<p>As a new generation of electricity system, smart grid significantly improves electricity services&rsquo; efficiency, reliability, and sustainability. The smart meters, which are the essential terminals, help establish two-way communication between users and electricity providers. While enjoying the convenience of smart meters, users face many challenges. On the one hand, malicious adversaries could attack the smart meters and thus steal the users&rsquo; privacy. On the other hand, the computational overhead of electricity data verification is high for lightweight smart meters. To address above issues, a lightweight authentication and group key management scheme is proposed. In the proposed scheme, the physical properties of the Physical Unclonable Function (PUF) are exploited to defend against external attacks from adversaries. Moreover, the Chinese Remainder Theorem (CRT) is used to broadcast the updated group keys for the legitimate smart meters in the community. In addition, the aggregated signature is utilized to reduce the overhead of the data verification. Finally, the Random Oracle Model (ROM) is used to demonstrate that the proposed scheme meets many security requirements. Performance analysis shows that the proposed scheme is more suitable for smart grid compared to previous schemes.</p> <p>&nbsp;</p>