DE102017000167A1 - Anonymization of a block chain - Google Patents

Abstract

The present invention is directed to a method of anonymizing transactions of a block chain, which allows, for example, an owner of an item in a data history or a so-called block chain to receive information regarding past transactions or databases, but not future owners. For example, information regarding vehicle maintenance can always be made available to the current owner without this current owner being able to retrieve information regarding future owners. The invention is further directed to a correspondingly established communication protocol and to a communication system for anonymizing transactions of a block chain. Furthermore, a computer program product is proposed, with control commands which execute the proposed method or operate the proposed communication system.

Description

The present invention is directed to a method of anonymizing transactions of a block chain, which allows an owner of an item in a data history or a so-called block chain to receive information regarding past transactions, but not future owners. For example, information regarding vehicle maintenance can always be made available to the current owner without this current owner being able to retrieve information regarding future owners. The invention is further directed to a correspondingly established communication protocol and to a communication system for anonymizing transactions of a block chain. Furthermore, a computer program product is proposed, with control commands which execute the proposed method or operate the proposed communication system.

DE 10 2011122 767 A1 shows a method of payment with at least one electronic means of payment key, wherein on a server system at least one payment verification record is stored with a payment value and a verification key.

DE 10 2016104 478 A1 FIG. 10 illustrates a method for securing data operations in a computerized system having interconnected nodes configured to send, receive, and store data.

EP 0 908 810 B1 shows an apparatus for processing program information using a block string.

According to conventional methods, so-called block chains are known, which are also referred to as block chains. These are distributed records that store transactions and provide them redundantly so that errors can always be detected. Thus, these data are distributed to different network nodes in such a way that they can be viewed by several subscribers and thereby errors can be detected by always comparing a current data record with a plurality of further data records and the majority typically reflecting the correct information. If several data records are redundant and one data record deviates from other data records in terms of its values, it can be determined that this one data record is incorrect. For this purpose, a high computing power is required, as always various records must be evaluated and also the corresponding transactions must be stored. Therefore, such methods are typically implemented distributed such that various network nodes also provide the computing power. Thus, not only the data management is distributed, but rather the infrastructure that operates the described method is also offered over a distributed network.

Many use cases related to block chain technologies are about the property management of goods. For example: cars, utensils, houses, land, diamonds, paintings. The block chain initially has full transparency and can be read by anyone in the case of the public block chain. The unambiguous assignment of the goods in the block chain and the property of the block chain prevents subsequent manipulation of the data in the block chain. On the other hand, the transparency of the block chain also leads to a lack of data protection. An example: A car sends consumption data and mileage to the block chain at regular intervals. This data is stored there under an ID of the car and can be found for services or a potential new customer as far as he has the appropriate ID. If the car is sold, but you do not want that the previous owner knows the ID and also in the future consumption data of the new owner can assign. The car needs a new ID. The problem is that the new owner should be able to see the whole past, while the old owner should not be able to allocate the values in the future.

Regarding the management of transactions, ie the execution and transmission of control commands, there are technical problems because the underlying data sets are particularly extensive. This is the case in particular because data records often have to be stored redundantly and thus can occupy a multiple of the actual memory requirement. Furthermore, there is the technical consideration that security mechanisms based on such a block chain require particularly high computing power, which also has to analyze the distributed memory. Based on known methods, it is thus necessary to provide a particularly efficient data management.

Furthermore, it is disadvantageous compared with the prior art that, according to the known block chain technology, a large number of users need to view data. This does not guarantee that records are at least partially subject to confidentiality and that certain users have a legitimate interest in not all other users can view their data. If, for example, a vehicle is sold and the maintenance history is saved by means of the block chain technology, a subsequent owner has one legitimate interest in the fact that although he can see data of the predecessor or the previous owner, these can not view his data, since ownership of the thing has already passed.

It is thus an object of the present invention to provide a method which can be operated efficiently and decentrally in a secure manner while nevertheless ensuring a high level of confidentiality of the data. It is a further object of the present invention to propose a corresponding communication protocol and a correspondingly established communication system. Further, it is an object of the present invention to provide a computer program product having control instructions that perform the proposed method and operate the proposed communication arrangement and the communication system, respectively.

The object is achieved by a method for the anonymization of data in a block chain according to claim 1. Further advantageous embodiments are specified in the dependent claims.

Accordingly, a method is proposed for anonymizing transactions in a block chain in a distributed computing system. Here, a first identity information is created in a first arithmetic unit and assigning this first identity information to a terminal. Furthermore, a second identity information is created in a second arithmetic unit and assigned to this second identity information to the terminal, wherein in particular the following method step is provided. This method step provides for transmission of the first identity information from the first arithmetic unit to the second arithmetic unit, as well as termination of the first identity information using a hash function via the second identity information and a generated random number.

The proposed method allows identification of goods in a block chain with the following property: When changing the ID number, it must be possible to allocate the good in the past, but not allow the owner of the previous ID number the good to identify in the future. The proposed solution is particularly robust against unauthorized correlation attempts of ID numbers.

From known methods, the expert knows the so-called block-chain technology, also referred to as block-chain technology. A block typically contains a history, such as a transaction history. Each new block is associated with the previous block and receives the history in the form of a checksum of the previous block. In addition to the checksum of the previous block, a block may always contain the checksum of the entire chain. In this way, individual data records, ie transactions, are interconnected. Thus, a block chain is understood to mean an expandable list of data records whose integrity, ie the backup against subsequent manipulation, is saved by storing the checksum, ie a hash value, of the preceding data record in the respective subsequent one. In this way, it is assured that a single record within this linked list can not be manipulated. This is ensured by the corresponding checksums or hash values. Thus, the linked list, so the block chain, designed so that can be drawn from a record conclusions on a previous record.

In this case, it is particularly advantageous that, according to the invention, a user, ie any person who participates in the method according to the invention, can not read out future data records. Thus, according to the invention, it is avoided that a user navigates in both directions along the linked list. This means that it can only view transactions, that is, list entries, which at a certain point in time only have an older timestamp. Data records with a time stamp above a given time stamp can not be read out.

This technical process will be illustrated below with reference to a brief example. For example, a vehicle is purchased whose maintenance history is managed by means of a block chain. This is particularly advantageous because the block chain can be verified by means of a network, since this is typically stored redundantly and thus can be verified by multiple users. Multiple users are thus given access to the data, and according to a predetermined metric, it is decided which data is now correct. For example, a record is stored five times, with four records having a first value and a record having a second value. As a result, it can be determined that the second value is wrong, since redundant data are always stored the same, but four participants propose a different value, namely the first value. Thus, therefore, manipulations with respect to maintenance intervals or tacho levels can be avoided.

Now, the block chain that reflects several maintenance dates is read out from the purchased vehicle. In total, for example, three maintenance dates were perceived, which in the block chain as three lined up Records is visible. Now, if the vehicle is resold, the new user can perform two more maintenance appointments, which are added as records to the block chain. Here, the second vehicle owner has a legitimate interest in the entire block chain, so all maintenance dates to see. However, the first vehicle owner should not get insight into the second part of the block chain, which reflects the maintenance dates of the second user or owner. Thus, according to the invention, it is thus ensured that each of the vehicle owners can always view only all past maintenance intervals.

According to the invention, this takes place in that a new item of identity information is assigned to an item, preferably a terminal, which thus represents a change of user or a change of ownership. This is followed by a so-called termination of the preceding identity information such that the user to whom the previous identity information is assigned does not receive any further access to the block chain. For example, scheduling may include locking out or denying a user's access rights. So it is generally possible to give access to all information of the terminal access rights, which are coupled to an identity. In this case, the person skilled in the art knows further techniques how he can implement such access rights. This can be done for example by means of asymmetric encryption, such that a user must provide a public and a secret key. This public key may be, for example, identity information. The secret key may be a password such as a generated random number. Thus, access to the block chain is granted only to a user with a specific identity information, who may also have to provide a password.

Termination is thus referred to as denying access rights using the identity information. Thus, scheduling comprises, for example, a denial of access authorization and / or write authorization to the records of the block chain. Furthermore, according to the invention, a transition from a first identity information to a second identity information is accomplished in such a way that no unauthorized third party has any information about who actually uses the respectively second identity information. Thus, in general, users can gain access to corresponding transactions or records of the block strings, but this then has the second identity information that is not associated with any particular user. In this way, from the point of view of a user with the first identity information, ie the first identity, records denied by the second identity, having the second identity information, are denied. While it may generally be possible for the first user to view the records of the second user, he does not determine that they are the records of the terminal with respect to which the identity information was created.

In the example described above, it is thus the case that a first vehicle owner has a first identity with a first identity information. If now the vehicle is sold, then another, new vehicle owner occurs, which has a second identity, ie a second identity information. In general, the corresponding information can be distributed in a network in the form of a block chain. However, the first owner does not know which identity information the second owner has. Thus, it is thus ensured that the first owner can not search specifically for maintenance intervals that have been entered by the second vehicle owner in the block chain.

Thus, a method for anonymizing transactions of a block chain is proposed. The anonymization thus takes place in such a way that even if records of the block chain are available, it is no longer clear to which user these records are to be assigned. This is particularly advantageous because existing methods can continue to be used, and no great technical effort for the anonymization of the data must be made.

The first identity information is preferably generated in the first processor, for example a smartphone. This arithmetic unit assigns the first identity information to a terminal, for example a vehicle or an internet-of-things device. Thus, therefore, a first user may have entries in the block chain having the first identity information. The corresponding terminal is thus linked to the identity of this first user.

In an analogous manner, a second identity information is created in a second arithmetic unit and an assignment of this second identity information to the terminal. In the example described, a new vehicle owner now appears, who assigns his new identity information to the terminal or, in the present example, to the vehicle. Thus, it is thus to be ensured that the first identity information relating to the terminal or the vehicle is no longer used and that, on the contrary, the second user now has the second identity information can perform all read operations and write operations on the block chain.

In this case, it has been found particularly surprisingly according to the invention that the concatenation of the individual data records is particularly suitable for the anonymization of individual data records, since this concatenation can be carried out by means of a hash value by means of which it is possible to navigate within the block chain. On the basis of the corresponding hash function, it is thus possible for a user in the known data structure to migrate the data records, for example in the form of nodes. This means that it is possible to obtain conclusions about a second data record from a first data record while providing a public and possibly secret key. For this purpose, a hash function is used, as the person skilled in the art already knows as a scatter value function. This corresponds to the concatenation of a conventional block chain using a public key and a secret key. In the present example, the public key is the second identity information, and the generated random number is the secret key.

By means of terminating, that is, excluding the first identity information from read operations and / or write operations, it is now ensured that only the second identity information is granted access rights within the block chain. Figuratively speaking, the first user is switched off and the second user receives full access to the records of the block chain. The hash function on the second identity information and a generated random number is executed such that, for example, a known hash function is reused, which processes as input parameters the second identity information and the generated random number.

According to the invention, it is particularly advantageous that the proposed method can be iterated in such a way that alternately a first identity information and a second identity information or a first arithmetic unit and a second arithmetic unit can be taken into account. Thus, the terminology of the first identity information and the second identity information or the first arithmetic unit and the second arithmetic unit is by no means to be understood as limiting.

If, for example, three users with three arithmetic units are involved in the proposed method, the first and second users may be involved in a first iteration. In a second iteration, the formerly second user may become the first user and the third user may become the second user. Thus, the role of the first and the second user is reassigned in each iteration. Thus, one can designate the first identity information and the first arithmetic unit as generally an identity information and a first arithmetic unit, wherein the second identity information and the second arithmetic unit each represent a further identity information and a further arithmetic unit. In this way, successively a plurality of users with different computing units can be considered according to the invention. Thus, the first and second users are only one role.

For example, if there are three buyers A, B, C in a sale of a vehicle, for example, the second seller B may become the first user, and the third seller C may become the second user. In subsequent iterations, the second seller C may become the first seller, and another seller D may become the second seller. Thus, in each iteration of the present method, first identity information and first arithmetic unit as well as second identity information and second arithmetic unit are reassigned.

According to another aspect of the present invention, data storage is at least partially decentralized. This has the advantage that the method of the block chain can be used, such that the storage of the individual data records or transactions can be distributed over a network. The data storage here refers to accumulating amounts of data, for example, the identity information together with corresponding allocations. Also, the individual process steps can be logged and thus stored. Also, the corresponding hash function can be stored decentralized together with generated random number.

According to another aspect of the present invention, data storage is at least partially redundant. This has the advantage that the data records, as already described, are present multiple times and thus various participants can participate in the process or can evaluate an underlying infrastructure or can verify whether the corresponding data records are correct. Thus, according to the block chain technology, it can be determined whether the data integrity is ensured. In particular, it is advantageous to perform the data storage at least partially decentralized and at least partially redundant. Thus, in a particularly surprising way, the advantage of block chain technology is applied to the anonymization of corresponding data records. Thus, according to the invention, it is possible to both anonymize and verify records. This represents a significant advantage over known A method that relies on a central instance, such as a server, to monitor the records.

According to another aspect of the present invention, the hash function provides an inference to the first identity information. This has the advantage that, based on the hash function within the block chain, it is possible to navigate back such that a second user having second identity information is always granted access to data which was stored by a first user. Since the first identity information is sent from the first arithmetic unit to the second arithmetic unit, the identity unit of the first arithmetic unit always has the second arithmetic unit. Based on this information, it is now possible for the second arithmetic unit to always access data sets of the first arithmetic unit. This is done iteratively successively until the end or the beginning of the block chain has been reached. Thus, the second user can always use the information relating to the first user within the block chain to iteratively break down all the data records of the block chain. In the other direction, however, this is not possible since the first user, having the first identity information, does not have the identity information of the second user. This may be the case, for example, because the first user having the first identity information is terminated or switched off.

According to another aspect of the present invention, the generated random number is always stored in encrypted form. This offers the advantage that the hash function can always be executed only by the arithmetic unit, which not only has the corresponding identity information, but rather is also aware of the generated random number. Thus, therefore, an asymmetric encryption can be performed.

According to a further aspect of the present invention, further control commands are executed and / or transmitted via a network between the production of the second identity information and the termination of the first identity information. This has the advantage that the two method steps are not correlated, but rather that a temporal decorrelation takes place. Thus, it is particularly advantageous according to the invention that the second identity information need not be known, which in turn contributes to the anonymization. Since a termination of the preceding identity information always takes place after an identity information has been created, it would be possible, however, to draw conclusions as to which second identity information the first identity information is exchanged with. Thus, an attacker would only have to wait for the second identity information to be generated and also read out which first identity information is scheduled. Thus, a link would exist between the first and second identity information. This should be avoided according to the invention, since a first user should receive no indication of the second user. Thus, any further method steps can be interspersed between the two method steps of the creation and scheduling, which hide which identity information was exchanged with which further identity information. Thus, a temporal and / or logical decorrelation takes place. This represents another security feature of the proposed method.

According to another aspect of the present invention, the first identity information is deleted. This has the advantage that, for example, hidden in the context of scheduling, which was the first identity information. Thus, it is thus again avoided that the second identity information is stored together with the first identity information. This in turn could offer an attack potential, which is avoided according to the invention.

In accordance with another aspect of the present invention, the method is performed using a distributed network. This has the advantage that, in contrast to the prior art, it is possible to fall back on the block chain technology and, in particular, that no central instance, such as a server, is provided. Although servers can generally be involved in the proposed procedure, they do not take on a separate role, but the data management is performed decentralized on at least several servers. Thus, there is no central instance that verifies the correctness of the available data, that is, the data integrity, but rather computational components of the block chain technology are used. Thus, it is a particularly error-robust and failure-robust method.

According to a further aspect of the present invention, the execution of the method steps is stored in a history. This has the advantage that the history of the method steps can be stored redundantly and decentrally and thus data manipulation is avoided. Thus, the history can be completely or partially stored on different computer nodes. Thus, individual fragments of any size of the history can be formed arbitrarily and these can be stored redundantly and distributed. Due to the expected overlaps of the partial fragments, the data can then be checked for integrity. Thus, it can also be determined which Parts of the history are correct and which are manipulated. For example, those records that correspond to the records that hold at least half of the relevant compute nodes may be considered correct. If, for example, a data record is stored ten times, wherein it has a first value seven times and a second value three times, then it can easily be verified that the seven-time storage is superior with regard to the three-time storage. Thus, it is more likely that the three data sets are located on manipulated computer nodes. Thus, the three records can be ignored and it is verified that the seven records are correct.

According to a further aspect of the present invention, the execution of the method steps is stored in a history in such a way that several method steps are combined to form units. This has the advantage that the individual data records are stored in a structured manner. For example, transactions of individual users, i. H. individual identity information, grouped to be stored. For this purpose, further metrics are known to the person skilled in the art, which include, for example, clustering. Also, the individual records can be grouped by their timestamp or their communication partners. Thus, individual transactions can be summarized and saved as one unit. This can also be referred to as classifying the transactions.

According to another aspect of the present invention, the units are hierarchically connected according to provided logic. This has the advantage that, for example, a higher-level transaction can be broken down into further individual transactions. For example, as a higher-level data unit, a communication connection between a first user and a second user or their terminals can be provided. This makes it possible to generate a hierarchy since the data connection in turn has further partial connections. Thus, larger transactions can be resolved finely granular.

According to another aspect of the present invention, the units are assigned different access permissions. This has the advantage that different access rights are also possible depending on the level of detail. So it is z. For example, it is possible to grant access to a user such that it can be determined that a first user has communicated with a second user. However, it is possible to hide here which individual transactions are involved. This in turn leads to an anonymization of the underlying data records and a fine granular rights management.

The object is also achieved by a communication protocol for anonymizing transactions of a block chain in a distributed computing system comprising control instructions implementing the proposed method.

The object is also achieved by a communication system for anonymizing transactions of a block chain in a distributed computing system, comprising a first computing unit, configured to create a first identity information and assigning this first identity information to a terminal and a second computing unit, configured to create a second identity information and Assigning said second identity information to the terminal, wherein the communication system is adapted to transmit the first identity information from the first arithmetic unit to the second arithmetic unit and terminate the first identity information using a hash function over the second identity information and a generated random number.

A distributed computing system is in this case a computer network or individual computing nodes which are network-connected.

According to the invention, it is particularly advantageous that the method is suitable for describing the communication protocol and that the communication protocol causes individual computational components to carry out the method. Furthermore, the method is suitable for operating the communication system, and the communication system is again set up to carry out the proposed method. In this case, the person skilled in the art recognizes that the method steps are implemented as structural features of the communication system, and likewise that the structural features of the communication system can also be implemented as method steps.

• 1: ein Kommunikationssystem zur Anonymisierung von Transaktionen einer Blockkette gemäß einem Aspekt der vorliegenden Erfindung;
• 2: ein weiteres Kommunikationssystem zur Anonymisierung gemäß einem weiteren Aspekt der vorliegenden Erfindung; und
• 3: ein Ablaufdiagramm eines Verfahrens zum Anonymisieren von Transaktionen einer Blockkette gemäß einem Aspekt der vorliegenden Erfindung.

Further advantageous embodiments will be explained in more detail with reference to the accompanying figures. Show it:

• 1 a communication system for anonymizing transactions of a block chain according to an aspect of the present invention;
• 2 another communication system for anonymization according to another aspect of the present invention; and
• 3 3 is a flowchart of a method for anonymizing transactions of a block chain according to an aspect of the present invention.

In the present 1 are a first arithmetic unit 1 and a second arithmetic unit 3 intended. At the terminal 2 For example, it is a terminal as a so-called Internet of Things device. However, this may be any good, such as a vehicle. An Internet-of-things device is typically a hardware terminal which has only low computing capacity. Furthermore, such a terminal is passively supplied with power, that is, for example, an electricity for supplying built-up components is generated by means of an induction coil.

In the following, it will be described in more detail how a user change, that is to say a change of the identity information, is carried out. It can be seen here that a user always corresponds to a computing unit. For example, the user has 1 a smartphone or a computing unit 1 , The second user has another processor 3 , Thus, those skilled in the art will recognize that identity information is to be associated with both the computing unit and the user. Thus, therefore, the terms "user", "arithmetic unit" and "identity information" can be used interchangeably. This is the case in particular because the user always communicates with his own computing unit, for example a smartphone, under his own identity information. The abstraction based on the identity information here serves the concrete technical description, wherein under the respective identity information a preferably human user is identifiable.

In the present case, an identity information is referred to as "ID" and a generated random number as an "RNG". Creation is referred to as a "Create" in the present application domain, and scheduling is termed "Terminate". Applying a hash function is called a "hash".

The first block chain device ID (ID1) is stored on the mobile terminal (Smartphone) ( 1 ) of the user (or in the associated app) and to the IoT device ( 2 ) transfer. In the communication of ( 2 ) with the block chain ID1 is used. Alternatively, ( 2 ) generate the ID1 and on ( 1 ) transfer.

Changes ( 2 ) the owner must also change the ID. The ID change will be done by the new owner (User 2 ) owned by the smartphone ( 3 ) with the appropriate app.

First, a new ID (ID2) is opened ( 3 ) and on ( 2 ) transfer. ( 3 ) receives from ( 1 ) ID1. ( 3 ) also terminates ID1 by a corresponding command. The hash function allows all later owners to verify the ID changes. Subsequently, 3 ) ID1. At any time, by forming a hash via ID2 and RNG2, it can retrieve the corresponding terminate command from ID1 and thus also reconstruct ID1 in plain text. The random number RNG2 is not used in plain text in the block chain. The random number ensures that one can not get an assignment of the IDs by trying out all existing IDs.

The new Create command must not be assigned to the Terminate by temporal correlation, so that no assignment of ID1 and ID2 is possible. For example, it should not be sent directly one after the other.

If the owner changes again, only the current (secret) random number RNG and the current ID are passed on (here ID2, RNG2). With these values the Terminate command for ID2 can be sent and afterwards ID2 and RNG2 are deleted again. Only ID3 and RNG3 must be saved.

Requires the user 3 He can also calculate the previous IDs (ID2, ID1) as follows: He calculates hash (ID3 II RNG3) and thus finds the Terminate command for ID2 in the block chain. With RNG3 he computes RNG2 by decryption, because enc (RNG3, RNG2) is part of the same Terminate command and then hash (ID2 II RNG2), which finds the Terminate command of ID1 in the block chain. He knows ID3, ID2 and ID1.

2 shows, in an analogous form, a user change demonstrated abstractly for a natural number of users. It becomes clear that, for example, the second identity information is another identity information, and the second arithmetic unit is a further arithmetic unit. Arithmetic units can be present, for example, in the form of a mobile terminal, for example a smartphone.

3 FIG. 12 shows a flow diagram of a method for anonymizing transactions of a block chain in a distributed computing system, including a build 100 a first identity information in a first arithmetic unit and assign 101 this first identity information to a terminal and a creation 102 a second identity information in a second arithmetic unit and assign 103 the second identity information to the terminal, wherein the following method step is performed, namely the transmission 104 the first identity information from the first arithmetic unit to the second arithmetic unit and the terminating 105 the first identity information below Use a hash function over the second identity information and a generated random number.

In the following, further security mechanisms are described, which relate to the creation of a hierarchy of transaction units. These can be combined with the proposed procedure and ensure that fine-grained rights management can be implemented.

Several block chains are linked together. In this case, the results of several transactions of the subordinate block chain are combined in a new transaction in the higher-level block chain. The most detailed transaction chain of transactions requires the highest privilege to access. The block chain, which "only" summarizes the results of several individual transactions, has a lower security level and requires less authorization. This grading can be done over any security level and block chains.

In addition, read and write permissions can be made according to a BellLa Padula security model, i. lower levels of security can also write transactions to the block chain but not read (no-readup). Conversely, transactions performed at the high security level can not be written 1: 1 to the lower security block chain (no-write-down). Only the aggregation of higher level transactions into a new transaction is allowed.

Information in a block chain may be provided depending on a permission. The entity with the highest privilege has access to the highest level of detail in transactions. An example may be financial transactions, i. With a moderate privilege, a monthly balance can be viewed, but a higher level of privilege is needed to view individual financial transactions.

Thus, a fault-robust method or a communication system has been proposed, which allows to ensure data integrity and yet to expand existing infrastructure without technical effort.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• DE 102011122767 A1 [0002]
• DE 102016104478 A1 [0003]
• EP 0908810 B1 [0004]

Claims (15)

A method for anonymizing transactions of a block chain in a distributed computing system, comprising: - creating (100) a first identity information in a first processing unit (1) and assigning (101) this first identity information to a terminal (2); - Creating (102) a second identity information in a second arithmetic unit (3) and assigning (103) this second identity information to the terminal (2), characterized in that the following method step is provided: - Sending (104) the first identity information from the first Arithmetic unit (1) to the second arithmetic unit (3) and terminating (105) the first identity information using a hash function on the second identity information and a generated random number. Method according to Claim 1 , characterized in that a data storage is at least partially decentralized. Method according to Claim 1 or 2 , characterized in that the data storage is at least partially redundant. Method according to one of the preceding claims, characterized in that the hash function provides an inference to the first identity information. Method according to one of the preceding claims, characterized in that the generated random number is always stored in encrypted form. Method according to one of the preceding claims, characterized in that between the creation (102) of the second identity information and the termination (105) of the first identity information further control commands are executed and / or transmitted over a network. Method according to one of the preceding claims, characterized in that the first identity information is deleted. Method according to one of the preceding claims, characterized in that the method is carried out using a decentralized network. Method according to one of the preceding claims, characterized in that the execution of the method steps is stored in a history. Method according to one of the preceding claims, characterized in that the execution of the method steps is stored in a history such that a plurality of method steps are combined into units. Method according to Claim 10 , characterized in that the units are hierarchically connected according to a provided logic. Method according to one of Claims 10 or 11 , characterized in that the units are assigned different access permissions. Communication protocol for anonymizing transactions of a block chain in a distributed computing system, which causes the following control commands: - creating (100) a first identity information in a first processing unit and assigning (101) this first identity information to a terminal; - Creating (102) a second identity information in a second arithmetic unit and assigning (103) this second identity information to the terminal, characterized in that the following method step is provided: - Sending (104) the first identity information from the first arithmetic unit to the second arithmetic unit and Terminating (105) the first identity information using a hash function on the second identity information and a generated random number. A communication system for anonymizing transactions of a block chain in a distributed computing system, comprising: - a first computing unit (1) configured to generate (100) first identity information and assign (101) said first identity information to a terminal (2); - A second arithmetic unit (3) arranged to create (102) a second identity information and assigning (103) this second identity information to the terminal (2), characterized in that the communication system is adapted to: - transmitting (104) the first identity information from the first arithmetic unit (1) to the second arithmetic unit (3) and terminating (105) the first identity information using a hash function over the second identity information and a generated random number. Computer program product with control instructions, which method according to one of Claims 1 to 12 to implement.

Images