Method and device for quantum key fusion-based virtual power plant security communication and medium

The invention claimed is: 1. A method for quantum key fusion-based virtual power plant security communication, comprising: identity authentication: performing identity authentication between a client and a server in a virtual power plant based on a communication requirement, to acquire a root key, wherein the server comprises a commercial virtual power plant, an electricity market service system or a technical virtual power plant, and the client comprises a distributed energy resource, a commercial virtual power plant or a technical virtual power plant; key distribution: generating a key encryption key and a message authentication key based on the acquired root key, and performing negotiation on a data encryption key to obtain the data encryption key, wherein the key distribution comprises: at the client, sending a key request to the server, wherein the key request comprises a random number Nh; at the server, after receiving the key request, generating a key encryption key KEK, an uplink message authentication key HMAC_key1 and a downlink message authentication key HMAC_key2 based on the root key AK and the random number Nh, wherein the key encryption key KEK is calculated according to the following formula: KEK=truncate_128{SHA1[(AK|0{circumflex over ( )}44)⊕Nh]}, wherein 0{circumflex over ( )}44 denotes a digit “0” repeated for 44 times, and Nh denotes a 64-bit random number, the uplink message authentication key is calculated according to the following formula: HMAC_key1=truncate_160{SHA1[(AK|36 44 ) ⊕ Nh]}, and the downlink message authentication key is calculated according to the following formula: HMAC_key2=truncate_160{SHA1 [(AK|36 44 )⊕NH]}, wherein 36 44 represents that the 128-bit root key AK is followed by a digit “0X36” repeated for 44 times to form a 352-bit string, and a hash operation is performed on the 480-bit string, an exclusive or operation is performed on the 480-bit string obtained after the hash operation and the random number Nh; at the client and the server, performing the negotiation on the data encryption key TEK, which comprises: at the client, sending a message for a negotiation request to the server, wherein the message for the negotiation request is encrypted using the KEK, and HMAC_key1 is taken as a key for a message digest of the message for the negotiation request; and at the server, after receiving the request, encrypting a TEK parameter list using the KEK and sending the encrypted TEK parameter list to the client, wherein HMAC_key2 is taken as a key for a message digest of the sent encrypted TEK parameter list; and data encryption: encrypting to-be-encrypted data using the data encryption key, and implementing communication of the data, wherein during at least one of the identity authentication or the key distribution, negotiation on a quantum key is performed by a quantum key server, and the quantum key obtained by the negotiation is used for implementing the identity authentication or used as the data encryption key. 2. The method of claim 1 , wherein the identity authentication is implemented in a certificate authentication manner, and a certificate is issued to both the client and the server by a trusted third party; the identity authentication comprises: at the client, sending information containing identity information, a client certificate, a client hash value and a random number to the server; at the server, receiving the information sent by the client and verifying the information, and if the verification is successful, providing the root key, and encrypting the root key using a public key in the certificate and sending the encrypted root key to the client; and at the client, decrypting the encrypted root key using a private key corresponding to the public key to obtain an identical root key, to complete the identity authentication. 3. The method of claim 1 , wherein the identity authentication is implemented with a fast authentication approach, wherein each of the client and the server has a historical data index table, the historical data index table containing items of time, identity information, a historical key and a historical hash value, and the fast authentication approach comprises: for each session between the client and the server, generating a key k recorded as k 0 , k 1 , k 2 . . . or k n , and generating a historical key hash value recorded as h 1 , h 2 , h 3 . . . or h n ; performing an exclusive or operation on a hash value of k and the hash value h to obtain a new historical key hash value, wherein h n is calculated according to formulae as follows: h 1 =SHA 1[ k 0 ] ⊕SHA 1[ k 1 ], and h n =SHA 1[ h n-1 ]⊕ SHA 1[ k n ], wherein n denotes a natural number larger than 1 and SHA1 denotes a hash algorithm; performing the authentication on the client and the server based on the historical data index table; and providing the root key if the authentication is successful. 4. The method of claim 3 , wherein the step of performing the authentication on the client and the server based on the historical data index table further comprises: at the client, extracting a previous key value k, previous time Ti and an index value ind from the historical data index table; at the client, calculating a hash value based on the previous key value, the previous time and the index value, and sending the hash value along with the identity information of the client and a random number to the server as a message, wherein the message is encrypted using the previous key value and is attached with the index value, and the message is represented as ESM4[SHA1(k|Ti|Ni|ind)|ID_DER|Ni] k |ind, wherein ESM4 denotes a commercial cryptographic algorithm, k denotes an encryption key, Ti denotes the previous time, Ni denotes the random number, ind denotes the index value and ID_DER denotes the identity information of the client; at the server, after receiving the message, retrieving and extracting information corresponding to the index value in the message from the historical data index table based on the index value, decrypting the message using the encryption key, comparing the decrypted identity information of the client with identity information corresponding to the index value to acquire an identity of the client, calculating a hash value using a previous time, an encryption key, an index value and a random number corresponding to the index value in the index table, and comparing the calculated hash value with the hash value sent by the client; confirming that the identity of the client is real and effective, passing the authentication of the client, and updating items of the historical hash value, the historical key and the time information in the historical data index table, if the calculated hash value is consistent with the hash value sent by the client; and determining that the identity authentication is failed, and interrupting the communication, if the calculated hash value is not consistent with the hash value sent by the client; at the server, generating a new random number Nj, and sending information about the confirmation along with new time T to the client as a message, wherein the message is encrypted using k according to an encryption formula Encrypt(Nj|T) k ; at the client, after receiving the message, decrypting the message to obtain the new random number Nj and the new time T; and at the server and the client, calculating a new root key AK based on the random numbers Ni and Nj, the new time T and the new historical hash value h according to a calculation formula as follows: AK =Truncate_128[ SHA 1( Ni|Nj|T|h )], wherein Truncate_128 represents extracting first 128 bits of a digit. 5. The method of claim 1 , wherein the data encryption comprises: encrypting each piece of service data in an application layer using one o