset conditions are completed. Except for smart contracts, cryptography tools are another key element in the transaction process, protecting privacy while ensuring information can be verified.
A blockchain framework of SES is shown in Figure 3. It can be seen that the blockchain framework consists of a basis layer, core layer, service layer, user layer and cross-layer function. Moreover, a typical transaction process of SES is presented based on the user layer. The transaction process is composed of the following stages: S3: Transaction checking. In this stage, the matching results are submitted to the checking nodes which belong to a power dispatching organization or an exchange center. Security checking is completed by the nodes, which modify or cancel the matching results which violate line flow. The final matching results are recorded in electronic contracts. This stage can be integrated into the first two stages for a highly decentralized market.
S4: Transaction executing. In this stage, the transaction is executed by participants according to the matching results. The demanders remotely utilize the purchased energy storage resources within a prescribed period. Meanwhile, the suppliers provide the energy storage services that meet the demands. During execution, the power data of demanders and suppliers are submitted to the blockchain by smart meters, which is credible, tamper proof and traceable.
S5: Transaction settlement. In this stage, the transaction is settled in the light of the power data stored in the blockchain. The indicators for evaluating the service effect include the error between supply and demand curves, the average response time of the supplier for the instructions from demanders and the contract performance by participants. Finally, the settlement amount is computed and sent to participants by using smart contracts, representing the end of an SES transaction.

Digital Signature on Blockchains
On a blockchain, the off-line participants of SES are mapped as the nodes. Therefore, the operations of a node, such as information issuing, bidding, data querying and contract signing, have the same legal effect as that of the corresponding off-line participant in the market. In this case, it is crucial for a node to obtain the reliable on-line encrypted identity and authenticate the identity of the information received from other nodes. A digital signature is an important technology to identify information in the digital age and it is also applied in blockchains.
The basis of a digital signature is digital digest and asymmetric encryption. A message is transferred into a fixed length message digest by digital digest technology, and asymmetric S1: Information issuing. In this stage, the participants issue the information about the SES transactions on blockchains. For example, suppliers or demanders can submit the number of the idle energy storage resources in the future and their price. Power grids can issue peak regulation information the next time to make participants understand the state of this market.
S2: Transaction matching. In this stage, the supplies and demands are matched based on the market rules and states. More factors, such as power loss, geographical location and facility performance, may be considered in the matching strategy compared to other types of power markets. The smart contract is applied in transaction matching to improve the matching efficiency and maintain the fairness of matching results. A matching result consists of the names of a supplier and a demander, the number and price of energy storage resources as well as the usage period.
S3: Transaction checking. In this stage, the matching results are submitted to the checking nodes which belong to a power dispatching organization or an exchange center. Security checking is completed by the nodes, which modify or cancel the matching results which violate line flow. The final matching results are recorded in electronic contracts. This stage can be integrated into the first two stages for a highly decentralized market.
S4: Transaction executing. In this stage, the transaction is executed by participants according to the matching results. The demanders remotely utilize the purchased energy storage resources within a prescribed period. Meanwhile, the suppliers provide the energy storage services that meet the demands. During execution, the power data of demanders and suppliers are submitted to the blockchain by smart meters, which is credible, tamper proof and traceable.
S5: Transaction settlement. In this stage, the transaction is settled in the light of the power data stored in the blockchain. The indicators for evaluating the service effect include the error between supply and demand curves, the average response time of the supplier for the instructions from demanders and the contract performance by participants. Finally, the settlement amount is computed and sent to participants by using smart contracts, representing the end of an SES transaction.

Digital Signature on Blockchains
On a blockchain, the off-line participants of SES are mapped as the nodes. Therefore, the operations of a node, such as information issuing, bidding, data querying and contract signing, have the same legal effect as that of the corresponding off-line participant in the market. In this case, it is crucial for a node to obtain the reliable on-line encrypted identity and authenticate the identity of the information received from other nodes. A digital signature is an important technology to identify information in the digital age and it is also applied in blockchains.
The basis of a digital signature is digital digest and asymmetric encryption. A message is transferred into a fixed length message digest by digital digest technology, and asymmetric encryption technology is used to encrypt the message digest. In fact, the digital digest technology is hash functions, transferring the information of any length into a fixed length message digest which is hard to restore to the original information. Due to the very low collision probability, it can be considered that the two pieces of original information should be the same if their message digests are the same. This feature can be used to compare the consistency of information. Therefore, information tampering is effectively prevented and the security is ensured.
Asymmetric encryption, also known as a two-key system, consists of a pair of keys-i.e., a public key and private key. A node has a private key firstly, and then a public key is generated by a function and the private key. The public key also includes the information of random variables except for the private key. Therefore, the private key cannot be obtained by cracking a public key though the public key is public to all. On the other hand, a pair of complementary algorithms is defined in the digital signature-i.e., encryption algorithm for the signature and decryption algorithm for verification. When one of the public or private keys is used to sign for the message digest by the encryption algorithm, the other one is used to verify the signed message by the decryption algorithm. In the process, the message that is not signed by the target node cannot be validated by the received node, and the integrity and reliability of the message can be confirmed.
According to the aforementioned principles, the basic characteristics of digital signatures are obtained easily. Firstly, the message cannot be modified after it has been signed. Secondly, all nodes receiving the message can confirm the signer's identity according to the digital signature because of the uniqueness and complementarity of the key pair. Thirdly, the signer cannot deny the message signed by him-i.e., the signature is undeniable. Finally, it is difficult for anyone else to forge the digital signature of the legal signer. In conclusion, digital signatures can replace the traditional handwritten signature and be sealed in the blockchain environment, representing recognition with a legal effect for messages. The key pair is the identity of nodes on blockchains.

Proxy Signature Method Based on ElGamal Algorithm
On a blockchain of the SES market, the participants orderly exercise their own rights through their digital signature. Unlike other participants, the rights of SESOs mainly come from the owners who delegate them, so SESOs need to use the corresponding digital signature to exercise the rights of an owner. However, the private key is the most important thing for nodes on blockchains because anyone who acquires the private key may abuse the rights of nodes. The private key is to the node as a password is to a bank account. Therefore, it is impossible for SESOs to directly utilize the digital signature of the node. In order to address the above problem, a proxy signature mechanism is proposed to achieve the delegation of digital signature power in a secure environment. By using a proxy signature mechanism, a node called the original signer can delegate its digital signature power to another node called the proxy signer. The proxy signer can generate the digital signature on behalf of the original signer-i.e., a proxy signature.
A basic protocol of proxy signatures is presented in [28], and the original signature scheme is kept unchanged. Therefore, a proxy signature mechanism based on the basic protocol and ElGamal algorithm is proposed in this paper, and its flowchart is shown in Figure 4. It can be seen that the proxy signature mechanism consists of the following four parts: Appl. Sci. 2020, 10, x FOR PEER REVIEW 11 of 19 Except for the basic characteristics of digital signatures, the proxy signature mechanism has some unique characteristics.
Unforgeability of proxy signatures: Except for the proxy signature, anyone including the original signer cannot generate valid proxy signature because of the confidentiality for r.
Distinguishability of proxy signatures: A proxy signature is different from an ordinary digital signature of the original signer because the proxy signature (R, s, K) adds K, a part of the proxy key, compared to the ordinary signature. In addition, the proxy signatures from several proxy signers are easy to be distinguished due to the difference of K.
Identifiability of proxy signer: An original signer can determine the identity of the 1. Initialization. The parameters of the signature mechanism and the key pair of the node are determined in this stage.
The first parameter to be determined is p, a large prime number. The range of p can be selected by considering encryption bits. The ElGamal algorithm is based on the discrete logarithm problem over prime fields, which is not solved in polynomial time if p is a large enough prime number [32]. For example, if p is a prime number of 256 bits, the discrete logarithm based on the p needs more than 10 19 operations to be solved by Pollard's rho algorithm, a recognized optimal algorithm, whose time complexity is O(p 1/4 ), for computing discrete logarithms [33]. At present, the prime number p is 1024 bits or even 2048 bits in industrial applications, and therefore the solving time for the discrete logarithm is astronomical even if supercomputers are used.
The variable g less than p is a generator of Z * p . Z * p is a multiplicative group of integers modulo p and Z * p = g 1 ≤ g ≤ p − 1, gcd(g, p) = 1 , where gcd( ) is a function of computing the greatest common divisor between two numbers. For each b from 1 to p-1, there exist an a where g a ≡ b (mod p). It is difficult for a large prime number to select generators. Therefore, a large safe prime p (p and q= (p − 1)/2 are all the primes) is selected in order to obtain the generators easily because p-1 has only two factors-i.e., 2 and q. If g 2 (mod p and g q (mod p) are not equal to 1, then g is a generator. p and g are the system parameters of the proxy signature mechanism.
Next, a private key x is freely selected as follows: Then, the corresponding public key y can be obtained as follows: The public key y, p and g constitute a group (y, p, g), which is public to all and used to verify that the owner of the public key has signed the message.
2. Delegation of digital signature power. In this stage, the digital signature power of the original signer is delegated to a proxy signer.
A random number k is generated by the original signer, and a proxy key is computed as follows: where (K, δ) is the proxy key of the original signer. The original signer gives the proxy key (K, δ) to the proxy signer. Then, a congruence is checked by the proxy signer as follows: If (K, δ) passes the congruence equation, the proxy signer accepts it as a valid delegation. Otherwise, the proxy key is rejected, and a new proxy key generated by the original signer is sent to the proxy signer, or this protocol is stopped. Once the proxy signer accepts the delegation of original signer, the principal-agent relationship and K will be multicast to other nodes.
3. Generation of proxy signature. A proxy signature is generated by the proxy signer. The proxy signature represents the recognition of the original signer for the signed message.
Firstly, the hash of a message to be signed is computed by a specified hash function as follows: where m is the message to be signed; H denotes the hash function; M is the hash of m, and also the message digest. Moreover, a random number r is selected by the proxy signer, and the proxy signature for m is computed as follows: 0 <r < p r ∈ Z (8) where R and s are the part of the proxy signature, which constitute a complete proxy signature (R, s, K) with K. r −1 is the multiplicative inverse modulo of r, and it can be computed by an extended Euclidean algorithm. Finally, the proxy signature is sent to verification nodes with m. 4. Verification of proxy signature. The proxy signature is verified by the nodes which receive the message.
Once the nodes receive the message m and the proxy signature (R, s, K), a new key v corresponding to the proxy signature can be computed as follows: The verification of the proxy signature is achieved by the following equation.
where Ver(Public key, Digital signature, Message) is the verification function. When the received message and proxy signature can match with the public key of the original signer, the verification result is true. It means that the message is signed by the proxy signer on behalf of the original signer, and the message is not modified after signing. Otherwise, the verification is false, and the receivers do not admit the message. Except for the basic characteristics of digital signatures, the proxy signature mechanism has some unique characteristics.
Unforgeability of proxy signatures: Except for the proxy signature, anyone including the original signer cannot generate valid proxy signature because of the confidentiality for r.
Distinguishability of proxy signatures: A proxy signature is different from an ordinary digital signature of the original signer because the proxy signature (R, s, K) adds K, a part of the proxy key, compared to the ordinary signature. In addition, the proxy signatures from several proxy signers are easy to be distinguished due to the difference of K.
Identifiability of proxy signer: An original signer can determine the identity of the corresponding proxy signer from a proxy signature according to K.
Private-key's dependence: The private key of the proxy signer is generated by the private key of the original signer, meaning that δ depends on x.
Cancelability of proxy key: An original signer can send a message signed by him to the other to declare the invalidation of K at any time, once the original signer wants to end the delegation and cancel the proxy signature.

Case Study
This section provides case studies to demonstrate the application of the proxy signature mechanism on blockchains under the principal-agent management model of SES. MATLAB is used to simulate the digital signature located in the core layer of the blockchain. Moreover, the hash of the sent message is produced by CaptfEncoder, a cross-platform network security toolkit. Some hash functions, including MD1, MD5-32, SHA-1, SHA-256 and SM3, can be selected in the toolkit. To compare and verify the effectiveness of the principal-agent management model based on the proposed proxy signature mechanism in the blockchain environment, two application scenarios, including the digital signature process and the consensus process on an SES market blockchain, are simulated in the following sections.

Digital Signature Process
A digital signature process on an SES market blockchain based on the proposed proxy signature mechanism is shown in Figure 5. In the process, there are three types of nodes: delegation nodes (i.e., owners of energy storage resources), proxy nodes (i.e., SESOs) and verification nodes (i.e., other nodes on the blockchain, including demanders, other suppliers, power grid and so on). A delegation node as an original signer delegates its digital signature power to a proxy node-i.e., a proxy signer. The proxy node signs a bidding message of SES, and sends the message and its proxy signature to verification nodes. The verification nodes verify the proxy signature, and accept the message if the proxy signature is valid. The message is accepted only when the proxy signature is verified by the verification nodes successfully. In Figure 5, the verification nodes verify the proxy signature according to the received signature and the message from the proxy node, as well as the public information from the delegation node. The verification result shows that the message is signed by the proxy node on behalf of the It can be seen from Figure 5 that a safe prime p of 40 bits is selected, and the encryption bits are determined. A generator g is selected according to the characteristics of the safe prime and the method described above. Then a private key x generates randomly, and then the public key y can be obtained based on the private key. For each node on the blockchain, the group (y, p, g) can be queried publicly.
In this case, there are two delegation processes between the delegation node and proxy node. In the first process, a random number k with a value of "1ff2921bfb" is generated, and then the proxy key (K, δ) is computed and sent to the proxy node. After receiving the proxy key, the proxy node queries the public key of the delegation node, and checks the received key through Equation (6). However, the check fails due to the unequal values of the equation, and therefore a message about this is answered by the delegation node. Presently, another random number k with a value of "515da08b16" is generated. Similarly, the proxy key is sent and checked successively. The new proxy key passes the check in the second process. Therefore, the proxy node accepts the delegation from the delegation node successfully. From the above analysis, it can be found that the delegation process of the proposed proxy signature mechanism has a certain probability of failure because of the value of k. However, it only has a modest impact on the whole process because the time of delegation process is negligible compared to the total agent time.
The proxy node will participate in the SES market and exercise the rights on behalf of the delegation node after accepting the delegation. In this case, the proxy node wants to sell the idle energy storage resources from 3:00 to 3:30 p.m. according to the scheduling of the delegation node. Therefore, a bidding message, whose contents are "Capacity: 80 kWh; Price: 0.7 yuan/kWh; Time: 3:00 p.m.-3:30 p.m.", will be signed and sent to other nodes. It is worth mentioning that the bidding price in the message is determined based on the experience and information of the proxy node-i.e., SESO. For the signing process, firstly, the hash of the message is obtained by a specified hash function (SHA-256 is used in this paper). Moreover, the proxy signature is generated based on a new random number, system parameters and the proxy key. Then, the message and its proxy signature are sent to other nodes including the delegation node.
The message is accepted only when the proxy signature is verified by the verification nodes successfully. In Figure 5, the verification nodes verify the proxy signature according to the received signature and the message from the proxy node, as well as the public information from the delegation node. The verification result shows that the message is signed by the proxy node on behalf of the delegation node and is not modified after signing. The bidding information from the accepted message will be matched in the next stage of the transaction process of SES.
In order to further represent the characteristics of the proposed proxy signature mechanism, another digital signature process on the SES market blockchain based on the traditional ElGamal digital signature mechanism is simulated as shown in Figure 6.
In this case, the owner still delegates his management rights or transaction rights to the SESO off-line. However, on the blockchain, the node of the owner needs to sign the message by his own private key personally. It can be seen from Figure 6 that the proxy node (i.e., SESO) sends the bidding message encrypted by the public key of the owner to the delegation node (i.e., the node of the owner) first. Then the message is decrypted by the private key of the delegation node, and the message is signed by the private key and sent to other nodes, if the delegation node is online and non-faulty. Otherwise, the above process will not be completed until the delegation node is online or recovered from the fault. The encryption/decryption process and the signature process of the ElGamal algorithm are presented in [32].
Appl. Sci. 2020, 10, x FOR PEER REVIEW 14 of 19 Figure 6. The digital signature process on an SES market blockchain based the traditional ElGamal digital signature mechanism.
In this case, the owner still delegates his management rights or transaction rights to the SESO off-line. However, on the blockchain, the node of the owner needs to sign the message by his own private key personally. It can be seen from Figure 6 that the proxy node (i.e., SESO) sends the bidding message encrypted by the public key of the owner to the delegation node (i.e., the node of the owner) first. Then the message is decrypted by the private key of the delegation node, and the message is signed by the private key and sent to other nodes, if the delegation node is online and non-faulty. Otherwise, the above process will not be completed until the delegation node is online or recovered from the fault. The encryption/decryption process and the signature process of the ElGamal algorithm are presented in [32]. Obviously, without the proxy signature mechanism, the SESO cannot accomplish the whole market transaction process on the blockchain on behalf of the owner alone, though the SESO has accepted the delegation. The core power of the market transaction on blockchains-i.e., digital signature power-is still kept by the delegation node. Therefore, the execution of all the market behaviors, including information issuing, bidding, data querying and contract signing, need to be signed by the online delegation node, where the transaction efficiency may be affected because of the fault or disconnection of the node. In this situation, the SESO is unable to obtain the whole transaction rights on the blockchain and only acts as a decision-making consultant who provides transaction strategies to the owner, which greatly reduces the value and function of the SESO.

Consensus Process
The consensus mechanism is the core part in blockchains, achieving the validation and confirmation of the ledgers on blockchains and reaching the uniformity of the distributed database. At present, practical Byzantine fault tolerance (PBFT) is a common consensus mechanism in consortium blockchains that are the first choice in the energy sector including SES [15]. A typical consensus process of PBFT is shown in Figure 7 [34]. It can be seen that the consensus process includes five phases: request, pre-prepare, prepare, commit and reply. A message from the client (i.e., "C" in the Figure 7) will be validated and accepted by other nodes (i.e., "0", "1", "2" and "3" in the Figure 7, though "3" is faulty at this time) through the consensus process. More detail about PBFT, such as the analysis of process, performance evaluation and implement techniques, can be found in [34].
Appl. Sci. 2020, 10, x FOR PEER REVIEW 15 of 19 accepted the delegation. The core power of the market transaction on blockchains-i.e., digital signature power-is still kept by the delegation node. Therefore, the execution of all the market behaviors, including information issuing, bidding, data querying and contract signing, need to be signed by the online delegation node, where the transaction efficiency may be affected because of the fault or disconnection of the node. In this situation, the SESO is unable to obtain the whole transaction rights on the blockchain and only acts as a decision-making consultant who provides transaction strategies to the owner, which greatly reduces the value and function of the SESO.

Consensus Process
The consensus mechanism is the core part in blockchains, achieving the validation and confirmation of the ledgers on blockchains and reaching the uniformity of the distributed database. At present, practical Byzantine fault tolerance (PBFT) is a common consensus mechanism in consortium blockchains that are the first choice in the energy sector including SES [15]. A typical consensus process of PBFT is shown in Figure 7 [34]. It can be seen that the consensus process includes five phases: request, pre-prepare, prepare, commit and reply. A message from the client (i.e., "C" in the Figure 7) will be validated and accepted by other nodes (i.e., "0", "1", "2" and "3" in the Figure 7, though "3" is faulty at this time) through the consensus process. More detail about PBFT, such as the analysis of process, performance evaluation and implement techniques, can be found in [34]. The prepare phase of PBFT is selected in this case. In the phase, a prepare message with the digital signature of the node is multicast to all other nodes when the node accepts the pre-prepare message in order for all nodes to verify the correctness of the message with each other. Therefore, on an SES blockchain, a prepare phase based on the traditional scheme and a prepare phase based on the principal-agent model with the proxy signature mechanism are, respectively, shown in Figures 8  and 9. It is assumed that there are five nodes deployed on the blockchain, including a primary node and four follower nodes. The primary node is selected according to the node number, the node state and the validation result.
It can be seen from Figure 8 that the other nodes, except for the primary node, multicast a prepare message to all nodes on the blockchain. The prepare message consists of two parts: the prepare message body and its digital signature produced by the private key of the node. The prepare message body consists of a label of "PREPARE", the view number and sequence number of this consensus process, the digest of the original message from the client forwarded by the primary node in the preprepare phase and the node number. Then, the prepare message body is signed by the node, and the digital signature for the prepare message body is obtained. The digital signature mechanism based on the ElGamal algorithm is applied in the consensus process. Once the signature is verified to be correct and the view number and sequence number are right, the node that receives the prepare message will accept the message. At last, when the node accepts enough messages from other nodes (twice the number of tolerable faulty nodes of the blockchain), the node will start the commit phase and multicast a commit message to other nodes. It is worth mentioning that the nodes on the blockchain may be in different phases of the consensus process at a certain time, and therefore the figures show the message exchange at the same prepare phase. The prepare phase of PBFT is selected in this case. In the phase, a prepare message with the digital signature of the node is multicast to all other nodes when the node accepts the pre-prepare message in order for all nodes to verify the correctness of the message with each other. Therefore, on an SES blockchain, a prepare phase based on the traditional scheme and a prepare phase based on the principal-agent model with the proxy signature mechanism are, respectively, shown in Figures 8 and 9. It is assumed that there are five nodes deployed on the blockchain, including a primary node and four follower nodes. The primary node is selected according to the node number, the node state and the validation result. As shown in Figure 9, node 5 accepts the delegations from node 3 and node 4 at the same time. Therefore, node 5 is the proxy node, and node 3 and node 4 are the delegation node. For a blockchain supporting the proxy signature mechanism, although the primary node sends a pre-prepare message to the delegation nodes, the proxy node will multicast the prepare message on behalf of the delegation a message of node 5 itself and two messages signed by using the proxy keys. The nodes that receive the three messages, node 1 and node 2, also accept these messages if the ordinary digital signature and the proxy signatures are verified. In addition, node 1 and node 2 can tell whether a received message is coming from a normal follower node or a proxy node according to the structure of the signature. If a message signed by the proxy node is identified as a malicious message, the proxy node, not the delegation node, will be responsible for this. When the principal-agent model with the proxy signature mechanism is utilized in the consensus process based on PBFT, the stability of the network can be enhanced because the proxy nodes deployed in the professional servers of SESOs may be healthier and more robust than ones deployed in the servers of owners. Moreover, the efficiency and speed of the consensus process are also improved due to the reduced amount of the nodes that need to multicast messages. However, the security of the consensus process may be affected by the proxy signature mechanism once a proxy node accepts the delegations from a great number of delegation nodes. The reason for this is that the It can be seen from Figure 8 that the other nodes, except for the primary node, multicast a prepare message to all nodes on the blockchain. The prepare message consists of two parts: the prepare message body and its digital signature produced by the private key of the node. The prepare message body consists of a label of "PREPARE", the view number and sequence number of this consensus process, the digest of the original message from the client forwarded by the primary node in the pre-prepare phase and the node number. Then, the prepare message body is signed by the node, and the digital signature for the prepare message body is obtained. The digital signature mechanism based on the ElGamal algorithm is applied in the consensus process. Once the signature is verified to be correct and the view number and sequence number are right, the node that receives the prepare message will accept the message. At last, when the node accepts enough messages from other nodes (twice the number of tolerable faulty nodes of the blockchain), the node will start the commit phase and multicast a commit message to other nodes. It is worth mentioning that the nodes on the blockchain may be in different phases of the consensus process at a certain time, and therefore the figures show the message exchange at the same prepare phase.
As shown in Figure 9, node 5 accepts the delegations from node 3 and node 4 at the same time. Therefore, node 5 is the proxy node, and node 3 and node 4 are the delegation node. For a blockchain supporting the proxy signature mechanism, although the primary node sends a pre-prepare message to the delegation nodes, the proxy node will multicast the prepare message on behalf of the delegation nodes when it receives the pre-prepare message even if the delegation nodes may be faulty or off-line. The sent messages from the proxy node and the corresponding delegation nodes are consistent. It can be seen from Figure 9 that node 5 multicasts three prepare messages to other nodes, including a message of node 5 itself and two messages signed by using the proxy keys. The nodes that receive the three messages, node 1 and node 2, also accept these messages if the ordinary digital signature and the proxy signatures are verified. In addition, node 1 and node 2 can tell whether a received message is coming from a normal follower node or a proxy node according to the structure of the signature. If a message signed by the proxy node is identified as a malicious message, the proxy node, not the delegation node, will be responsible for this.
When the principal-agent model with the proxy signature mechanism is utilized in the consensus process based on PBFT, the stability of the network can be enhanced because the proxy nodes deployed in the professional servers of SESOs may be healthier and more robust than ones deployed in the servers of owners. Moreover, the efficiency and speed of the consensus process are also improved due to the reduced amount of the nodes that need to multicast messages. However, the security of the consensus process may be affected by the proxy signature mechanism once a proxy node accepts the delegations from a great number of delegation nodes. The reason for this is that the content of multicast messages is decided by the proxy nodes independently, and the delegation nodes probably do not know what the proxy node does. In order to address the above problem, the number of delegations that a proxy node can accept should be limited according to the total number of nodes on the blockchain.
On the other hand, the proxy nodes are less likely to attack the blockchain maliciously but have a strong incentive to maintain it because the proxy nodes-i.e., SESOs, rely more on the SES market blockchain from the perspective of interest. Finally, the malicious behaviors of the proxy nodes will be recorded in the blockchain, which can hold the malicious nodes accountable.

Conclusions
A management method of SES based on a proxy signature mechanism in the blockchain environment is proposed in this paper. Several conclusions are drawn as follows: 1. Based on budget cost, profit expectation, management ability and market rules, the owners of idle energy storage resources can select a suitable management model, such as a self-operation model or principal-agent model, to gain more profits in the SES market.
2. Blockchains can meet the demands of SES well. The fairness, efficiency and credibility in the sharing process can be achieved by blockchains and basic technologies.
3. The proxy signature mechanism can achieve the delegation of digital signature power under the premise of security and reliability, which is suitable for the principal-agent model in the blockchain environment.
4. Two typical application scenarios for the principal-agent model with the proxy signature mechanism on an SES blockchain, the digital signature process of an SES bidding message and the consensus process based on PBFT are simulated and compared. Some characteristics such as the online decision support, the agent for the off-line or faulty delegation nodes and the enhanced efficiency of consensus processes are represented, providing the potential to improve the flexibility of the SES market and its blockchain.
Future work will focus on the SES market mechanism considering the principal-agent model and the application of the proxy signature mechanism on the data sharing and transaction blockchain of SES.