A network-connected data management system and method for network security

By establishing unified security parameters and TLS communication channels in the power system, using the PMU clock to generate synchronous random seeds to split data into fragments and generate triples, and combining the real-time topology optimization arithmetic circuit of the power grid, the security and efficiency problems in multi-participant grid-connected data interaction are solved, and efficient operation of data fragmentation sharing and collaborative computing is realized.

CN122316640APending Publication Date: 2026-06-30GUANGDONG POWER GRID CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGDONG POWER GRID CO LTD
Filing Date
2026-03-20
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

In existing technologies, multi-participant grid-connected data interaction faces challenges in terms of data security and collaborative computing. Centralized acquisition and encrypted transmission are inefficient, cannot adapt to real-time changes in the power grid topology, and suffer from severe invalid computations, making it impossible to achieve data fragmentation sharing and collaborative computing.

Method used

By establishing unified security parameters and TLS communication channels, using the PMU clock to generate synchronous random seeds, splitting data into fragments and generating triples, and combining real-time power grid topology optimization arithmetic circuits, fragmented data sharing and collaborative computing are achieved.

Benefits of technology

It achieves high efficiency in secure data sharing and collaborative computing, adapts to real-time changes in power grid topology, reduces invalid calculations, ensures data security and computing efficiency, and is suitable for collaborative management of multiple participants in the power system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122316640A_ABST
    Figure CN122316640A_ABST
Patent Text Reader

Abstract

This invention discloses a grid-connected data management system and method for network security, relating to the field of data security technology. In a power system, when different participants need to negotiate and manage grid-connected data using a task function, the different participants determine unified security parameters and establish secure communication channels between each other. Each data point in the time-series data stream is divided into data fragments, which are then sent to all participants through the secure communication channels. All data fragments of the same data point received by all participants constitute a secret share. The task function is transformed into an arithmetic circuit, which inputs the secret share and triplet of the grid-connected data held by each participant. Based on the optimized real-time grid topology, addition gates, multiplication gates, and constant gates are calculated one by one, and the secret share after gate operations is finally output.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data security technology, specifically to a network-connected data management system and method applied to network security. Background Technology

[0002] Under the new energy revolution, diverse entities such as photovoltaic / wind power plants, energy storage power plants, microgrids, and large industrial and commercial users are deeply integrated into the power grid system, breaking the traditional management pattern of a single power grid company and forming a model in which multiple parties collaborate in grid-connected data management. Based on core data such as grid-connected power, voltage, and load, all parties need to jointly execute tasks such as power scheduling, load allocation, and fault early warning. Multi-party data interaction and collaborative computing have become core technical requirements for grid-connected management, providing application scenarios for cross-entity secure data management solutions. In existing technologies, multi-participant grid-connected data interaction often adopts a "centralized acquisition + encrypted transmission" model, which struggles to balance data security and transparency of multi-party collaboration, and lacks effective technical means to achieve "fragmented data sharing and collaborative computation completed only through fragments." Existing technologies separate security encryption from task computation, first encrypting and transmitting data, and then performing task function computation in plaintext. This not only consumes computing power for encryption, decryption, and encapsulation, but also fails to provide security protection for the computation process. Some attempts to introduce secure multi-party computation directly apply general arithmetic circuit and gate operation rules without considering the dynamic changes in the real-time power grid topology for circuit optimization. This results in a large number of invalid computations, low computational efficiency, and inability to adapt to actual operating conditions such as power grid maintenance and isolation.

[0003] There is an urgent need for "data security sharing + collaborative computing" technology that can be adapted to multiple participants, breaking the traditional "centralized aggregation" model and creating a "power scenario-customized" secure multi-party computing system. This system will convert the arithmetic circuit of the task function and bind it to the real-time topology of the power grid. It will also enable data fragmentation and sharing, allowing each party to complete collaborative computing with only fragments, thereby avoiding data leakage at the source and balancing security and collaboration needs. Summary of the Invention

[0004] The purpose of this invention is to provide a network-connected data management system and method for network security, in order to solve the problems raised in the prior art.

[0005] To achieve the above objectives, the present invention provides the following technical solution: A method for managing network-connected data in network security, the method comprising the following steps: S100. In a power system, when different participants need to negotiate and manage grid connection data and execute task functions, the different participants determine unified security parameters and establish secure communication channels between each other; a global clock is used to generate a synchronous random seed and initialize a pseudo-random number generator. Furthermore, the specific steps for generating a synchronous random seed using the PMU clock and initializing the random number generator are as follows: S101. For a task function where n participants negotiate and manage grid-connected data, the security parameters include a finite field modulus p, a pseudo-random function PRF, and a hash function H; the finite field modulus is a large prime number, p > 2. k k represents the security factor set by the staff; a TLS secure communication channel is established between each pair of participants; the pseudo-random function PRF is used to construct a pseudo-random number generator; Determine unified security parameters for the modulus p of the finite field of large prime numbers, the PRF pseudo-random function, and the hash function H, and adapt them to the security coefficient requirements. This will define a unified and secure mathematical domain for all subsequent cryptographic operations, avoiding computational errors and security vulnerabilities caused by inconsistent parameters. Establish pairwise TLS secure communication channels to achieve end-to-end encrypted transmission between participants, thus avoiding the risks of data eavesdropping and tampering at the transport layer.

[0006] S102. Deploy a phasor measurement unit (PMU) in the power grid-connected system. Utilize the phasor measurement unit to provide a microsecond-level global clock. Each participant obtains its current timestamp T through the global clock. PMU Time synchronization is performed, and a synchronization random seed is generated by combining the participant's own identifier. The formula is: seed i =H(T) PMU ||ID i ), seed i Represents the synchronous random seed for participant i, ID i This represents the unique identifier of participant i. Time synchronization is achieved using the microsecond-level global clock of the PMU phasor measurement unit. Combined with the unique identifier of each participant, a synchronization random seed is generated, which not only ensures the strong synchronization of the random seeds of all participants, but also ensures the uniqueness and non-forgeability of the seed through hash function and unique identifier. The pseudo-random number generator is initialized based on the synchronization seed, providing a secure and traceable source of random numbers for subsequent data fragmentation and triple generation, avoiding the failure of secret sharing caused by uncontrollable random numbers.

[0007] All participants initialize the pseudo-random number generator using a synchronous random seed.

[0008] S200: Each participant uses its own sensors to collect a time-series data stream of unique grid-connected data, breaks each data point in the time-series data stream into data fragments, and sends the data fragments to all participants through a secure communication channel. All data fragments of the same data point received by all participants constitute a secret sharing. Furthermore, the specific steps for all data fragments of the same data point received by all participating parties to constitute a secret sharing are as follows: S201, Participant i collects time-series data streams {x} of unique grid-connected data through its own edge IoT gateway. i,t}, t∈(1,∞); The edge IoT gateway collects data at each data point x i,t When the data point is split into n fragments, the data point x i,t This represents the grid-connected data at time t, specifically: First, generate n-1 random numbers {r}. i,t (1) ,...,r i,t (n-1)}∈F p r i,t (1) Let r represent the first random number. i,t (n-1) F represents the (n-1)th random number. p Let F represent a finite field. p =[1, 2, 3...p]; The generated n-1 random numbers are distributed as data fragments to the remaining n-1 participants except for participant i through a secure communication channel; The data fragments retained by participant i are calculated using n-1 random numbers, using the following formula: ; In the formula, [x i,t ] i This represents the data fragment retained by participant i itself, mod means modulo, and j≠i; Set constraints: Collected data points x i,t ∈F p The sum of n data fragments, modulo 1, equals the original data point; if the collected data point x i,t F p Data deemed abnormal is removed. By collecting time-series data streams through edge IoT gateways, the actual scenario of data acquisition at the edge of the power system is aligned with, reducing the computing power pressure on the cloud. Data points are split into n fragments within a finite domain, with one fragment retained by the system and the remaining n-1 fragments distributed. Constraints are set and abnormal data is removed, which not only achieves secret data sharing, making it impossible for a single participant to restore the complete data and avoiding data leakage, but also ensures the legality of data values ​​and prevents invalid data from participating in subsequent calculations. The rule that the summation of fragments modulo equals the original data point provides mathematical assurance for the correctness of subsequent data restoration and calculation.

[0009] S202. The edge IoT gateway adds a timing window identifier to each data point. When sending data fragments to the participants, the timing window identifier is packaged into a data packet and sent together. The edge IoT gateway maintains a local sending queue to record data packets that have been sent but have not been acknowledged. If the network is interrupted, the interruption is resumed according to the timing window identifier to ensure that no data is lost. Adding time-series window identifiers to data points and packaging them for transmission enables time-series traceability of data fragments; maintaining a local transmission queue and implementing a breakpoint resume mechanism based on time-series identifiers solves the problem of data transmission loss caused by power system network fluctuations and ensures the integrity of grid-connected data.

[0010] S203. Each participant receives data fragments sent by the other participants in real time, and caches and sorts them according to the time window identifier, forming a secret sharing of all data fragments of the same data point received by all participants.

[0011] By caching and sorting fragments according to the time sequence window identifier, fragments of the same data point are accurately aggregated and constitute secret sharing, realizing the orderly management of fragmented data, avoiding the failure of secret sharing due to time sequence disorder, and adapting to the core characteristic of strong time sequence of grid-connected data.

[0012] S300. All participants use a synchronous random seed to generate two random numbers in plaintext. They use the generated two random numbers in plaintext to calculate a third random number in plaintext. The three random numbers in plaintext form a triplet. Each participant obtains a triplet data fragment by secretly sharing the data. This process is repeated M times to obtain M triplets. Furthermore, the specific steps for obtaining triplet data fragments by secretly sharing data with each participant are as follows: S301. Generate the plaintext values ​​of two random numbers using a synchronous random seed, using the following formula: ; ; In the formula, a k and b k These represent the plaintext values ​​of random numbers a and b, respectively. || represents string concatenation. (The seed...) i The triple is concatenated with k and a, where k represents the sequence number of the triple, and a and b represent two randomly generated numbers, and a ≠ b; Based on the S100 synchronous random seed, two non-repeating random plaintext values ​​are generated, ensuring the synchronization and uniqueness of the triplet and avoiding deviations in multiplication gate operations caused by different random number sources. Random numbers are generated through the PRF pseudo-random function, which improves the unpredictability of random numbers and enhances the security of the triplet.

[0013] S302. Calculate the plaintext value c using the plaintext values ​​of a and b.k The formula is: c k =a k ×b k (mod p); construct a triplet using the plaintext values ​​of three random numbers; for each of the three random numbers' plaintext values, perform the splitting operation in S200 once, so that all participants obtain data fragments of the triplet. The sum of the data fragments of each random number's plaintext value in the triplet, modulo, must equal the original random number's plaintext value, and the sum of the plaintext values ​​of random number a and random number b must equal the plaintext value of random number c. Repeat this M times to obtain M triplets. By calculating a third random number, a triplet satisfying the multiplication relation is formed, providing a prefabricated mathematical carrier for the secret sharing operation of subsequent multiplication gates; the S200 splitting rule is executed on each random number of the triplet, so that the triplet exists in a secret sharing form, avoiding the security vulnerability of multiplication operation caused by the plaintext exposure of the triplet; the triplet is generated according to the number M of multiplication gates of the arithmetic circuit, realizing the precise matching of the number of triplets with the operation requirements, avoiding computing power redundancy.

[0014] M represents the number of multiplication gates in the arithmetic circuit after the task function is converted into an arithmetic circuit.

[0015] S400: Transform the task function into an arithmetic circuit, extract the real-time topology of the power grid, and optimize the real-time topology of the power grid using the arithmetic circuit. Furthermore, the specific steps for optimizing the real-time topology of the power grid using arithmetic circuits are as follows: S401. Using the principle of automatic control, the task function is transformed into an arithmetic circuit to extract the real-time topology graph of the power grid G(V,E), where V represents the power supply node and E represents the power supply connection edge. The power system marks the power disconnection areas currently under maintenance and isolation in the real-time topology map of the power grid. In the arithmetic circuit, the input nodes of the marked power disconnection areas are set to 0 by traversal, and all sub-circuits that only depend on the input nodes of the marked power disconnection areas are deleted. The optimized real-time topology map of the power grid is output, and the number of multiplication gates in the optimized arithmetic circuit based on the real-time topology map of the power grid is defined as M', and the number of triples is reduced to M'.

[0016] The task function is transformed into an arithmetic circuit, and the multi-party negotiation management requirements of grid-connected data are transformed into quantifiable gate operation logic, realizing the implementation of business requirements into mathematical operations and adapting to the operation rules of secure multi-party computation. The real-time topology map of the power grid G(V,E) is extracted and the power disconnection areas for maintenance and isolation are marked, so that the arithmetic circuit is deeply bound to the actual operating state of the power grid. The input nodes of the disconnection area are set to 0, the dependent sub-circuits are deleted, and the number of triples is adjusted to the number of multiplication gates M' after optimization. This realizes the dynamic pruning of the arithmetic circuit, which greatly reduces invalid operations, improves the efficiency of multi-party computation, and avoids the distortion of results caused by invalid grid area data participating in the operation.

[0017] S500: Input the secret sharing and triplet of grid-connected data held by each participant into the arithmetic circuit, calculate the addition gate, multiplication gate and constant gate one by one according to the optimized real-time topology of the power grid, and finally output the secret sharing after the gate operation; Furthermore, the specific steps for sharing the secret after the final output gate operation are as follows: S501. Based on the optimized arithmetic circuit, the secret sharing of grid-connected data points and the triplet are input into the arithmetic circuit for gate-by-gate calculation. The data output after each gate calculation is the secret sharing. The arithmetic gates include addition gates and multiplication gates; for the addition gate, the secret shared by the input is set to [u]. * and [v] * The output secret is shared as [w]. * =[u+v] * ;[u] * and [v] * This indicates the secret sharing of the output of the previous arithmetic gate; in the addition gate, each participant locally calculates the output data fragment of its own data fragment, using the formula: [w] j =[u] j +[v] j (modp); [u] j and [v] j Let [w] represent the data fragments locally input by the j-th participant in the addition gate. j This represents the data fragment output locally by the j-th participant; In the addition gate, participants perform local computation of fragments to sum and modulo, eliminating the need for multi-party interaction and achieving high efficiency in addition operations; moreover, the output results are still secretly shared, maintaining data security at all times and meeting the security requirements of multi-party collaboration.

[0018] S502. For the multiplication gate, let the input secret be shared as [u]. * and [v] * Using a triple for secret sharing [a] * [b]* [c] * ; The difference data fragments are calculated locally at each participant, using the formula: [e] j =[u] j -[a] j (mod p), [f] j =[v] j -[b] j (mod p); [e] j and [f] j Let [a] represent the difference data fragment of the j-th participant in the multiplication gate. j [c] j and [b] j This represents the data fragment in the triplet input by the j-th participant in the multiplication gate; Each participant broadcasts the calculated difference data fragments, and then [e] compares the two difference data fragments from all participants. j and [f] j The public values ​​e and f are obtained by summing and taking the modulo operation separately; the summation satisfies e = [u]. * -[a] * f=[v] * -[b] * ; Each participant uses the public value to calculate the data fragments output by the multiplication gate, using the following formula: ; In the formula, This means multiplying by n in a finite field. -1 (mod p) ensures that the calculation result satisfies the multiplication constraint, which is: ; The final output secret of the multiplication gate is shared [w]. * ; The multiplication gate calculates the difference fragments locally, broadcasts them, and then sums them to obtain the public values ​​e and f. It then combines the triplet to calculate the output fragments, which not only realizes the multiplication operation under secret sharing and overcomes the limitation that the multiplication gate cannot be operated locally, but also only publishes the difference fragments to minimize the scope of data exposure and ensure the security of the operation. The introduction of finite field modulo and multiplication constraints ensures that the multiplication operation results meet the mathematical rules and secret sharing requirements, and avoids operation deviations.

[0019] S503. For a constant gate, each participant locally multiplies the constant in the constant gate with the input data fragment and outputs the data fragment. The constant gate output is obtained by summing all the data fragments and taking the modulo, and the constant belongs to a finite field.

[0020] In the constant gate, participants perform multiplication of constants and fragments locally without multi-party interaction, balancing computational efficiency and data security; the summation and modulo outputs are secretly shared, maintaining the same format as the addition / multiplication gate results, which facilitates the aggregation of subsequent overall computation results.

[0021] S600. Each participant shares and distributes the secret of the gate operation output calculated by itself to other participants. Each participant calculates the final task result based on the received secret of the gate operation.

[0022] Furthermore, the specific steps for each participant to obtain the final task result based on the secret sharing calculation after receiving the gate operation are as follows: S601. After performing calculations gate by gate in the arithmetic circuit, each participant locally calculates and outputs the final data fragment [y]. j Then, using a secure communication channel, it sends its final data fragments to all participants. After receiving all the final data fragments, each participant sums them, takes the modulo, and calculates the final secret to be shared [y]. * The final secret sharing will be used as the result of the task function.

[0023] Participants distribute local final data fragments through a secure channel, ensuring both the security of the transmission process and the global aggregation of fragments. The summation and modulo operation of all fragments yields the final secret sharing, which serves as the task result. This not only conforms to the mathematical rules of the prior secret sharing, ensuring the correctness of the result, but also presents the final result in a shared form, satisfying the needs of multiple parties to jointly confirm and hold the grid-connected data management results.

[0024] A grid-connected data management system for network security includes a parameter determination module, a data splitting module, a triplet module, a circuit optimization module, an arithmetic circuit operation module, and an output module. The parameter determination module is used in the power system to determine unified security parameters and establish a secure communication channel between different participants when they need to negotiate and manage grid connection data and execute task functions; it also uses a global clock to generate a synchronous random seed and initialize a pseudo-random number generator. The data splitting module is used by each participant to collect unique grid-connected data time-series data streams using its own sensors, split each data point in the time-series data stream into data fragments, and send the data fragments to all participants through a secure communication channel. All data fragments of the same data point received by all participants constitute a secret sharing. The triplet module is used by all participants to generate two plaintext values ​​of random numbers using a synchronous random seed. The generated two plaintext values ​​of random numbers are used to calculate a third plaintext value of random numbers. The three plaintext values ​​of random numbers constitute a triplet. Each participant obtains a triplet data fragment by secretly sharing the data. The operation is repeated M times to obtain M triplets. The circuit optimization module is used to convert the task function into an arithmetic circuit, extract the real-time topology map of the power grid, and optimize the real-time topology map of the power grid using the arithmetic circuit. The arithmetic circuit operation module is used to input the secret sharing of grid-connected data held by each participant and M triples into the arithmetic circuit, calculate the addition gate, multiplication gate and constant gate one by one according to the optimized real-time topology diagram of the power grid, and finally output the secret sharing after gate operation; The output module is used by each participant to share and distribute the secret after gate operation calculated by itself to other participants. Each participant calculates the final task result based on the received secret after gate operation.

[0025] The parameter determination module includes a security parameter determination unit and a synchronous random seed unit; The security parameter determination unit is used to determine unified security parameters among different participants in a power system when they need to negotiate and manage grid-connected data to execute task functions. The synchronous random seed unit is used by each participant to obtain the current timestamp T through a global clock. PMU It also performs time synchronization and generates a synchronous random seed by combining the participant's own identifier.

[0026] The arithmetic circuit operation module includes an addition gate calculation unit, a multiplication gate calculation unit, and a constant gate calculation unit; The addition gate calculation unit is used to set the secret shared by the input of the addition gate as [u]. * and [v] * The output secret is shared as [w]. * =[u+v] * ; The multiplication gate calculation unit is used to calculate the difference data fragment locally at each participant using the triplet and the input secret shared data fragment, and then sum and take the modulus to obtain the public value. Each participant uses the public value to calculate the multiplication gate output data fragment.

[0027] Compared with the prior art, the beneficial effects of the present invention are: 1. This invention utilizes a PMU microsecond-level clock for synchronization, aligning with the strong time-series characteristics of grid data; it collects data through an edge IoT gateway, adapting to the actual scenarios of data collection at the edge of the power system; and it optimizes the arithmetic circuit by combining the real-time topology map of the power grid, deeply binding the solution with the actual operating state of the power grid, avoiding ineffective designs that are out of touch with the scenario, and making it highly practical.

[0028] 2. This invention optimizes the core process of secure multi-party computation for power scenarios: prefabricated triples matched with multiplication gates solve the multiplication problem, local addition / constant gates reduce multi-party interactions, and dynamically trimmed arithmetic circuits reduce invalid operations. This not only ensures the core security of multi-party computation but also significantly improves computational efficiency, adapting to the real-time requirements of power systems for data processing.

[0029] 3. All participants adopt unified security parameters and synchronized random seeds, and the final management result is generated by the aggregation of fragments from all participants, realizing the equality of multi-party collaboration; at the same time, each participant only participates in local calculation and holds a portion of the fragments, realizing the distributed controllability of data and calculation, which is in line with the business model of multi-participant collaborative management in the power system. Attached Figure Description

[0030] Figure 1 This is a schematic diagram of a network-connected data management system for network security according to the present invention. Detailed Implementation

[0031] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0032] Example: Figure 1 As shown, the present invention provides a technical solution. A method for managing network-connected data in network security, the method comprising the following steps: S100. In a power system, when different participants need to negotiate and manage grid connection data and execute task functions, the different participants determine unified security parameters and establish secure communication channels between each other; a global clock is used to generate a synchronous random seed and initialize a pseudo-random number generator. The specific steps for generating a synchronous random seed and initializing the random number generator using the PMU clock are as follows: S101. For a task function where n participants negotiate and manage grid-connected data, the security parameters include a finite field modulus p, a pseudo-random function PRF, and a hash function H; the finite field modulus is a large prime number, p > 2. k k represents the security factor set by the staff; a TLS secure communication channel is established between each pair of participants; the pseudo-random function PRF is used to construct a pseudo-random number generator; Determine unified security parameters for the modulus p of the finite field of large prime numbers, the PRF pseudo-random function, and the hash function H, and adapt them to the security coefficient requirements. This will define a unified and secure mathematical domain for all subsequent cryptographic operations, avoiding computational errors and security vulnerabilities caused by inconsistent parameters. Establish pairwise TLS secure communication channels to achieve end-to-end encrypted transmission between participants, thus avoiding the risks of data eavesdropping and tampering at the transport layer.

[0033] S102. Deploy a phasor measurement unit (PMU) in the power grid-connected system. Utilize the phasor measurement unit to provide a microsecond-level global clock. Each participant obtains its current timestamp T through the global clock. PMU Time synchronization is performed, and a synchronization random seed is generated by combining the participant's own identifier. The formula is: seed i =H(T) PMU ||ID i ), seed i Represents the synchronous random seed for participant i, ID i This represents the unique identifier of participant i. Time synchronization is achieved using the microsecond-level global clock of the PMU phasor measurement unit. Combined with the unique identifier of each participant, a synchronization random seed is generated, which not only ensures the strong synchronization of the random seeds of all participants, but also ensures the uniqueness and non-forgeability of the seed through hash function and unique identifier. The pseudo-random number generator is initialized based on the synchronization seed, providing a secure and traceable source of random numbers for subsequent data fragmentation and triple generation, avoiding the failure of secret sharing caused by uncontrollable random numbers.

[0034] All participants initialize the pseudo-random number generator using a synchronous random seed.

[0035] S200: Each participant uses its own sensors to collect a time-series data stream of unique grid-connected data, breaks each data point in the time-series data stream into data fragments, and sends the data fragments to all participants through a secure communication channel. All data fragments of the same data point received by all participants constitute a secret sharing. The specific steps for all data fragments of the same data point received by all participating parties to constitute a secret sharing are as follows: S201, Participant i collects time-series data streams {x} of unique grid-connected data through its own edge IoT gateway. i,t}, t∈(1,∞); The edge IoT gateway collects data at each data point x i,t When the data point is split into n fragments, the data point x i,t This represents the grid-connected data at time t, specifically: First, generate n-1 random numbers {r}. i,t (1) ,...,r i,t (n-1)}∈F p r i,t (1) Let r represent the first random number. i,t (n-1) F represents the (n-1)th random number. p Let F represent a finite field. p =[1, 2, 3...p]; The generated n-1 random numbers are distributed as data fragments to the remaining n-1 participants except for participant i through a secure communication channel; The data fragments retained by participant i are calculated using n-1 random numbers, using the following formula: ; In the formula, [x i,t ] i This represents the data fragment retained by participant i itself, mod means modulo, and j≠i; Set constraints: Collected data points x i,t ∈F p The sum of n data fragments, modulo 1, equals the original data point; if the collected data point x i,t F p Data deemed abnormal is removed. By collecting time-series data streams through edge IoT gateways, the actual scenario of data acquisition at the edge of the power system is aligned with, reducing the computing power pressure on the cloud. Data points are split into n fragments within a finite domain, with one fragment retained by the system and the remaining n-1 fragments distributed. Constraints are set and abnormal data is removed, which not only achieves secret data sharing, making it impossible for a single participant to restore the complete data and avoiding data leakage, but also ensures the legality of data values ​​and prevents invalid data from participating in subsequent calculations. The rule that the summation of fragments modulo equals the original data point provides mathematical assurance for the correctness of subsequent data restoration and calculation.

[0036] S202. The edge IoT gateway adds a timing window identifier to each data point. When sending data fragments to the participants, the timing window identifier is packaged into a data packet and sent together. The edge IoT gateway maintains a local sending queue to record data packets that have been sent but have not been acknowledged. If the network is interrupted, the interruption is resumed according to the timing window identifier to ensure that no data is lost. Adding time-series window identifiers to data points and packaging them for transmission enables time-series traceability of data fragments; maintaining a local transmission queue and implementing a breakpoint resume mechanism based on time-series identifiers solves the problem of data transmission loss caused by power system network fluctuations, ensuring the integrity of grid-connected data.

[0037] S203. Each participant receives data fragments sent by the other participants in real time, and caches and sorts them according to the time window identifier, forming a secret sharing of all data fragments of the same data point received by all participants.

[0038] By caching and sorting fragments according to the time sequence window identifier, fragments of the same data point are accurately aggregated and constitute secret sharing, realizing the orderly management of fragmented data, avoiding the failure of secret sharing due to time sequence disorder, and adapting to the core characteristic of strong time sequence of grid-connected data.

[0039] S300. All participants use a synchronous random seed to generate two random numbers in plaintext. They use the generated two random numbers in plaintext to calculate a third random number in plaintext. The three random numbers in plaintext form a triplet. Each participant obtains a triplet data fragment by secretly sharing the data. This process is repeated M times to obtain M triplets. The specific steps for obtaining triplet data fragments by secretly sharing data among each participant are as follows: S301. Generate the plaintext values ​​of two random numbers using a synchronous random seed, using the following formula: ; ; In the formula, a k and b k These represent the plaintext values ​​of random numbers a and b, respectively. || represents string concatenation. (The seed...) i The triple is concatenated with k and a, where k represents the sequence number of the triple, and a and b represent two randomly generated numbers, and a ≠ b; Based on the S100 synchronous random seed, two non-repeating random plaintext values ​​are generated, ensuring the synchronization and uniqueness of the triplet and avoiding deviations in multiplication gate operations caused by different random number sources. Random numbers are generated through the PRF pseudo-random function, which improves the unpredictability of random numbers and enhances the security of the triplet.

[0040] S302. Calculate the plaintext value c using the plaintext values ​​of a and b. k The formula is: c k =a k ×b k(mod p); construct a triplet using the plaintext values ​​of three random numbers; for each of the three random numbers' plaintext values, perform the splitting operation in S200 once, so that all participants obtain data fragments of the triplet. The sum of the data fragments of each random number's plaintext value in the triplet, modulo, must equal the original random number's plaintext value, and the sum of the plaintext values ​​of random number a and random number b must equal the plaintext value of random number c. Repeat this M times to obtain M triplets. By calculating a third random number, a triplet satisfying the multiplication relation is formed, providing a prefabricated mathematical carrier for the secret sharing operation of subsequent multiplication gates; the S200 splitting rule is executed on each random number of the triplet, so that the triplet exists in a secret sharing form, avoiding the security vulnerability of multiplication operation caused by the plaintext exposure of the triplet; the triplet is generated according to the number M of multiplication gates of the arithmetic circuit, realizing the precise matching of the number of triplets with the operation requirements, avoiding computing power redundancy.

[0041] M represents the number of multiplication gates in the arithmetic circuit after the task function is converted into an arithmetic circuit.

[0042] S400: Transform the task function into an arithmetic circuit, extract the real-time topology of the power grid, and optimize the real-time topology of the power grid using the arithmetic circuit. The specific steps for optimizing the real-time topology of the power grid using arithmetic circuits are as follows: S401. Using the principle of automatic control, the task function is transformed into an arithmetic circuit to extract the real-time topology graph of the power grid G(V,E), where V represents the power supply node and E represents the power supply connection edge. The power system marks the power disconnection areas currently under maintenance and isolation in the real-time topology map of the power grid. In the arithmetic circuit, the input nodes of the marked power disconnection areas are set to 0 by traversal, and all sub-circuits that only depend on the input nodes of the marked power disconnection areas are deleted. The optimized real-time topology map of the power grid is output, and the number of multiplication gates in the optimized arithmetic circuit based on the real-time topology map of the power grid is defined as M', and the number of triples is reduced to M'.

[0043] The task function is transformed into an arithmetic circuit, and the multi-party negotiation management requirements of grid-connected data are transformed into quantifiable gate operation logic, realizing the implementation of business requirements into mathematical operations and adapting to the operation rules of secure multi-party computation. The real-time topology map of the power grid G(V,E) is extracted and the power disconnection areas for maintenance and isolation are marked, so that the arithmetic circuit is deeply bound to the actual operating state of the power grid. The input nodes of the disconnection area are set to 0, the dependent sub-circuits are deleted, and the number of triples is adjusted to the number of multiplication gates M' after optimization. This realizes the dynamic pruning of the arithmetic circuit, which greatly reduces invalid operations, improves the efficiency of multi-party computation, and avoids the distortion of results caused by invalid grid area data participating in the operation.

[0044] S500: Input the secret sharing and triplet of grid-connected data held by each participant into the arithmetic circuit, calculate the addition gate, multiplication gate and constant gate one by one according to the optimized real-time topology of the power grid, and finally output the secret sharing after the gate operation; The specific steps for sharing the secret after the final output gate operation are as follows: S501. Based on the optimized arithmetic circuit, the secret sharing of grid-connected data points and the triplet are input into the arithmetic circuit for gate-by-gate calculation. The data output after each gate calculation is the secret sharing. The arithmetic gates include addition gates and multiplication gates; for the addition gate, the secret shared by the input is set to [u]. * and [v] * The output secret is shared as [w]. * =[u+v] * ;[u] * and [v] * This indicates the secret sharing of the output of the previous arithmetic gate; in the addition gate, each participant locally calculates the output data fragment of its own data fragment, using the formula: [w] j =[u] j +[v] j (modp); [u] j and [v] j Let [w] represent the data fragments locally input by the j-th participant in the addition gate. j This represents the data fragment output locally by the j-th participant; In the addition gate, participants perform local computation of fragments to sum and modulo, eliminating the need for multi-party interaction and achieving high efficiency in addition operations; moreover, the output results are still secretly shared, maintaining data security at all times and meeting the security requirements of multi-party collaboration.

[0045] S502. For the multiplication gate, let the input secret be shared as [u]. * and [v] * Using a triple for secret sharing [a] * [b] * [c] * ; The difference data fragments are calculated locally at each participant, using the formula: [e] j =[u] j -[a] j (mod p), [f] j =[v] j -[b] j (mod p); [e] j and [f] j Let [a] represent the difference data fragment of the j-th participant in the multiplication gate. j[c] j and [b] j This represents the data fragment in the triplet input by the j-th participant in the multiplication gate; Each participant broadcasts the calculated difference data fragments, and then [e] compares the two difference data fragments from all participants. j and [f] j The public values ​​e and f are obtained by summing and taking the modulo operation separately; the summation satisfies e = [u]. * -[a] * f=[v] * -[b] * ; Each participant uses the public value to calculate the data fragments output by the multiplication gate, using the following formula: ; In the formula, This means multiplying by n in a finite field. -1 (mod p) ensures that the calculation result satisfies the multiplication constraint, which is: ; The final output secret of the multiplication gate is shared [w]. * ; The multiplication gate calculates the difference fragments locally, broadcasts them, and then sums them to obtain the public values ​​e and f. It then combines the triplet to calculate the output fragments, which not only realizes the multiplication operation under secret sharing and overcomes the limitation that the multiplication gate cannot be operated locally, but also only publishes the difference fragments to minimize the scope of data exposure and ensure the security of the operation. The introduction of finite field modulo and multiplication constraints ensures that the multiplication operation results meet the mathematical rules and secret sharing requirements, and avoids operation deviations.

[0046] S503. For a constant gate, each participant locally multiplies the constant in the constant gate with the input data fragment and outputs the data fragment. The constant gate output is obtained by summing all the data fragments and taking the modulo, and the constant belongs to a finite field.

[0047] In the constant gate, participants perform multiplication of constants and fragments locally without multi-party interaction, balancing computational efficiency and data security; the summation and modulo outputs are secretly shared, maintaining the same format as the addition / multiplication gate results, which facilitates the aggregation of subsequent overall computation results.

[0048] S600. Each participant shares and distributes the secret of the gate operation output calculated by itself to other participants. Each participant calculates the final task result based on the received secret of the gate operation.

[0049] The specific steps for each participant to obtain the final task result based on the secret sharing calculation after receiving the gate operation are as follows: S601. After performing calculations gate by gate in the arithmetic circuit, each participant locally calculates and outputs the final data fragment [y]. j Then, using a secure communication channel, it sends its final data fragments to all participants. After receiving all the final data fragments, each participant sums them, takes the modulo, and calculates the final secret to be shared [y]. * The final secret sharing will be used as the result of the task function.

[0050] Participants distribute local final data fragments through a secure channel, ensuring both the security of the transmission process and the global aggregation of fragments. The summation and modulo operation of all fragments yields the final secret sharing, which serves as the task result. This not only conforms to the mathematical rules of the prior secret sharing, ensuring the correctness of the result, but also presents the final result in a shared form, satisfying the needs of multiple parties to jointly confirm and hold the grid-connected data management results.

[0051] A grid-connected data management system for network security includes a parameter determination module, a data splitting module, a triplet module, a circuit optimization module, an arithmetic circuit operation module, and an output module. The parameter determination module is used in the power system to determine unified security parameters and establish a secure communication channel between different participants when they need to negotiate and manage grid connection data and execute task functions; it also uses a global clock to generate a synchronous random seed and initialize a pseudo-random number generator. The data splitting module is used by each participant to collect unique grid-connected data time-series data streams using its own sensors, split each data point in the time-series data stream into data fragments, and send the data fragments to all participants through a secure communication channel. All data fragments of the same data point received by all participants constitute a secret sharing. The triplet module is used by all participants to generate two plaintext values ​​of random numbers using a synchronous random seed. The generated two plaintext values ​​of random numbers are used to calculate a third plaintext value of random numbers. The three plaintext values ​​of random numbers constitute a triplet. Each participant obtains a triplet data fragment by secretly sharing the data. The operation is repeated M times to obtain M triplets. The circuit optimization module is used to convert the task function into an arithmetic circuit, extract the real-time topology map of the power grid, and optimize the real-time topology map of the power grid using the arithmetic circuit. The arithmetic circuit operation module is used to input the secret sharing of grid-connected data held by each participant and M triples into the arithmetic circuit, calculate the addition gate, multiplication gate and constant gate one by one according to the optimized real-time topology diagram of the power grid, and finally output the secret sharing after gate operation; The output module is used by each participant to share and distribute the secret after gate operation calculated by itself to other participants. Each participant calculates the final task result based on the received secret after gate operation.

[0052] The parameter determination module includes a security parameter determination unit and a synchronous random seed unit; The security parameter determination unit is used to determine unified security parameters among different participants in a power system when they need to negotiate and manage grid-connected data to execute task functions. The synchronous random seed unit is used by each participant to obtain the current timestamp T through a global clock. PMU It also performs time synchronization and generates a synchronous random seed by combining the participant's own identifier.

[0053] The arithmetic circuit operation module includes an addition gate calculation unit, a multiplication gate calculation unit, and a constant gate calculation unit; The addition gate calculation unit is used to set the secret shared by the input of the addition gate as [u]. * and [v] * The output secret is shared as [w]. * =[u+v] * ; The multiplication gate calculation unit is used to calculate the difference data fragment locally at each participant using the triplet and the input secret shared data fragment, and then sum and take the modulus to obtain the public value. Each participant uses the public value to calculate the multiplication gate output data fragment.

[0054] Example: This embodiment uses a regional power grid connection system as the application scenario, setting up three participants (grid company A, new energy power station B, and energy storage power station C, i.e., n=3). They need to collaboratively complete the task function calculation for joint grid-connected power scheduling, providing a complete implementation description of the grid-connected data management system and method of this invention. In this embodiment, the core parameters are uniformly set as follows: safety factor k=128, and the finite field modulus p is selected as a large prime number 2. 130 +3 (satisfying p>2ᵏ), the pseudo-random function PRF is HMAC-SHA256, the hash function H is SHA256, the phasor measurement unit (PMU) is a microsecond-level synchronous clock, the TLS secure communication version is TLS1.3, the initial number of multiplication gates M=8 after the task function is converted into an arithmetic circuit, and the optimized number of multiplication gates M'=6.

[0055] An end-to-end secure communication channel is established between AB, AC, and BC using the TLS 1.3 protocol. The channel employs a hybrid encryption method of asymmetric encryption (RSA2048) and symmetric encryption (AES-256) to prevent data eavesdropping and tampering at the transport layer.

[0056] The three parties obtain a unified microsecond-level timestamp TPMU=1719825600000000 (microseconds) through the regional power PMU synchronization clock node to complete time synchronization; Each of the three parties obtains its own unique identifier: IDa = "PowerGrid-A-001", IDB = "NewEnergy-B-002", and IDC = "EnergyStorage-C-003". Seed according to the formula i =H(TPMU||ID) i Generate a synchronous random seed: seed a =SHA256(1719825600000000||PowerGrid-A-001) yields a 256-bit binary seed value; seed b =SHA256(1719825600000000||NewEnergy-B-002) yields a 256-bit binary seed value; seed c =SHA256(1719825600000000||EnergyStorage-C-003) yields a 256-bit binary seed value; Power grid company A collected total grid-connected power data x a,1 =500MW, verified x a,1 ∈F p This is valid data; New energy power station B collected photovoltaic grid-connected power x b,1 =200MW, verified x b,1 ∈F p This is valid data; Energy storage power station C collected the grid-connected energy storage charging and discharging power x c,1 =100MW, verified x c,1 ∈F p This is valid data; Since n=3, each party needs to generate n-1=2 random numbers and split the data into fragments. The random numbers are generated by the pseudo-random number generator initialized by S100, and all of them are ∈F. p : Data splitting by side A: Generating random numbers r a,1 (1) = 150, r a,1 (2) = 200, which is sent as data fragments to B and C respectively; the fragments are retained within itself [x a,1 ] a =x a,1 -(r a,1 (1)+r a,1(2) mod p = 500 - 350 = 150; B-side data splitting: Generating random number r b,1 (1) = 80, r b,1 (2) = 70, which is sent as data fragments to A and C respectively; the fragments are retained within itself [x b,1 ] β =200-(80+70)mod p=50; C-square data splitting: Generating random numbers r c,1 (1) = 30, r c,1 (2) = 40, which is sent as data fragments to A and B respectively; the fragments are retained within itself [x c,1 ] c =100-(30+40)mod p=30; The data fragments after splitting by each party all satisfy the constraint that the sum of the n fragments modulo p equals the original data point. Fragment A: 150 (its own) + 150 (held by B) + 200 (held by C) = 500 = x a,1 .

[0057] The three parties receive data fragments sent by the other two parties through a TLS secure channel, and cache and sort them according to the time window identifier T=20260305-01 to ensure accurate aggregation of fragments of the same time sequence and the same data point; After aggregation, all fragments of the same data point constitute a secret sharing, for example: x a,1 Secret sharing: {[x a,1 ] a =150, [x] a,1 ] b =150, [x] a,1 ] c =200}; A single participant only holds a fragment of a data point, making it impossible to reconstruct the complete data and achieve secure data sharing.

[0058] Since the initial number of multiplication gates M=8, 8 sets of triples need to be generated, and each set of triples is generated according to the sequence number k=1,2,...,8; Based on the synchronous random seed of S100, each party generates two non-repeating random plaintext values ​​using PRF=HMAC-SHA256, taking k=1 as an example: For side A: a1=220, b1=180; For sides B and C, the same; The three parties generate the same triplet with the same index a. k b k Plaintext values ​​are fully synchronized to avoid computational errors. C1 = 220 × 180 mod p = 39600; The grid-connected power joint scheduling task function in this embodiment is: F(x a ,x b ,x c )=x a -(x b +x c )×0.9 (to achieve supply and demand balance scheduling of grid-connected power), and use the principle of automatic control to transform it into an arithmetic circuit. The circuit includes addition gates, multiplication gates, and constant gates. The initial number of multiplication gates is M=8. Extract the real-time topology map G(V,E) of the power grid, where V represents 10 power supply nodes in the region and E represents 15 power supply connection edges; according to the power grid status detection, nodes V6 and V7 are maintenance disconnected areas with no grid connection data input; Dynamic optimization of the arithmetic circuit: Set the input nodes of the arithmetic circuit corresponding to the disconnected V6 and V7 in the topology diagram to 0, traverse the circuit and delete the two sub-circuits that only depend on the invalid node. After optimization, the number of multiplication gates M' of the arithmetic circuit is 6. Based on the optimized number of multiplication gates, the last two of the eight sets of triples generated by S300 are deleted in sequence, while the secret sharing of the first six sets of triples is retained, so that the number of triples is precisely matched with the computational requirements, reducing the consumption of ineffective computing power.

[0059]

[0060] Addition Gate (x) b +x c Output secret share = {110, 90, 100}; constant gate (x) b +x c Output secret sharing = {99, 81, 90} × 0.9; Because p is a very large prime number (2 130 +3), taking the modulo of a negative number can be directly represented as inverting the original fragment; calculate x a -(x b +x c )×0.9, A's local calculation = 150 - 99 = 51; B's local calculation = 150 - 81 = 69; C's local calculation = 200 - 90 = 110; The secret shared by the final gate operation output is: [w] * ={51,69,110}; The original plaintext operation 500-(200+100)×0.9=500-270=230, which is completely consistent with the result of the fragment summation. The operation logic is closed-loop and correct.

[0061] It will be apparent to those skilled in the art that the present invention is not limited to the details of the exemplary embodiments described above, and that the invention can be implemented in other specific forms without departing from its spirit or essential characteristics. Therefore, the embodiments should be considered in all respects as exemplary and non-limiting, and the scope of the invention is defined by the appended claims rather than the foregoing description. Thus, all variations falling within the meaning and scope of equivalents of the claims are intended to be included within the present invention. No reference numerals in the claims should be construed as limiting the scope of the claims.

Claims

1. A method for managing network-connected data applied to network security, characterized in that: The method includes the following steps: S100. In a power system, when different participants need to negotiate and manage grid connection data and execute task functions, the different participants determine unified security parameters and establish secure communication channels between each other; a global clock is used to generate a synchronous random seed and initialize a pseudo-random number generator. S200: Each participant uses its own sensors to collect a time-series data stream of unique grid-connected data, breaks each data point in the time-series data stream into data fragments, and sends the data fragments to all participants through a secure communication channel. All data fragments of the same data point received by all participants constitute a secret sharing. S300. All participants use a synchronous random seed to generate two random numbers in plaintext. They use the generated two random numbers in plaintext to calculate a third random number in plaintext. The three random numbers in plaintext form a triplet. Each participant obtains a triplet data fragment by secretly sharing the data. This process is repeated M times to obtain M triplets. S400: Transform the task function into an arithmetic circuit, extract the real-time topology of the power grid, and optimize the real-time topology of the power grid using the arithmetic circuit. S500: Input the secret sharing and triplet of grid-connected data held by each participant into the arithmetic circuit, calculate the addition gate, multiplication gate and constant gate one by one according to the optimized real-time topology of the power grid, and finally output the secret sharing after the gate operation; S600. Each participant shares and distributes the secret of the gate operation output calculated by itself to other participants. Each participant calculates the final task result based on the received secret of the gate operation.

2. The network-connected data management method for network security according to claim 1, characterized in that: The security parameters in S100 include a finite field modulus p, a pseudo-random function PRF, and a hash function H; the finite field modulus is a large prime number, p > 2. k k represents the security factor set by the staff; a TLS secure communication channel is established between each pair of participants; the pseudo-random function PRF is used to construct a pseudo-random number generator; The specific steps of generating a synchronous random seed and initializing a pseudo-random number generator using a global clock are as follows: A phasor measurement unit (PMU) is deployed in the power grid-connected system. The PMU provides a microsecond-level global clock, and each participant obtains its current timestamp T through the global clock. PMU Time synchronization is performed, and a synchronization random seed is generated by combining the participant's own identifier. The formula is: seed i =H(T) PMU ||ID i ), seed i Represents the synchronous random seed for participant i, ID i This represents the unique identifier of participant i; all participants initialize the pseudo-random number generator using a synchronous random seed.

3. The network-connected data management method for network security according to claim 1, characterized in that: In S200, all data fragments of the same data point received by all participating parties constitute a secret sharing, specifically as follows: Participant i collects time-series data streams of unique grid-connected data through its own edge IoT gateway {x} i,t }, t∈(1,∞); The edge IoT gateway collects data at each data point x i,t When the data point is split into n fragments, the data point x i,t This represents the grid-connected data at time t, specifically: First, generate n-1 random numbers {r}. i,t (1) ,...,r i,t (n-1) }∈F p r i,t (1) Let r represent the first random number. i,t (n-1) F represents the (n-1)th random number. p Let F represent a finite field. p =[1, 2, 3...p]; The generated n-1 random numbers are distributed as data fragments to the remaining n-1 participants except for participant i through a secure communication channel; The data fragments retained by participant i are calculated using n-1 random numbers, using the following formula: ; In the formula, [x i,t ] i This represents the data fragment retained by participant i itself, mod means modulo, and j≠i; Set constraints: Collected data points x i,t ∈F p The sum of n data fragments, modulo 1, equals the original data point; if the collected data point x i,t F p Data deemed abnormal is removed. The edge IoT gateway adds a timing window identifier to each data point and packages the timing window identifier into a data packet when sending data fragments to the participants. The edge IoT gateway maintains a local sending queue to record data packets that have been sent but have not yet received an acknowledgment. If the network is interrupted, resume the download from the point of interruption according to the timing window identifier; Each participant receives data fragments sent by the other participants in real time, and caches and sorts them according to the time window identifier, forming a secret sharing of all data fragments of the same data point received by all participants.

4. The network-connected data management method for network security according to claim 1, characterized in that: The specific steps of repeating the operation M times in S300 to obtain M triplet pairs are as follows: Two random numbers a and b are generated using a synchronous random seed. The plaintext values ​​of a and b represent two randomly generated random numbers, and a ≠ b. Calculate the plaintext value c of c using the plaintext values ​​of a and b. k ; A triplet is formed using the plaintext values ​​of three random numbers. For each of the three random numbers, a splitting operation is performed, and all participants obtain data fragments of the triplet. The sum of the data fragments of the plaintext value of each random number in the triplet, modulo, is equal to the original plaintext value of the random number. Furthermore, the sum of the plaintext values ​​of random number a and random number b equals the plaintext value of random number c. Repeat this process M times to obtain M triplet pairs. M represents the number of multiplication gates in the arithmetic circuit after the task function is converted into an arithmetic circuit.

5. A network-connected data management method for network security according to claim 1, characterized in that: The optimization of the real-time power grid topology using arithmetic circuits in S400 specifically involves: The task function is transformed into an arithmetic circuit using the principle of automatic control, and the real-time topology graph of the power grid G(V,E) is extracted, where V represents the power supply node and E represents the power supply connection edge. The power system marks the power disconnection areas that are currently under maintenance or isolated in the real-time power grid topology map; In the arithmetic circuit, the input nodes of the marked power disconnection regions are set to 0 by traversal, and all sub-circuits that only depend on the input nodes of the marked power disconnection regions are deleted. The optimized real-time topology of the power grid is output, and the number of multiplication gates in the optimized arithmetic circuit based on the real-time topology of the power grid is defined as M', and the number of triples is reduced to M'.

6. A network-connected data management method for network security according to claim 1, characterized in that: The secret sharing after the final output gate operation in S500 is specifically as follows: Based on the optimized arithmetic circuit, the secret sharing of grid-connected data points and triplet are input into the arithmetic circuit for gate-by-gate calculation. The data output after each calculation is the secret sharing. The arithmetic gates include addition gates and multiplication gates; for the addition gate, the secret shared by the input is set to [u]. * and [v] * The output secret is shared as [w]. * =[u+v] * ;[u] * and [v] * This indicates the secret sharing of the output of the previous arithmetic gate; in the addition gate, each participant locally calculates the output data fragment of its own data fragment, using the formula: [w] j =[u] j +[v] j (modp); [u] j and [v] j Let [w] represent the data fragments locally input by the j-th participant in the addition gate. j This represents the data fragment output locally by the j-th participant; S502. For the multiplication gate, let the input secret be shared as [u]. * and [v] * Using a triple for secret sharing [a] * [b] * [c] * ; The difference data fragments are calculated locally at each participant, using the formula: [e] j =[u] j -[a] j (modp), [f] j =[v] j -[b] j (modp); [e] j and [f] j Let [a] represent the difference data fragment of the j-th participant in the multiplication gate. j [c] j and [b] j This represents the data fragment in the triplet input by the j-th participant in the multiplication gate; Each participant broadcasts the calculated difference data fragments, and then [e] compares the two difference data fragments from all participants. j and [f] j The public values ​​e and f are obtained by summing and taking the modulo operation separately; the summation satisfies e = [u]. * -[a] * f=[v] * -[b] * ; Each participant uses the public value to calculate the data fragments output by the multiplication gate, using the following formula: ; In the formula, This means multiplying by n in a finite field. -1 (modp) ensures that the calculation result satisfies the multiplication constraint, which is: ; The final output secret of the multiplication gate is shared [w]. * ; For a constant gate, each participant locally multiplies the constant in the constant gate with the input data fragment to output the data fragment, and sums all the data fragments and takes the modulo to obtain the constant gate output secret, which is shared. The constant belongs to a finite field. In constant gates, participants perform multiplication of constants and fragments locally without multi-party interaction, balancing computational efficiency and data security; the summation and modulo outputs are secretly shared.

7. A network-connected data management method for network security according to claim 1, characterized in that: In S600, each participant calculates the final task result based on the secret sharing calculation after receiving the gate operation, specifically as follows: After performing calculations gate by gate in the arithmetic circuit, each participant locally computes and outputs the final data fragment [y]. j Then, using a secure communication channel, it sends its final data fragments to all participants. After receiving all the final data fragments, each participant sums them, takes the modulo, and calculates the final secret to be shared [y]. * The final secret sharing will be used as the result of the task function.

8. A network-connected data management system for network security, characterized in that: The grid-connected data management system includes a parameter determination module, a data splitting module, a triplet module, a circuit optimization module, an arithmetic circuit operation module, and an output module. The parameter determination module is used in the power system to determine unified security parameters and establish a secure communication channel between different participants when different participants need to negotiate and manage grid connection data and execute task functions. Use a global clock to generate a synchronous random seed and initialize a pseudo-random number generator; The data splitting module is used by each participant to collect unique grid-connected data time-series data streams using its own sensors, split each data point in the time-series data stream into data fragments, and send the data fragments to all participants through a secure communication channel. All data fragments of the same data point received by all participants constitute a secret sharing. The triplet module is used by all participants to generate two plaintext values ​​of random numbers using a synchronous random seed. The generated two plaintext values ​​of random numbers are used to calculate a third plaintext value of random numbers. The three plaintext values ​​of random numbers constitute a triplet. Each participant obtains a triplet data fragment by secretly sharing the data. The operation is repeated M times to obtain M triplets. The circuit optimization module is used to convert the task function into an arithmetic circuit, extract the real-time topology map of the power grid, and optimize the real-time topology map of the power grid using the arithmetic circuit. The arithmetic circuit operation module is used to input the secret sharing of grid-connected data held by each participant and M triples into the arithmetic circuit, calculate the addition gate, multiplication gate and constant gate one by one according to the optimized real-time topology diagram of the power grid, and finally output the secret sharing after gate operation; The output module is used by each participant to share and distribute the secret after gate operation calculated by itself to other participants. Each participant calculates the final task result based on the received secret after gate operation.

9. A network-connected data management system for network security according to claim 8, characterized in that: The parameter determination module includes a security parameter determination unit and a synchronous random seed unit; The security parameter determination unit is used to determine unified security parameters among different participants in a power system when they need to negotiate and manage grid-connected data to execute task functions. The synchronous random seed unit is used by each participant to obtain the current timestamp TPMU through the global clock and synchronize the time, and generate a synchronous random seed by combining the participant's own identifier.

10. A network-connected data management system for network security according to claim 8, characterized in that: The arithmetic circuit operation module includes an addition gate calculation unit, a multiplication gate calculation unit, and a constant gate calculation unit; The addition gate calculation unit is used to set the secret shared by the input of the addition gate as [u]. * and [v] * The output secret is shared as [w]. * =[u+v] * ; The multiplication gate calculation unit is used to calculate the difference data fragment locally at each participant using the triplet and the input secret shared data fragment, and then sum and take the modulus to obtain the public value. Each participant uses the public value to calculate the multiplication gate output data fragment.