Ethereum’s transparency is both a design feature and a liability. Everything on-chain — from portfolio holdings to trading behavior — is permanently visible. That’s great for verifiability but terrible for everyday privacy.
Over the past few years, we’ve built brilliant tooling around scalability and security. Privacy, however, has lagged behind. Tornado Cash created a spark, Railgun improved the usability, and Vitalik’s Privacy Pools proposal introduced a new compliance-aware model. But none of these solved the core problem:
Privacy tools exist, but none are wallet-native and users feel that friction.
At Devcon 2025 in Buenos Aires, the Ethereum Foundation introduced Kohaku, a framework designed to bring privacy directly into wallets — not as a standalone protocol, but as a modular layer that orchestrates multiple privacy systems under a unified SDK.
This article breaks down how Kohaku works, why it matters, and how developers can start building with it.
1. Why Ethereum Needs a Wallet-Level Privacy Layer
Ethereum’s default transparency creates several issues:
- Traders leak strategies through transaction patterns.
- Companies expose payroll, treasury movements, and vendor payments.
- DeFi users reveal risk profiles and liquidation thresholds.
- Institutions exploring RWAs cannot operate publicly.
- RPC metadata still exposes location/IP even if the on-chain tx is private.
Existing privacy tools require users to jump between UIs, learn new abstractions, or manage separate shielded balances. Kohaku tries to remove this cognitive overhead:
“Turn on Private Mode → wallet handles the rest.”
It’s not a new chain. Not a mixer. Not a singular protocol.
It’s more like a privacy OS for wallets.
2. What Kohaku Actually Is
Rather than reinventing privacy, Kohaku integrates and orchestrates three layers:
A. Modular Privacy Routing
Wallets using Kohaku can route transactions through:
- Railgun (production-ready)
- Privacy Pools (alpha)
- Future ZK stealth modules
- Potential third-party privacy routers
The wallet chooses the routing path based on:
- asset type,
- shielded balance availability,
- compliance requirements,
- user configuration.
B. Secure Wallet Key Architecture (via Account Abstraction)
Kohaku uses smart accounts (ERC-4337 / ERC-7579) to implement:
- Hot keys -> daily spending, low-value actions
- Cold/guardian keys -> high-value approvals
- Session keys -> permissioned automation
- Policy-based execution -> spending limits, auth constraints
This lets users interact privately without relying on a single seed phrase for everything.
C. Metadata Protection (Off-Chain Privacy)
Transaction privacy is meaningless if RPC leaks metadata.
Kohaku integrates:
- Helios light client -> self-verified blockchain reads
- P2P transaction broadcasting -> no RPC endpoint
- Mixnet / Tor relays (optional)
- Ephemeral session keys for unlinkability
This avoids one of the biggest pitfalls of privacy systems:
off-chain surveillance of user intent.
3. Architecture Overview
Here’s a simplified view of the workflow:
The key design principle:
each layer has a single job and clean boundaries.
4. How a Private Transaction Works (Step-by-Step)
Example: User sends 1 ETH privately.
- User toggles “Private Send.”
- Wallet checks available shielded balance.
- If shielded → prepare proof
- If not → auto-shield
- Prover generates ZK proof
- Wallet constructs calldata
- Smart account signs a UserOperation
- Tx broadcast via P2P
- Proof verification
- Shielded state updates
The flow is UI-simple but technically complex.
5. Developer-Facing Abstractions
Kohaku hides ZK complexity behind an SDK.
A. Preparing a shielded transaction
import { PrivacyProtocol } from "@kohaku/sdk";
const payload = await PrivacyProtocol.prepareTransfer({
asset: "ETH",
amount: "1",
recipient: "0xRecipientAddress"
});
B. Generating the proof
import { ZkProver } from "@kohaku/sdk";
const proof = await ZkProver.generateTransferProof(
payload.notes,
payload.merklePath
);
C. Submitting via Account Abstraction
import { P2PBroadcaster } from "@kohaku/sdk";
await P2PBroadcaster.submitUserOperation({
sender: smartAccount.address,
callData: payload.callData,
signature: smartAccount.sign(proof)
});
D. Example JSON config
{
"privacy": {
"enabled": true,
"defaultRoute": "railgun",
"metadataProtection": {
"p2pBroadcast": true,
"useHelios": true
},
"prover": {
"mode": "local",
"threads": 4
}
}
}
6. Mathematical Intuition Behind Key Components
Commitments
commitment = Hash(value || blinding || ownerPubKey)
Provides:
- hiding
- binding
- non-linkability
Nullifiers
nullifier = Hash(commitment || spendingKey)
Prevents double spend without revealing which note was spent.
Merkle Proofs
Proves:
- “I own one of the notes in this tree”
- without revealing which note.
This is the basis of Railgun + Privacy Pools.
7. Comparison With Existing Solutions
| System | UX | Compliance | Integration | Metadata |
|---|---|---|---|---|
| Tornado Cash | Hard | None | Low | None |
| Railgun | Medium | Optional | Moderate | Basic |
| Privacy Pools | Medium | Strong | Alpha | Basic |
| Aztec Connect | Good | None | Rollup-only | Good |
| Kohaku | Wallet-native | Inherited | High | Strong |
Kohaku doesn’t replace privacy protocols it orchestrates them.
8. Use Cases
A. Trading
Hide swaps, size, liquidation thresholds.
B. DAO Payroll
Pay contributors without exposing income.
C. RWA Institutions
Private but auditable flows.
D. Enhanced Wallet UX
No new apps, seed phrases, or awkward flows.
9. Limitations & Risks (Important)
- No universal ZK system
- Mobile proving is slow
- Regulatory ambiguity
- Cross-rollup privacy is early
- SDK modules still evolving
This isn’t “solved privacy,” but a pragmatic architecture.
10. Forward-Looking Insights
- Session-key stealth addresses
- Mobile-optimized provers
- Cross-rollup private swaps
- AA + ZK recovery
- Hardware wallet integrations
Wallet-level privacy is the real unlock.
Kohaku is the first serious step in that direction.
If you’re building wallets, pay attention privacy finally has an architecture.
Top comments (0)