Kohaku: Ethereum's Privacy-First Wallet Revolution

## The Reveal at Devconnect Buenos Aires 2025 When Vitalik Buterin took the stage at Devconnect in Buenos Aires in **November 2025**, he didn't mince words about Ethereum's state: "We're in this very last mile stage. It's in this last mile stage where we need to put a lot of concerted effort into doing better. Same on the security side." Buterin also emphasized: "Privacy is freedom. It gives us space to live our lives in the ways that meet our needs without having to constantly worry about how our actions will be perceived by all kinds of centralized and decentralized coercive political and social entities." Kohaku is Ethereum's answer - a privacy-first wallet framework designed to make zero-knowledge proofs accessible to everyday users. ## What Is Kohaku? Kohaku is a set of privacy and security primitives designed for Ethereum wallets. The project was announced in **October 2025** via a blog post by Ethereum Foundation coordinator **Nicolas Consigny**. **Important:** This project is a work in progress and is not ready for production use. ## What Makes Kohaku Different? ### Not Another Wallet - A Framework Kohaku isn't trying to replace MetaMask or Rabby. Instead, it's an open-source framework that any wallet can integrate. **Two Core Components:** 1. **Modular SDK**: Privacy and security features that developers can integrate into existing wallets - either in full or just the parts they need 2. **Reference Wallet**: A browser extension based on the Ambire wallet, designed for developers and power users who value privacy ### Development Collaborators Kohaku is being developed in collaboration with well-known Ethereum ecosystem teams: - Ambire - Reference wallet infrastructure - Railgun - Privacy protocol integration - DeFi Wonderland - DeFi integrations - Helios (a16z) - Light client - Oblivious Labs - Private reads and writes - PSE (Privacy Stewards of Ethereum) - Privacy research - ZKnox - Zero-knowledge tools ## Privacy Cluster Team The Ethereum Foundation has formed a specialized team called the "Privacy Cluster" consisting of **47 engineers and researchers**. This group is headed by **Igor Barinov**, founder of Blockscout, and is responsible for ensuring thorough privacy implementation across the ecosystem. ## The Privacy Pools Integration Kohaku integrates directly with Privacy Pools, solving the "tainted money" problem that plagued earlier privacy protocols like Tornado Cash. ### What Are Privacy Pools? **The Old Problem (Tornado Cash):** - Good actors + Bad actors = Mixed pool - Everyone potentially looks suspicious **The Privacy Pools Solution:** - Users create association sets to prove legitimacy - Privacy + Compliance: "I'm in the legitimate user pool, not the criminal pool" ### How It Works in Kohaku 1. **Deposit**: User deposits funds into a privacy pool 2. **Association Proof**: User generates ZK proof showing they're in the "clean" subset 3. **Withdrawal**: User withdraws to a fresh address, maintaining privacy while proving legitimacy ## Supported Privacy Protocols | Package | Status | Description | |---------|--------|-------------| | @kohaku-eth/railgun | Active | Railgun privacy protocol library | | @kohaku-eth/privacy-pools | In Development | Privacy Pools integration | ## Core Features ### 1. Transaction Shielding During a demo at Devconnect, a user was able to shield publicly visible funds using a Railgun integration. The goal is to bring default opt-in privacy for any Ethereum-connected wallet. **Features include:** - Private sending and receiving - Hiding IP addresses - Traffic masking to prevent IP leaks - Aggregated balance viewing across all enabled privacy protocols ### 2. Local Light Client (Helios) Integrating Helios as a WASM package in the browser extension allows wallets to operate without trusting RPC providers. This ensures local transaction verification, minimizing surveillance risks. ### 3. Private Reads and Writes A browser-based execution client for private actions, including eth_call with an oblivious server. Initially implemented via TEE+ORAM, with future plans for purely cryptographic solutions using PIR (Private Information Retrieval). ### 4. Stealth Address Support Kohaku creates an ephemeral stealth address with your public key, which lets you execute a private action without revealing the link to your main wallet. **Features:** - Automatic stealth address generation - Recipient scanning - Transparent support for private addresses via ERC-7811 ### 5. One Account Per DApp Each new connection asks users to generate a separate address to minimize data linkage between different activities. This is similar to how web2 works - login credentials for PayPal and Netflix are unique to each other. ### 6. Privacy-Preserving Recovery Kohaku plans to add social recovery options using zero-knowledge verification methods: - ZK Email - Anonymous verification of emails - ZK Passport - Privacy-preserving identity proof - Anon Aadhaar - Identity verification without exposure ### 7. Post-Quantum Protection Security researchers on Kohaku have developed a "Post-Quantum killswitch" for token holders to enable post-quantum accounts using Falcon or Dilithium verifiers, optimized for Solidity. This protects assets against potential quantum computing threats. ## The Developer Experience ### Modular SDK Architecture The SDK deploys privacy and security features that can be integrated by other wallets. Kohaku's plugin architecture allows developers to choose privacy modules that make wallet customization easier and future-proof. **Key Benefits for Developers:** - Open-source code and roadmap on GitHub - Plug-in system for choosing specific features - Modular design - use only what you need - Active community support ## Roadmap ### Phase 1: Foundation (2025 Q4) - SDK documentation and initial release - Browser extension based on Ambire wallet - Helios light client integration - Mainnet support before expanding to Layer 2 networks - Basic private send/receive functionality ### Phase 2: Privacy Features (2025-2026) - Private sends through 0xbow Privacy Pools - Crosschain sends via Open Intents Framework - Universal balance views across chains - Per-DApp account isolation - Shielded transactions - Peer-to-peer transaction broadcasting ### Phase 3: Structural Privacy (2026+) **Native Account Abstraction:** To achieve a secure and private wallet, the Ethereum network needs to implement native account abstraction. The team will be working in that direction over 2026, bringing privacy-preserving account abstraction which requires client-side ZK-EVM (or perhaps ZK-RISC-V) proving that you control a given wallet. This lets you have the same wallet control public and private funds. **Additional 2026+ Goals:** - Zero-knowledge recovery - Post-quantum-safe signatures - Universal hardware wallet support - Native Ethereum browser for deeper security - Transaction security scoring via local AI - New social recovery schemes - Full private account abstraction baked directly into Ethereum's protocol ## Hardware Wallet Support Kohaku proposes a "universal Ethereum-app for hardware" to eliminate vendor lock-in and provide open access to advanced features. This includes a reference implementation for hardware wallet manufacturers plus a ZK hardware signer on Jubjub/Bandersnatch for compatibility with privacy protocols. ## Challenges and Limitations ### Current Limitations 1. **Work in Progress** - Not ready for production use 2. **Advanced Users First** - Initial release targets developers and power users 3. **Mainnet Priority** - Layer 2 support comes after mainnet is stable 4. **Performance Overhead** - ZK proof generation requires computational resources ### Upcoming Improvements - Faster proving with optimized circuits - Broader protocol support - Mobile implementations - Gasless private transactions ## The Bigger Picture: Privacy as Infrastructure Kohaku represents a fundamental shift in how Ethereum thinks about privacy: **Old Paradigm:** - Privacy = Niche feature for paranoid users - Separate protocols, complex UX **New Paradigm:** - Privacy = Core infrastructure for everyone - Built-in feature, simple UX The Ethereum Foundation believes that without robust privacy safeguards, Ethereum might become a "foundation for worldwide monitoring." Kohaku aims to make privacy a normal and accessible feature for everyone. ## Getting Started with Kohaku **For Developers:** 1. Check the GitHub repository: ethereum/kohaku 2. Review the SDK documentation 3. Try the example integrations 4. Join the community for developer support **For Wallet Projects:** 1. Review the integration guide 2. Choose which privacy modules to integrate 3. Implement using the plugin architecture 4. Launch privacy features to your users ## The Verdict Kohaku isn't just a wallet - it's Ethereum's bet that privacy can be both powerful and user-friendly. For too long, we've accepted the false choice between usability and privacy. Kohaku proves we can have both. The question is no longer "Can we build privacy into Ethereum?" but "How quickly can we make it the default?" Next in this series: We'll explore real-world applications of privacy technology - from DeFi to voting systems to enterprise use cases. Have you tried Kohaku? What privacy features matter most to you?