This paper presents a scheme for transaction pseudonymization of IP
address data in a distributed passive monitoring infrastructure. The
approach provides high resistance against traffic analysis and injection
attacks, and it provides a technique for gradual release of data through
a key management scheme. The scheme is non-expanding, and it should be
suitable for hardware implementations for high-bandwidth monitoring
systems.