According to an announcement from the Ethereum Foundation on October 8th, the Foundation will expand its privacy research and development efforts by establishing a "Privacy Research Cluster," integrating the existing PSE team and related projects. The new cluster covers key technologies such as private payments, anonymous voting, zkID, the privacy wallet Kohaku, and also establishes an Institutional Privacy Task Force (IPTF) to promote the practical application of privacy for enterprises and institutions. The Foundation emphasized that privacy is a core characteristic of the Ethereum ecosystem and will permeate the protocol, application, and institutional levels to safeguard user freedom and digital trust.
This article explores the Ethereum Foundation's new developments in privacy and why it is focusing on this field.
I. What is the "Privacy Research Cluster"?
The "Privacy Research Cluster" team consists of 47 experts from the blockchain industry, including top researchers, engineers, and cryptographers, responsible for the privacy features of the Layer 1 smart contract network. This includes private read and write for payments and interactions, portable identity and proof of asset ownership, a selective disclosure zkID system, user experience work aimed at standardizing privacy tools, and Kohaku—an SDK and wallet designed to achieve strong cryptographic usability by default.
II. What has Ethereum PSE done before?
Since 2018, Ethereum has supported privacy research through its Privacy and Scaling Explorations (PSE) team, conducting experiments such as Semaphore for anonymous signaling, MACI for private voting, zkEmail and zkTLS, as well as the Anon Aadhaar project.
Details are as follows:
Established over 50 open-source R&D projects to experiment with privacy tools.
Released core primitives such as Semaphore (anonymous signaling), MACI (private voting), zkEmail, TLSNotary (pioneering zkTLS), and Anon Aadhaar (private national ID), etc.
Created repositories that have been forked thousands of times, forming the backbone of privacy R&D across the entire ecosystem.
III. Detailed Look at Ethereum Privacy Wallet Kohaku
On October 9th, Ethereum developers announced the development roadmap for Kohaku.
Kohaku's core goal is to create a Software Development Kit (SDK) for building secure wallet features and a reference wallet to demonstrate how these tools work in practice. The first version will be launched as a browser extension based on the Ambire wallet, specifically designed for advanced users seeking greater control and privacy.
Kohaku is being developed in collaboration with many Ethereum ecosystem teams, including Ambire, Railgun, DeFi Wonderland, Helios, and Oblivious Labs. The project is open-source, encouraging developers to contribute via its GitHub repository.
Kohaku's main objective is to reduce wallets' reliance on centralized services for traceable transactions. The project will include features such as: private sending and receiving, hiding IP addresses, providing separate accounts for each DApp, and P2P transaction broadcasting bypassing regular Remote Procedure Call (RPC) servers.
It also plans to add social recovery options using tools like ZK Email or Anon Aadhaar, allowing easier access recovery without compromising privacy. ZK Email uses zero-knowledge proofs for anonymous email verification, while Anon Aadhaar allows users to prove their identity in a privacy-preserving manner.
Long-term, the team aims to bring wallet security closer to the device level, which they refer to as "as close to the chip as possible." This means creating a native Ethereum browser where users can safely interact with DApps, IPFS content, and the decentralized web without data leakage issues.
Ethereum Foundation Protocol Coordinator Nico mentioned specific features planned for implementation in the article "Kohaku Roadmap":
In the first phase, a series of features enhancing privacy and security will be developed. The following is a non-exhaustive list of desired features:
Run the Helios lightclient within the browser extension (thanks to the Helios wasm package), with fallback to RPC when needed and allowed by a killswitch. This eliminates the need to trust RPC providers for validity.
A minimal execution client running in the browser, allowing necessary operations to be run privately. The goal is to run eth_call to interact with an unaware server for state reading, while ensuring the server doesn't know which storage is being accessed. (Achieved via TEE+ORAM, with a long-term project attempting pure encryption using PIR).
Private sending via wallet send flow, through various privacy protocols.
Private receiving via wallet flow, through various privacy protocols.
Private payment requests via wallet, through various privacy protocols.
Aggregated balance view for all enabled privacy protocols.
Prevention of unnecessary IP leakage and traffic masking.
Transparent support for private addresses: If dApps enforce internal RPC, and asset wallet discovery is supported via ERC 7811, the RPC is hijacked.
One account per dApp. When connecting to a dApp, the default behavior is to prompt using a new address.
Wallet Connect Suite, a privacy-first protocol for peer-to-peer JSON-RPC connections.
Social recovery options via ZKemail, ZKpassport, Anon aadhaar, implemented in a standardized, maximally disintermediated way to ensure passability of the walkaway test and faster proof times.
Post-quantum kill switch, optionally enabling post-quantum accounts with optimized Falcon / Dilithium robustness verifiers.
A universal hardware Ethereum application supporting advanced features. Provides a reference implementation of an Ethereum application ready for immediate use by different manufacturers, breaking existing vendor lock-in.
ZK hardware signers (Jubjub / Bandersnatch) allowing hardware to be used with existing privacy protocols.
Spending policy / account policy for spending limits with different signers.
Optional P2P transactions, broadcasting transactions directly via the p2p network without going through RPC nodes.
IV. Interpretation of the Ethereum Foundation's Moves in the Privacy Field
First, the Ethereum Foundation views privacy as core to Ethereum's reputation. Blockchains are inherently transparent, but widespread adoption requires that users and institutions can choose to transact, govern, and build without exposing sensitive data. In the broader crypto ecosystem, there are over 700 privacy-centric projects, but due to Ethereum's scale, its foundational components often become the standard adopted by others. If the Foundation can provide trusted tools that balance privacy, neutrality, and compliance, it has the potential to define how the next wave of applications are built.
Second, privacy remains politically charged. Regulators have targeted mixers and covert transactions, and developers are aware that features enabling confidential use can also be used for illicit financial activities. This is why the Ethereum Foundation is adopting an approach involving open-source research, institution-focused task forces, and tools for ordinary users.
Third, Vitalik has urged the crypto community to "fight chat control" and warned that collected data could be misused or lead to leaks of sensitive user information through hacking. The proposed EU chat control law, which would allow European governments unrestricted access to all message traffic, might drive adoption of Web3 alternatives as users seek privacy and control over their own data.
Note: The "chat control" regulation refers to the "Regulation on Preventing and Combating Child Sexual Abuse" (CSA), initially proposed in 2022 by Ylva Johansson, the European Commissioner for Home Affairs at the time. It aims to combat the spread of online Child Sexual Abuse Material (CSAM) by means such as screening messages before encryption. On July 1st, the first day of Denmark's presidency of the Council of the EU, the country stated it would treat this directive as a "high priority." The regulation will be voted on October 14th.
