Zero Knowledge Verification of Transaction Guides for P2P Energy Trading in Distribution Networks

Source: arXiv:2606.12085 · Published 2026-06-10 · By Hyunjoong Kim

TL;DR

This paper addresses the challenge in peer-to-peer (P2P) energy trading markets where network-aware coordination is required to ensure that energy transactions do not violate physical constraints in distribution networks. The core difficulty lies in the confidentiality-verifiability tradeoff: network sensitivity data are essential for enforcing constraints but reveal grid vulnerabilities, so utilities are reluctant to disclose them. The paper proposes a novel zero-knowledge proof (ZKP) framework allowing market participants to verify that published transaction guides—bounding permissible injections and withdrawals—were correctly computed from private committed network data without exposing sensitive information. The method encodes network model consistency, sensitivity computations, and transaction guide optimality as R1CS arithmetic circuits, and uses a Groth16 ZKP construction with blockchain commitments to provide tamper-evident on-chain verification. A case study on a modified IEEE 33-bus system validates that the approach successfully enforces network constraints in cleared market outcomes, rejects tampering and replay attacks, and imposes reasonable on-chain overhead with a compact 806-byte proof. This work advances verifiable privacy-preserving coordination in distribution-level P2P energy markets, combining cryptographic proofs with power system modeling and blockchain anchoring.

Key findings

• The proposed zero-knowledge proof enables verification of the transaction guide's correct computation with respect to committed private network data, without revealing sensitivities.
• The transaction guide enforces robust voltage and line-flow constraints by sign-decomposed voltage and line-flow sensitivity matrices, guaranteeing feasible operation envelopes for active power injections/withdrawals (Lemma 1).
• Case study on a modified IEEE 33-bus system showed the transaction-guide policy was the only method that maintained voltage and line loading within limits after market clearing, unlike base case or causality-based policies (Fig. 3, Table III).
• The Groth16 zero-knowledge proof has a compact size of 806 bytes and can be verified on-chain with practical gas costs in a Hardhat Ethereum environment.
• The blockchain smart contract anchors circuit templates, public inputs, transaction statements, and proof verification results, preventing public-input substitution, replay attacks, and post-proof tampering.
• Several utility-side tampering scenarios (e.g., modifying guides after proof generation) were detected by public-input consistency checks causing verification rejection (Table II).
• The arithmetic circuit aggregates network parameter commitments, Y-bus, Jacobian, sensitivity matrices, sign-split conditions, and linear program (LP) optimality conditions, with all enforced via R1CS constraints.
• Range checks and complementary slackness constraints ensure non-negativity and optimality, supporting sound solution certification in the proof.

Threat model

The adversary is a potentially malicious or strategic distribution utility responsible for computing and publishing P2P energy transaction guides derived from private network data. The adversary seeks to manipulate transaction guides or misrepresent network constraints to advantage particular market participants or hide vulnerabilities. The utility must produce proofs that the published guides are computed correctly according to committed network data without revealing sensitive network information. The utility cannot forge zero-knowledge proofs without access to valid private inputs or break cryptographic assumptions. The authenticity of committed private data is assumed via external registration and attestation mechanisms.

Methodology — deep read

1. Threat Model & Assumptions: The adversary is the distribution utility acting as the market coordinator, who possesses complete private network data and sensitivity matrices but could act strategically by publishing manipulated transaction guides to distort market outcomes. Participants do not trust the utility and require verification that transaction guides were correctly computed under physical constraints. The adversary cannot break the underlying cryptographic hardness assumptions (elliptic curve discrete logarithm), nor fake proofs without solving hard mathematical problems. Authenticity of committed private network data is assumed via off-chain registration and attestation, separate from the computational integrity proofs.

2. Data & Model: The method targets distribution networks modeled as graphs with buses (nodes) and monitored directed lines (edges). A modified IEEE 33-node radial distribution system serves as the case study benchmark. Network parameters (line admittances G, B), operating points (voltage magnitudes and angles), Jacobian matrices, and sensitivities (voltage and line-flow) are computed from AC power flow solutions at a given operating point. Public inputs include transaction caps, voltage and line limits, and guide objective weights. Private inputs include full network parameters and all intermediate variables for sensitivity and optimality verification.

3. Architecture & Algorithm: The key innovation is an arithmetic circuit encoding the entire verification statement as a rank-1 constraint system (R1CS):

• Commit to network parameters via a Poseidon hash-based Merkle tree root.
• Construct Y-bus admittance matrix and Jacobian matrix from committed parameters.
• Verify sensitivity matrix A satisfies linear system J0 A = E, binding sensitivities to network state.
• Enforce sign-decompositions of sensitivity matrices (AV+, AV-, AF+, AF-) with complementarity and range checks.
• Encode the transaction guide optimization problem as a max-box LP over admissible injection/withdrawal volumes, including primal feasibility, dual feasibility, stationarity, and complementary slackness KKT conditions.
• Vectorize all variables into a large assignment vector a and transform the R1CS into a quadratic arithmetic program (QAP).

Verification uses the Groth16 zero-knowledge proof: the proving key is generated during a multi-party computation (MPC) ceremony, enabling a succinct constant-size proof. Public inputs bind the certified guide, operating state, transaction caps, and limits, ensuring each proof corresponds exactly to one transaction guide computation.

4. Training & Implementation: Not applicable (formal verification setting). Proof generation and verification were implemented using PySNARK and snarkJS libraries over the BN254 elliptic curve. Proof verification was tested both off-chain and on-chain (Solidity verifier contract) in a simulated Ethereum environment (Hardhat).

5. Evaluation Protocol: The method was evaluated on the IEEE 33-bus system for four market operation policies: base case (no coordination), universal penalty, causality-based sensitivity pricing, and the proposed transaction-guide approach. The AC power flow was solved after market clearing to assess voltage and line load constraint satisfaction. Additionally, utility-side tampering attack scenarios were tested by modifying published guides and verifying proof rejection. Performance metrics included successful on-chain proof verification, proof size (806 bytes), network constraint violations, transaction volumes, and system losses.

6. Reproducibility: Code artifacts and proofs use public cryptographic libraries (PySNARK/snarkJS) but full implementation code or dataset with private network parameters is not publicly released. Circuit construction and MPC ceremony details are described but sourcing of network data is standard IEEE test system publicly available.

Example end-to-end: The utility first commits to network parameters via the Poseidon hash. It then computes the operating point and sensitivities, solves the LP to generate the transaction guide volumes u* and l*. The arithmetic circuit is instantiated with public inputs (guide volumes, caps, voltage & line limits) and private inputs (network parameters, intermediate variables). A Groth16 proof π is generated off-chain demonstrating correct computation. The proof with public inputs is submitted to the blockchain contract, which verifies the proof validity and statement consistency, then permits execution (market settlement) only if verification passes. Thus, participants gain cryptographic assurance the guide respects network constraints without seeing the underlying sensitivities.

Technical innovations

• Formulation of a robust transaction guide for P2P energy trading as a maximum box of admissible power injections and withdrawals using sign-decomposed sensitivity matrices for robust voltage and line-flow constraints, enabling ex-ante operating envelopes.
• Design of an arithmetic circuit encoding full network model commitments, Y-bus/Jacobian construction, sensitivity calculations, sign-splitting constraints, and LP optimality (KKT conditions) within a single R1CS-compatible statement.
• Integration of Groth16 zero-knowledge proofs with blockchain-based circuit and statement anchoring to enable tamper-evident, on-chain verification of transaction guide computational integrity without revealing sensitive network data.
• Explicit separation of the proof of computational integrity from the attestation of network data authenticity, clarifying security guarantees and trust boundaries in distribution-level market operations.

Datasets

• Modified IEEE 33-bus distribution test system — 33 nodes, standard power systems test data

Baselines vs proposed

• Base case: min. voltage = 0.859 p.u., max line loading = 141.506%, trade = 3.638 MW, network infeasible
• Universal penalty policy: min. voltage = 0.946 p.u., max line loading = 95.237%, trade = 0.913 MW, network infeasible
• Causality-based policy: min. voltage = 0.946 p.u., max line loading = 102.758%, trade = 2.152 MW, network infeasible
• Proposed transaction-guide policy: min. voltage = 0.955 p.u., max line loading = 93.514%, trade = 1.570 MW, network feasible

Limitations

• The approach verifies computational integrity given committed network data but relies on an external attestation process for the authenticity of this committed private data.
• The zero-knowledge proof focuses on a first-order linear sensitivity model, which may not capture nonlinear power flow effects under large deviations.
• Evaluation is limited to a modified IEEE 33-bus radial test feeder; scalability to larger, meshed networks with more participants is not demonstrated.
• No adversarial evaluation against sophisticated adaptive falsification attacks beyond proof and public-input tampering is provided.
• On-chain verification cost and latency are simulated but real blockchain deployment details and gas cost tradeoffs require further exploration.

Open questions / follow-ons

• How well does the ZKP verification and proof generation scale computationally and economically for larger, meshed distribution systems with thousands of nodes?
• Can nonlinear power flow constraints or more accurate models beyond first-order sensitivities be incorporated efficiently into the arithmetic circuit and proof?
• How to integrate this ZKP framework with real-time market operations requiring frequent guide updates and streamlined MPC ceremonies?
• What adversarial strategies exist for adaptively attacking the attestation process or replaying/tampering with proofs under different blockchain consensus models?

Why it matters for bot defense

This paper contributes a rigorous framework to verify computational integrity of complex network-dependent market signals without disclosing sensitive private inputs. For bot-defense or CAPTCHA engineers, the primary relevance lies in the use of zero-knowledge proofs to prove honesty of computations performed over secret inputs while maintaining privacy and non-malleability. The approach demonstrates how zero-knowledge arithmetic circuits can represent detailed domain-specific constraints and optimization conditions, enforce range checks, and bind inputs and proofs to submitted statements via blockchain commitments. This architecture offers insight into integrating zero-knowledge verification with tamper-evident auditability in multi-party coordination scenarios.

Though the application domain is energy trading, analogous confidentiality-verifiability tradeoffs arise in bot-defense where proving compliance or fairness of complex processes is constrained by secrecy of internal data. Engineers designing CAPTCHA or bot-defense verification systems can view this work as a case study in formulating end-to-end arithmetic circuits for domain logic, applying Groth16 ZK proofs with elliptic curve bilinear pairings, and anchoring proofs in immutable ledgers to prevent replay and tampering attacks. The explicit threat modeling of a strategic adversary and separation of computational integrity from input authenticity highlight important security considerations when deploying zero-knowledge proofs within adversarial environments. Overall, this paper exemplifies advanced cryptographic verification techniques that can inspire rigorous bot-defense verification designs requiring both privacy and auditability.

Cite

@article{arxiv2606_12085,
  title={ Zero Knowledge Verification of Transaction Guides for P2P Energy Trading in Distribution Networks },
  author={ Hyunjoong Kim },
  journal={arXiv preprint arXiv:2606.12085},
  year={ 2026 },
  url={https://arxiv.org/abs/2606.12085}
}

Read the full paper

• arXiv:2606.12085 (abstract)
• arXiv:2606.12085 (PDF)