DePET: A Decentralized Privacy-Preserving Energy Trading Scheme for Vehicular Energy Network via Blockchain and K - Anonymity

With the gradually opening of energy markets and popularization of Electric Vehicles (EVs), EVs can transmit, dispatch and recharge energy in different markets and domains dynamically. However, in Vehicular Energy Network, EVs may randomly enter and leave a market, it imposes a difficult problem in that how to schedule and distribute energy effectively. Additionally, the location of EV owners usually includes sensitive information such as home addresses, company names, hospital traces, and so on, which may be collected by attackers and may result in the privacy leakage about EV owners. In this article, we propose a decentralized blockchain-enabled energy trading scheme that can trade cross over various domains efficiently, which enables reliable transactions between EVs and energy nodes within short processing delay. It can also preserve the privacy of EV owners, by adopting the k-anonymity method in constructing a united request to hide the location information and creating a clocking area based on undirected graphs. Even though the server is maliciously attacked, the attacker cannot distinguish among EV owners, which breaks the linkage between real locations and identities to preserve EV owners’ privacy. Finally, we conduct a comprehensive experimental evaluation to evaluate the trading performance and location privacy protection performance. The simulation results show that our proposed architecture outperforms over most state-of-the-art schemes in terms of processing delay and location privacy awareness.


I. INTRODUCTION
Vehicular Energy Network (VEN) [1] is built upon the existing transportation networks, which deploys wireless charging and discharging energy storage equipment, and EVs can trade with energy nodes dynamically. It is regarded as a promising technology to improve energy efficiency and sustainable development [2], which has great potential to integrate renewable energy sources and electric vehicles (EVs).
The associate editor coordinating the review of this manuscript and approving it for publication was Bin Zhou .
However, a majority of current energy trading infrastructures [3], [4] are centralized, there is a possibility for the occurrence of single point of failure since allowed a third party to serve as a controller to manage or control all transaction information. The reason is that EV owners must rely on a central entity, which handles energy distribution and entity registration. Although it is convenient for trading energy in some cases, these centralized entities may not be completely credible. Once a central entity is attacked or data is unintentionally leaked, potential security issues will inevitably occur.
Recently, blockchain technology has emerged as a promising approach to remove the reliance on the central platform, VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ which records transactions in the decentralized network in a verifiable and immutable manner [5]. However, there are some challenges in leveraging blockchain technology to provide a transparent, immutable and auditable managing of transactions for P2P energy trading. On the one hand, owing to the high mobility, limited storage space and computational resources of EVs, EVs can arrive in and depart the market in a randomly feature, the network topology changes rapidly. On the other hand, when a transaction is initiated, the location information (e.g. home location, work location) of EVs can be collected by some untrusted nodes, or hijacked by some adversaries. With the obtained location information, the adversary could further infer the personally sensitive information (e.g. age, hobbies, heath conditions) of EVs by some certain algorithms (e.g. Data Aggregation [6], [7], semantic association [8]), which may pose serious threats to EV owners' privacy, even the EV owners' life security.
In recent years, location privacy has been a growing research area, with a number of research efforts devoted to the topic from a variety of perspectives. Representative privacy protection schemes include k-anonymity [9], [10], pseudonyms exchanges [11]- [13], obfuscation [14] and differential privacy [15]- [17], etc. Particularly, k-anonymity is one of the most popular strategies to protect location privacy [18], and has been widely used in numerous systems, including social network and electronic health records, among others. However, it cannot be directly applied in VEN, as the social features of EV users in VEN are not fully considered. Therefore, it is still an open and vital issue to design a secure location privacy-preserving energy trading scheme to improve the security and efficiency in energy trading in VEN.
To address the abovementioned problems, in this article, we propose a decentralized blockchain-enabled secure energy trading scheme named DePET for energy trading in VEN. First, we adopt consortium blockchain to build a network, which enables EV owners to trade with energy nodes directly, and allows EV owners and energy nodes to manage their resources and information in a decentralized, secure, trustful, transparent, anonymous and verifiable manner. Furthermore, a k-anonymity-based location privacy-preserving algorithm is designed to protect EV owners' location privacy. This algorithm adopts an undirected graph to construct anonymity sets for these participants who have different privacy requirements. Experimental evaluations show the effectiveness of the proposed DePET scheme by comparison with other schemes.
The contributions of our work in this article are shown as follow: • We propose a decentralized energy trading scheme via a consortium blockchain, and EV owners can trade with energy nodes cross-domain and directly in a peer to peer manner, which removes the assumption of third trusted party.
• We adopt the k-anonymity to construct a united request deriving from an anonymity set based on an undirected graph to protect the EV owner's location privacy. In case the server is maliciously attacked, attackers still cannot distinguish among EV owners. We will introduce the related work in Section II. The problem is stated formally in Section III. Section IV gives the details of our proposed scheme. Section V provides some experimental results and evaluation analysis. Finally, Section VI concludes the papers.

II. RELATED WORK
Some research studies [19]- [25] utilize blockchain technology to decentralize the complex energy market's networks and peer-to-peer (P2P) energy trading.
The authors in Reference [19] proposed a localized P2P electricity trading model for locally buying and selling electricity among plug-in hybrid electric vehicles (PHEVs), which achieves demand response by providing incentives to discharging PHEVs to balance local electricity demand out of their own self-interests. Motivated by the pricing mechanism, the authors in Reference [20] proposed a blockchain-based secure incentive scheme to stimulate EVs to cooperatively deliver renewable energy to various areas with different electricity loads while maximizing EVs' utilities. Similarly, the authors in Reference [21] combined additive homomorphic encryption and consortium blockchain to provide privacy and trust, proposed a dynamic energy pricing model including demurrage fees, which is a monetary penalty imposed on a prosumer, if it failed to deliver energy within the agreed duration.
The authors in Reference [22] proposed a blockchain-based Local Energy Market (LEM) model, which introduces a Home Energy Management (HEM) system and demurrage mechanism. The model allows both the prosumers and consumers to optimize their energy consumption, minimize electricity costs and shift their load to off-peak hours. The authors in Reference [23] proposed a consortium blockchain-based scheme (BETS) to tackle the privacy leakage problem in a smart grid, which provides a noise-based privacy-preserving method to hide the trading distribution tendency. The authors in Reference [24] proposed a P2P energy trading system on public blockchain where all bids are encrypted and peer matching is performed on the encrypted bids by a functional encryption-based smart contract.
Generally, according to the literature discussed above, most of the research do not emphasize how to resolve the privacy and security issues during P2P energy trading. Thus, there is urgently need to design a location privacy-preserving energy trading scheme.

III. PROBLEM FORMULATION
In this section, we introduce the main four components in the system model. Then, we explain the threat model of proposed scheme, and give some reasonable assumptions and design goals.

A. SYSTEM MODEL
The proposed scheme DePET mainly includes four different components: EVs, local aggregators (LAGs), parking lots and certificate authority (CA), which is shown in Fig. 1.
• EVs. The EVs play different roles in proposed scheme: charging EVs and discharging EVs. Each EV chooses its own role according to current energy state and driving plan. And each EV is equipped with a smart meter for recording energy trading volume in real time. The payments of energy trading are based on these records in smart meter.
• LAGs. LAGs work as energy brokers to provide access points of electricity and wireless communication services for EVs. Each EV owner sends a request about electricity demand to the nearest LAG. The LAG does a statistics of local electricity demand and announces this demand to energy nodes.
• Parking lots. The parking lots work as the place for energy trading between EV owners and energy nodes.
• CA. CA works as the credible authority, which enables security and certificate-related services, is mainly responsible for supervision of transaction data and register of participants, such as LAGs, energy nodes and EVs owners.

B. THREAT MODEL
In the energy trading process, LAGs match energy nodes and provide location-based services for EV owners. We assume that the communication associated with the location is not secure enough, then attackers can get the accurate location of target EV owner through these services. Because EV owners' location information contains sensitive information, such as home, company, hospitals, etc. once obtained by the attacker, the EV owners' privacy will be leaked, even the personal safety will be threatened. For example, the attacker can analyze the hobby or health status of target EV owner, and send a request to the target LAG for profit. We divide the attackers that want to get the location information of EV owners into two categories: external attackers and internal attackers. The external attacker can get EV owners' location information from the transaction data recorded on blockchain, and the internal attacker is an internal malicious node in our proposed scheme, which can collect user data information. We assume that the LAG can be an internal attacker, and collect EV owners' accurate location information during the trading process.

C. ASSUMPTIONS
To make the scheme more easily understood, reasonable assumptions is needed. The assumptions are as follows: First, the energy node is located in the designated parking lots, and cannot moving while bidding with a certain EV owner. The EV owners without such a restriction, can be located in different places, and the location also couldn't be changed while starting the transaction with the bidding energy node; Second, all the EV owners are rational, and will not misreport the arriving time and current location. Once the EV finished trading operation, the EV owner drive away from the parking lot immediately; Finally, the proposed scheme contains multiple parking lots, and all available for EV owners.

D. DESIGN GOALS
In this article, there are three main objectives to be achieved: one is adoptable efficiency and another is k-anonymity-based location privacy preservation.

1) AUTHENTICATION
The real identity of an EV owner, which uploads data to the blockchain, should be authenticated to rule out illegal entities.

2) ADOPTABLE EFFICIENCY
This goal implies that our scheme should avoid a long latency time to make it adoptable in practice. The vital part of this aspect is that the time of reach a consensus should be limited in an acceptable period. This is because that the storage capacity of EVs in VEN is vulnerable, and it is not enough to have the backup of data of blockchain network or participate in the consensus, which will make it unadoptable in practice. Therefore, we adopt consortium blockchain to reduce the time cost in consensus process.

3) K-ANONYMITY
Constructing an anonymous set to achieve k-anonymity, which ensures that the attacker cannot distinguish an individual with a probability higher than 1/k, is the primary goal of our scheme. To achieve k-anonymity, there must be at least k EVs, which cannot be identified in an anonymously configured set, we define as clocking area.
Existing anonymity-based schemes can be divided into two groups: identifier anonymity [24] and location anonymity. The identifier anonymity-based strategy hides the EV owners' real identifier with a set of pseudonyms. In this way, the adversary cannot distinguish the relationship between specific pseudonym and k EVs. Nonetheless, there must be a trusted third party to hide the EV owner's real identifier and sometime the trust third party is hard to realize in real-world practice. And the adversary could also utilize the open information recorded in blockchain and obtain privacy from linking the identifiers of users with information.
Unlike identifier anonymity, the location anonymity-based strategy hides the exact location of the target EV owner in a geographic area, which includes at least k-1 other EV owners. Even if the malicious attacker obtains the location through historical transaction records in blockchain, the attacker can only obtain the approximate location of the target EV, instead of the exact location. In this article, and utilize a graph-based strategy to achieve k-anonymity and protect the location privacy of EV owners.

IV. THE PROPOSED SCHEME -DePET A. BLOCKCHAIN-BASED NETWORKING DESIGN
In VEN, the storage capacity of EVs is vulnerable, which is not enough to store all transactions. If we adopt the public blockchain, all nodes should participate in the consensus and have the backup of data of blockchain network, which will slow down the transaction speed, and cannot meet the needs of high-frequency energy trading. Therefore, to make the energy trading information more transparent and more reliable, we adopt consortium blockchain to build a blockchain network.
In our proposed scheme, the LAGs, EVs, and energy nodes act as nodes, and not all of them necessarily store the whole blockchain and participate in the consensus protocol. The LAGs are full nodes with read and write permissions on blockchain network, which means that they should participate in the consensus protocol and have the backup of data of blockchain network. And the EVs are light nodes only save their identity information and with read permission, which means that they need to send a read request to LAG through some protocols to confirm whether the submitted transactions are successfully written to blockchain, such as Simple Payment Verification [25]. This can guarantee transaction data will not to be tampered and manipulated by malicious EV attackers due to the EVs only hold reading permission. Also, these interactions with the smart contracts between EVs and LAGs are made through transactions, which are signed with the private key part of the respective addresses. To send transactions, EVs should connect to a LAG that broadcasts their demands on the blockchain network. To be specifically, while starting a transaction with the bidding energy node, the EVs need to access the nearest LAG, upload its account to the LAG, download the latest transaction data from the LAG, and synchronize the block header of transaction data. This is because that all the LAGs have the complete backup of data of blockchain network, the transaction's hash value is stored in block header, no matter how large the transaction data, all the EVs only need to synchronize data of block header. This can guarantee that the size of data is always 80 bytes, which greatly reduces the storage pressure of EVs and proves the system response time.

B. CONSENSUS PROCESS
Consensus process is an essential part during P2P energy trading in VEN. In our proposed DePET scheme, we adopt a three-phase consensus mechanism to efficiently reduce the confirmation delay of transactions and energy consumption for reaching consensus.
The first stage is the leader selection. All LAGs collect transaction records within certain periods, and then encrypt these transaction records with its signature. Similar to Bitcoin, the LAGs try to find a hash value that satisfies a certain difficulty for data audit. A LAG calculates the hash value of its block based on the random number x, the hash value of the previous block, timestamp, transactions' merkle root, etc. denoted as data. As shown in formula (1): Here, Difficulty is an integer controlled by the system, mainly used to adjust the search speed of random numbers, and the fastest LAG finds the random number is the leader node of current consensus process, denoted as dm.
In the second stage, for the ease of mutual verification and supervision, dm broadcasts the block data, random number x, timestamp to other LAGs, and these LAGs will audit the block data and broadcast the verification results with signature to other LAGs. Each verification result comprises of (audit result, verification result, signature, reply). The LAGs audit whether their own data has been tampered and verify whether illegal data are included in this block and reply to other LAGs with their signatures. Once all LAGs receive the unmistakable audit messages from others, they will send commit messages to dm.
In the third stage, dm performs mathematical statistical analysis on the received feedback, if all LAGs agree with the block data, dm will broadcast the verification results with signature to other LAGs for storage. Then the consensus process completed, the block data is written into the blockchain by dm in an orderly manner, and dm receives the rewarded Tokens. If some LAGs do not agree the block data, dm will analyze the verification result and send the block data to these LAGs again for audit. In such a consensus protocol, each verification result holds a signature, which is easy to count and located.

C. IN-STU ENERGY TRADING PROTOCOL DESIGN
In our proposed scheme, each LAG consists of a Transaction Server (TS) and a Memory Pool (MP). TS is responsible for collecting energy trading requests and matching energy nodes for EV owners. MP stores the backup of data of blockchain network. Token is similar to NRG coin [26], and has no effect on transaction efficiency and security. Also, each LAG can communicate with any EV owners in its range. The interaction of system is presented in Fig. 2. Here, we explain three mainly interactions between the different components in VEBN.

1) REGISTER OF EVs
If an EV owner wants to join the vehicular energy blockchain network, the EV first submits its identity information (name, age, ID number, etc.) for initiating a registration request to the CA server. Then the CA server utilizes an asymmetric encryption algorithm to generate a set of public key PK i and private key SK i for the EV owner, and uses its private key SK CA to encrypt the EV owner's public key PK i to form a digital signature SIGN(PK i ,SK CA ), and finally return (PK i , SK i , SIGN (PK i , SK CA )) to the EV owner. After that, the EV owner is to be a legal node. The others can use the CA's public key PK CA to verify the legality of the EV owner.

2) BUYING AND SELLING ENERGY
The EV owner initiates an energy trading request in the form of smart contract to the nearest LAG. When the LAG received the request, TS will verify its validity, if success, then packages the request and broadcasts it to all other LAGs for matching an energy node. If matched successfully, the EV owner receives the contract submitted by the energy node from the LAG, and generates a new contract to negotiate the price with the seller. If the agreement is reached, the EV owner will pay tokens to the energy node through its own wallet, and generates transaction records and sends it to the energy node. The energy node confirms and uses its private key to form a digital signature for the transaction record, and finally uploads the transaction record to LAG for carrying out consensus process.

3) CARRY OUT CONSENSUS PROCESS
Owning to all the LAGs are registered in CA server, we the three-phase consensus mechanism abovementioned to proceed. When the consensus process is completed, transactions are successfully written into blockchain network and stored in a transparent and immutable manner.

D. LOCATION PRIVACY-PRESERVING ALGORITHM DESIGN
The proposal of the decentralized energy trading model requires the protection of EV owners' location privacy while energy trading operations need to be efficient, transparent and reliable. In this work, we adopt the k-anonymity technology to construct a united request to protect the EV owner's location privacy.
When an EV owner wants to trading with other energy nodes, the EV owner collects and integrates the location l, request content c, identity id and other information of other k-1 EVs, and sends a united request to LAG. The format of an united request is shown in Table 1. LAG only holds a set of location coordinates, which can obscure the connection between the EV owner and its location. Although the attacker can get the location coordinate (x,y) of an EV in the clocking area, but it is hard to distinguish which EV the coordinate belongs to. A first-come, first-served method is usually adopted to connect with other k-1 EVs while constructing such a clocking area, but it is hard to judge whether this connection is reasonable. Therefore, we transform the optimal resource allocation problem into a linear programming problem. For ease of description, we put the underlying physical network as an undirected graph. Based on the physical network, the undirected graph can be constructed. As for the connection between EVs, we can utilize two indicators in an undirected graph to measure the effectiveness of clocking area: connectivity and weight w.

1) AVERAGE CONNECTIVITY¯
If each request contains the same information, the request is invalid. As shown in Fig. 3, we suppose that k is 4 and the connected EVs are {A, B, C, D}. Because all nodes {A, B, C, D} are interconnected, the request sent by each EV is the same, as shown in Table 2.
Suppose that an EV as a node of graph. If two EVs are connected together, there is an edge between the corresponding nodes, and the distance between nodes is the weight of the edge. As shown in Fig. 3, the undirected graph cannot be a complete graph, otherwise the requests sent by all EVs in the clocking area are the same. Therefore, the number of VOLUME 8, 2020  connected EVs must be greater than k to ensure that the constructed undirected graph is not a complete graph, as shown in Fig. 4. We assume that k = 4, EV is {A, B, C, D, E, F}, and the number of EVs is n = 6 (and n > k). In the clocking area constructed in Fig.4, the requests submitted by EVs are different. Table 3 shows the requests submitted by EVs {A, B, C, D, E, F} in the clocking area. This article utilizes to measure the connectivity of the constructed undirected graph.
Here, n represents the total number of EVs in the graph, num.(EV ) represents the number of EVs connected to the target EV and is more than k. If the constructed graph is not connected, the segmentation sub-graph must be incomplete, otherwise there will be many EVs submitting the same request. If the constructed graph is connected, part of nodes can form a sub-complete graph. For example, if B and E are connected in Fig. 4, {A, B  Therefore, the connectivity of EV B is greater than connectivity of EV A .
In an undirected graph, the connectivity includes all the EVs', the greater the connectivity, the greater the similarity of requests. Therefore, the higher connectivity of the graph, the better the privacy protection. In this article, the average connectivity of EVs is used to measure the privacy protection standard. The average connectivity¯ is: When the graph constructed by connected EVs is a complete graph, the average connectivity¯ is the maximum value 1.

2) AVERAGE WEIGHTSw
To protect location privacy of the target EV, when the location of connected EVs is adjacent or even the same, the connection is invalid. In this article, the location of the EV is represented by (x,y), where x and y are the horizontal and vertical coordinates, respectively. The average weight between EVs in the undirected is defined as follows: (x i , y i ) and (x j , y j ) represent the location coordinates of any two EVs in the graph. For n nodes in an undirected graph, there exists an edge between any 2 connected EVs, if the graph is a complete graph, there are 1 2 n(n − 1) edges. We denote that the weight of edge between any 2 connected EVs is represented by w, andw is the average weight of all edges. The more the average weight between EVs, the better the location privacy protection, and the higher effectiveness of k-anonymous unity. To prevent EVs from being adjacent or being in the same position, this article sets a threshold δ. Whenw ≤ δ, the connection is valid.

E. K-ANONIMITY CLOCKING AREA GENERATION
The undirected graph is generated based on the speed, location, and direction of the target EV, and is a static representation of the EV range within a given time, as shown in Fig. 6. The generation process can be divided into three phases: We first initialize the range A(O, vt) of the clocking area based on the location and velocity of the target EV. Where O is the center of the circle and vt is the radius. This can prevent an attacker from guessing that the target EV is in the center of range A, and ensure that the target EV is in range A within time t, as shown in Fig. 6.
Then we count the number of EVs in the range A, denoted as num.(A), when num.(A) > 2r, an undirected graph G is generated, and r is the number of connected EVs. We initialize G and set the initial vertex as the target EV, and use an array nodes[] to store these vertexes in G, and add the target EV to the array, and denote as EV i . Notice that the length of nodes is r. If a new vertex EV j connected with EV i , EV j will be pushed into the array, then we traversing each vertex in the array until no new vertex can be added to the array. Finally, based on the array nodes, an undirected graph G is constructed. If G is not a complete graph, then the average connectivity of G is calculated. If G is a complete graph (we define as CP ), modify the radius of range A from vt to 2vt.
Finally, we find k connected EVs from set M . The average weight of EVs in G must be greater than the threshold to prevent EVs from being too close or even the same. First, suppose that the target EV receives r − 1 location coordinates of other EVs in the clocking area, and stores these coordinates in the set D. Then we initialize the set M , select k EVs from the set D, including the target EV, and store the k EVs in M , and calculate the weight w between every two EVs in the set M , storing them in ascending order, and calculate the average weight w. Ifw ≥ δ, the k matching cars can be found. Otherwise, select the two EVs closest to the target EV to replace. If the target EV belongs to EV i , EV j , that is, the target EV=EV i , select another EV from the set D to replace EV j . If the target EV does not belong to EV i , EV j , select two EVs from D to replace EV i , EV j . Then update the set M and continue to calculate the average weight until k matching EVs are found.
After above preparations, Algorithm 1 is proposed as follows:

A. SECURITY ANALYSIS
There are three essential goals in our designed DePET scheme that need to be presented and described here, including authentication, adoptable efficiency and k-anonymity. We will describe these goals in detail as follow: Authentication: In DePET, all the transaction records hold digital signatures of LAG, if a malicious LAG to modified a transaction, then can be easily counted and located by CA. After the CA verifies, the malicious LAG cannot execute any transaction-related behaviors. CA is auditable so that the change will be discovered.
Adoptable efficiency: With the help of consortium blockchain, EVs can trade energy with energy nodes directly without a third party to make system robust and scalable. In addition, EVs should not participate in the consensus protocol and have the backup of data of blockchain network like a public chain.
K-anonymity: To explain this, let us assume that an attacker knows the current united request of the target EV. VOLUME 8, 2020 Once the attacker observes the request body, it cannot continue to track this EV. Let k represent the number of buyers in a single clocking area. If the attacker gets the location of an EV, the probability that the EV's accurate location cannot be distinguished is more than 1/k. Therefore, our proposed scheme satisfies k-anonymity.
To be specifically, we use an example to illustrate how our proposed scheme ensures the privacy protection of k-anonymous EVs location. Assuming that 30 EVs submit requests in the same clocking area. For these EVs, LAG holds a set of location coordinates, not their accurate location coordinates. Although the attacker can obtain the location coordinates of an EV in the clocking area, it is hard to distinguish which EV the location belongs to. Then, if an attacker breaks into the system, only 30 EVs are known to be in this area. In other words, the attacker cannot distinguish where the EV is located at a probability more than 1/30. This will make the linking attack harder to succeed. Hence, the attacker cannot continue to link the location of target EV.

B. SIMULATION SETTING
Our proposed DePET scheme can be divided into two parts: EV network and blockchain network. The blockchain network is responsible for the transaction record, and the EV network mainly do that EVs construct a clocking area based undirected graph and upload the united requests. We use Hyperledger Fabric and Python to simulate the blockchain network and EV network, the experiment was carried out on a computer with 3.20 GHz Inter(R) Core (TM) i5-6500 CPU and GeForce GT 730 graphics card. Hyperledger Fabric is a blockchain-based platform, which provides the power of chain codes and consensus process. Notice that smart contract is also called chaincode. Thus, in our experiment, we use Hyperledger Fabric platform to write rules (e.g. authentication rule, k-anonymity rule, transaction rule) into chaincodes. For blockchain network, using the abovementioned three-phase consensus to verify the new data block.
For EV network, the experiment mainly uses two indicators (average connectivity¯ and average weightw) to verify the location privacy protection performance. The experiment collected 10 positions of the target EV on its trajectories {l 1 , l 2 , . . . , l 10 }, and generated an undirected graph for each location. Thus, there exists 10 undirected graphs {l 1 , l 2 , . . . , l 10 }, and generated an undirected graph for each location. Thus, there exists 10 undirected graphs {G 1 , G 2 , . . . , G 10 }. As shown in Fig. 7, the target EV generated 10 undirected graphs on these locations.

C. RESULTS AND DISCUSSION
The trading performance mainly depends on the blockchain processing time. The blockchain processing time refers to the time when a LAG completes the consensus process of an energy trading between energy nodes and EV owners. For the purpose of illustration, we simulate the performance among 100 LAGs nodes within 4 hours based on the abovementioned three-phase consensus. Similar to that in Bitcoin, the verification time takes 60 minutes, whereas that of our proposed DePET scheme is set to be 10 minutes as an example [27]. In our experiment, 40 LAGs are randomly selected from these 100 LAGs to join the consensus process, and the transaction delay (transaction times) per hour takes values from set {1, 2, 3, 4, 5} with equal probability for EV owners and energy nodes. As shown in Fig. 8, when the transaction delay increases, the verification time required in Bitcoin is more than our proposed DePET scheme. This is due to the fact that our proposed DePET scheme only carries out the consensus process by LAGs, and it takes less time, instead of all nodes in Bitcoin. In addition, the verification time takes 60 minutes in Bitcoin, whereas that of our proposed DePET scheme only needs 10 minutes. Therefore, compared with Bitcoin, the energy nodes of our proposed scheme will take less time to continue energy trading on the blockchain. Experimental results show that our proposed DePET scheme has a lower comfirm delays, and supports fast P2P energy trading. Fig. 9 describes the average weightw in the case of road congestion and unblocked conditions. The average weightw in a congested road condition is about 750m, and the average weight is about 650m in an unblocked road condition, which is less thanw in a congested road condition about 100m. This is because EVs are denser when the road is congested, and the construction of the clocking area will be faster, there are fewer EVs when the road is clear. From Fig. 9, we can find that the change of the average weightw is stable. Experimental results show that and our proposed DePET scheme is stable enough whether it is when the road is congested or clear. In addition, the experiment uses average connectivity to verify the performance of privacy protection, as shown in Fig. 10. When = 1, the undirected graph is a complete graph, which is not conducive to identity privacy protection. When it is not equal to 1, the more the average connectivity is, the better the privacy protection is. Compared with the centralized architecture [11], the average connectivity of the proposed scheme is lower, about 0.83. This is because each node holds a request, and the request contains its sensitive information, such as identity, location etc. and then the connectivity and the risk of privacy leakage is equal to 1 in reference [11]. Therefore, the privacy protection performance of our proposed scheme is higher than the centralized architecture.

VI. CONCLUSION
In this article we propose DePET scheme to address two critical limitations in current centralized vehicular energy networks -cross-domain energy trading and location privacy protection. Our scheme employs consortium blockchain to enable cross-domain trading and P2P trading, which also make the energy trading transparently and reliably. DePET further preserves the location privacy of EV owners, by proposed location privacy-preserving algorithm. We utilize a clocking area based on undirected graph to generate a united request, which can satisfy k-anonymity to hide the real location for EV owners. The experimental results justified that the performance is manageable, e.g., energy trading delay is short. Moreover, the security performance such as privacy protection is also guaranteed.