The Smart Grid (SG) refers to the integration of power system engineering, communications, and information technology [1]. It offers the most robust, efficient, and trustworthy energy system. The smartness of the system provides the additional facility of peer-to-peer or bi-directional communication [2] and intelligently satisfies the energy demands in real-time with flawless transmission and distribution of electric energy from the suppliers to the home users. It enables the customers to view their current electricity usage through a web interface. In comparison to the traditional power grid, the SG has made power generation, transmission, and distribution to customers more robust, flexible, and effective through the integration of various technologies. Important components of the SG are the cloud control centre (CCC), gateway (GW)/fog node (FN), users (U), and smart meter (SM). SMs are installed at customer premises and submit their usage data through intermediate nodes (GW/FN) to the CCC in a secure manner. At the CCC, overall usage is calculated. At the SG level, numerous analytics relating to demand–response, forecasting, and load management are carried out based on consumption data. Figure 1 shows the high-level model of the SG.

The FT schemes in SGs are divided into cryptographic and non-cryptographic categories. The crypto category is further divided into symmetric and asymmetric. The asymmetric category is further divided into lattice, homomorphic, and non-homomorphic schemes. The non-crypto schemes are divided into binary tree model, pairwise streaming, and coding theory schemes.

The cryptographic schemes can be divided into symmetric and asymmetric schemes.

Symmetric Cryptography based FT SDA Schemes: Symmetric key cryptography, also known as private key cryptography, is the scheme in which a single, or master key, is used in the encryption and decryption processes. The transformation of plaintext to ciphertext utilizing the master key is known as encryption. In any case, changing ciphertext into plaintext is known as decryption, which is the reverse process of encryption. In symmetric cryptography, a single shared key needs to be kept secret at both ends to enable secure communication between a sender and receiver. Lu et al. [7] proposed a lightweight data aggregation scheme. The scheme’s most notable feature is that it supports secure aggregation with FT. A session key, AES encryption, and a Laplace distribution are used to achieve privacy-preserving SDA. The authors added subtle strings during the data collection phase to deal with the faulty SM scenario. Sun et al. ^[13][22] proposed a fault-tolerant pairwise private stream aggregation scheme. The limitation of their scheme is that a faulty meter can be paired with another faulty meter due to random pairing. In Chan et al.’s [9] secure aggregation scheme, faulty SMs are handled through a binary tree based architecture. Their scheme is also secure against differential privacy attacks and supports dynamic SM addition and removal. In Wu et al.’s ^[14][17] scheme, the authors proposed a novel key management scheme that combines the symmetric key technique and the elliptic curve public key technique. The agents receive the symmetric key for internal communication from trusted anchors. If one of the trusted anchors is faulty, agents can be assigned to other less-loaded trust anchors for session key generation. Won et al. [10] proposed a proactive fault-tolerant aggregation algorithm based on future ciphertexts. During data submission, every SM divides its ciphertext into the current ciphertext and the future ciphertext. Future ciphertexts must be stored to ensure FT during SDA. However, it requires more storage on the aggregator end. A fog-enabled data aggregation (PPFA) scheme was proposed by Li et al. ^[15][27]. FNs periodically gather and aggregate data from the corresponding SMs. The CCC aggregates the data gathered from all FNs. OTP is employed for encryption, while the PKC is configured for authentication. One disadvantage of the preceding approach is that keys of the same length as the plaintext must be created, as well as new keys each time. Furthermore, if any SMs fail, data aggregation will require an additional round of communication.

Asymmetric Cryptography based FT SDA Schemes: In asymmetric cryptography ^[16][38], two keys are used instead of a single key. It consists of a public key and a private key. The public key is available to everyone and serves only to encrypt data. The private key is only available to the key owner and is used to decrypt messages. Asymmetric cryptography provides several security features, such as message integrity, authentication, and non-repudiation. However, compared to symmetric cryptography, it is costly in terms of computation. Many schemes have been proposed based on asymmetric cryptography in the context of SDA in the SG. Asymmetric schemes can be divided into the subtypes homomorphic and non-homomorphic schemes.

Non-homomorphic schemes: Ni et al. ^[17][32] proposed a differentially private smart metering scheme (DiPrism) with FT and range-based filtering. Lifted-El Gamal encryption was used to aggregate SM data at the GW level. The range-based filtering method detects abnormal readings by comparing them to normal readings. All SMs’ data are required to decrypt the aggregated data at the CCC level. When there are faulty SMs, the CCC works with the GW to obtain the aggregation values for the faulty SMs. Their scheme is secure against false data injection attacks by using the zero-knowledge range proof. In Li et al.’s [6] scheme, authentication is provided through a BLS-based signature during data aggregation. If one of the collectors is out of service, the standby collector can complete the authentication process through digital signatures and the minimum spanning tree (MST) without any further additional setup or configuration. Their scheme is resistant to replay and denial-of-service attacks. The disadvantage of this scheme is that it requires many computational resources.

Secure multiparty computation-based schemes: Secure multiparty computation (SMPC) is a branch of cryptography that enables distributed parties to jointly compute a function using their own inputs without disclosing their outputs. With the intention of enabling distributed computation without the requirement for a reliable third party, the initial work on SMPC started in 1970. In the 1980s, Yao published his first paper on SMPC ^[18][47]. Since then, SMPC has made significant strides in both theory and application ^[19][48]. Thoma et al. ^[20][49] proposed the SMPC-based homomorphic encryption scheme on the basis of individual SM load management. The utility can execute real-time demand management with specific consumers using SMC and a well-designed power plan without knowing the true value of each user’s consumption data. Mustafa et al. ^[21][50] proposed an innovative solution based on SMPC that allows SG operators and suppliers to collect users’ electricity metering data securely and privately. SMPC helps all recipients receive data related to transmission, distribution, and fee collections. The SPMC-based Shamir secret scheme is implemented in C++, and the BGW protocol ^[22][23][51,52] is used to support homomorphic encryption. A fog-enabled secure multiparty computation (SMPC) aggregation scheme in the SG was presented by Hayat et al. ^[24][40]. The scheme is robust against the collusion and false data injection (FDI) attacks during metering data collection. A collusion attack is managed through Shamir’s enhanced secret scheme.

Homomorphic schemes: Homomorphic encryption (HE) is a method for performing operations on encrypted data while maintaining the confidentiality and integrity of the underlying data. There are two types of homomorphic encryption schemes: the fog-based and non-fog-based. Partial homomorphic encryption (PHE), somewhat homomorphic encryption (SWHE), and fully homomorphic encryption (FHE) schemes ^[25][53] are the three types of homomorphic encryption schemes.

Partial homomorphic encryption (PHE) schemes: The Paillier [8], Boneh–Goh–Nissim ^[26][27][14,54], and El Gamal encryption schemes are classical and state-of-the-art homomorphic encryption (HE) algorithms used in SG data aggregation. Bilinear mapping ^[6][14][6,17] is also commonly used to generate and exchange keys for SG entities and during data aggregation.

Paillier encryption scheme: Chen et al. [8] proposed a privacy-preserving data aggregation scheme with FT in the SG. Their scheme supports customer data protections against an adversary that has the capability to compromise servers at the CCC. SM data are encrypted through Paillier encryption. For missing SMs, decryption activity can be completed by adjusting the default values provided by the TA. Zhitao et al. ^[28][33] proposed a fault-tolerant data aggregation scheme based on secret sharing. In their scheme, all SMs are split into different groups. SM IDs are masked through the anonymization process. Privacy is achieved through Paillier encryption by splitting secrets among SMs in a particular group. The malfunctioning SM is identified by comparing the group hash table value to the values of other groups. FT is achieved through a substitution mechanism. The proposed scheme is secure against collusion attacks. Jawurek et al. ^[16][38] proposed a protocol to calculate diverse statistics on SMs’ data that supports FT and differential privacy. In the proposed scheme, the GW and TA are considered non-trustworthy. Paillier homomorphic encryption is used to encrypt SM data, and symmetric geometric distribution is used to ensure privacy. The scheme allows the aggregator to compute statistics based on available SMs’ data, even if some SMs are faulty. Liu et al.’s ^[29][55] scheme supports statistical functions on encrypted data for IoT devices. The scheme is secure and fault-tolerant. FT is achieved through future data buffering mechanism.

El Gamal encryption scheme: Ni et al. ^[17][32] proposed a data aggregation scheme (DiPrism) for the SG that supports differential privacy, FT, and range-based filtering for AMI (advanced metering infrastructure). The metering data are encrypted through EI Gamal homomorphic encryption. Every SM includes a zero-knowledge (KW) proof during the encryption stage to ensure that readings are within a pre-defined range. Abnormal readings are filtered out based on the zero-knowledge proof. The Laplace distribution is used to add noise to achieve differential privacy.

Somewhat homomorphic encryption (SWHE): Somewhat homomorphic encryption (SWHE) is a homomorphic public key infrastructure (PKI). SWHE was the first of its kind to allow both multiplication and addition operations on encrypted data. Bao et al. ^[30][20] proposed a privacy-preserving data aggregation scheme with differential privacy and FT. Their scheme supports data aggregation activity in the presence of faulty SMs. The authors used the Boneh–Goh–Nissim (BGN) cryptosystem ^[31][56] to encrypt SM data and introduce noise via a Laplace distribution. To handle faulty SMs, a random value is added to the SM data. On the basis of this random value, the decryption activity is completed for working SMs. The scheme provides protection against the DP and eavesdropping attacks. Fu et al. ^[32][29] proposed a privacy-preserving and secure multidimensional aggregation scheme for the SG. Mykletun homomorphic encryption and the Boneh signature system are used in the proposed scheme to achieve privacy, integrity, authentication, and the identification of accidental errors. If some SMs have not submitted their data due to selective forwarding attacks or random errors, the GW will notify the CCC and TA of the list of faulty SMs. The CCC will calculate the hash sum of the faulty SMs and recover their data. Hayat et al. [11] presented a fog-enabled privacy-preserving SDA scheme with FT. The scheme provides protection against the FDI and replay attacks and ensures the confidentiality and authenticity of customer data. Techniques such as the modified BGN cryptosystem, homomorphic aggregation, and the elliptic curve digital signature algorithm (ECDSA) authentication mechanism are used to reduce the computational costs and communication overhead. Furthermore, the proposed scheme allows data aggregation to continue in the presence of faulty SMs.

Lattice-based schemes: Lattice-based cryptography is the alternative to the RSA and elliptic curve cryptography (ECC) public-key schemes. In Nth-degree truncated polynomial ring unit (NTRU) schemes, the encryption and decryption processes are simply polynomial arithmetic operations. Therefore, NTRU’s implementation is efficient as compared to other asymmetric schemes. Asmaa et al. ^[33][57] proposed a lattice-based homomorphic privacy-preserving scheme in the SG. In this scheme, all appliances installed in one particular home aggregate their data and submit them to the installed SM. The SM applies NTRU-based encryption to the aggregated data and submits them to the CCC. The proposed scheme supports customer privacy, integrity, and confidentiality. Furthermore, it is lightweight in terms of computational cost and communication overhead.

Table 1 gives an overview of existing FT aggregation schemes for the SG.

Figure 3 shows the proposed taxonomy of fault-tolerant SDA schemes in the SG.