The Kohaku Privacy Framework

Whitepaper Reading Club @ San Francisco - Dec 10th, 2025 The Kohaku Privacy Framework

By @BrianSeong @0xfishylosopher

Kohaku is a modular privacy framework that standardizes how wallets request and execute private transactions across multiple cryptographic backends, giving developers a unified interface to integrate privacy into their applications.

Kohaku provides a common privacy interface for Ethereum, allowing developers to choose how private actions are executed while giving wallets a consistent and intuitive way to expose privacy features. Without Kohaku, applications must individually integrate systems like Railgun, Privacy Pools, Hinkal, or private L2s—each with different assumptions, UX requirements, and technical overhead. Kohaku standardizes essential primitives such as shielding, private transfers, and compliance-oriented proofs, greatly simplifying the development of privacy-capable applications. By offering a modular, protocol-agnostic framework, Kohaku enables developers to plug in the privacy rails that best meet their product needs—whether optimizing for anonymity, regulatory alignment, or cross-chain execution—without redesigning their wallet UX. In doing so, Kohaku transforms Ethereum privacy from a patchwork of isolated tools into a coherent, developer-led foundation that can scale as new privacy technologies emerge.

Kohaku redefines privacy on Ethereum through five core innovations: (i) Unified Privacy Interface: standardized primitives such as sendPrivate, shield, unshield, and transfer that allow wallets and applications to express private actions without integrating each privacy protocol individually. (ii) Protocol-Agnostic Integration Layer: a flexible architecture that enables developers to adopt any privacy backend—Railgun, Privacy Pools, Hinkal, or private L2s—while maintaining a consistent user experience. (iii) Modular Adapter Architecture: a plug-and-play system where privacy protocols integrate through lightweight adapters implementing a shared interface, making it easy to incorporate new privacy technologies without modifying application logic. (iv) Compatibility with Compliance-Oriented Rails: by supporting adapters for systems such as Privacy Pools or zk-credential providers, Kohaku enables developers to integrate association sets, proof-of-innocence patterns, or attestations when needed, without binding Kohaku to a single compliance model. (v) Chain-Extensible Privacy Framework: connectors that enable Kohaku to interface with private execution environments like Miden, Aleo, or future zk/FHE systems, allowing developers to treat these environments as privacy coprocessors accessible through the same wallet UX and API surface.

Kohaku’s privacy architecture relies on several foundational primitives: (i) Shielded Balance: an encrypted or commitment-based representation of assets held inside a privacy rail, where transfers update hidden state without revealing sender, recipient, or amount. (ii) Nullifier Tree: a Merkle-based structure that records “spent” commitments, ensuring that shielded notes cannot be double-spent while still keeping the original note and owner private. (iii) zkVM: a zero-knowledge virtual machine that executes programs off-chain and produces succinct proofs verifying correct execution, enabling private computation in environments such as Miden, Aleo, or Aztec. (iv) MPC (Multi-Party Computation): a cryptographic technique allowing multiple parties to jointly compute a function over private inputs without revealing them, often used for shared signing, private order execution, or distributed key control. (v) TEE (Trusted Execution Environment): hardware-isolated secure enclaves—such as Intel SGX or ARM TrustZone—that execute sensitive operations privately, sometimes combined with ZK proofs for verifiable confidentiality. (vi) FHE (Fully Homomorphic Encryption): an encryption scheme allowing arbitrary computation directly on encrypted data, enabling future private smart-contract platforms and confidential compute layers. (vii) Commitment: a binding cryptographic handle to hidden data used for private notes, balances, and state updates, allowing verification without disclosure. (viii) Viewing Key: an optional decryption key enabling selective disclosure—users or auditors can verify private transaction details without exposing them publicly.

Ethereum’s transparency enables trustless verification but makes privacy difficult: every transaction, balance update, and contract interaction is public, allowing long-lived addresses to accumulate linkable financial histories that can become identifiable when tied to exchange withdrawals, NFT mints, or ENS names. Off-chain metadata further erodes privacy—RPC providers observe IP addresses and raw transactions, searchers correlate mempool behavior, and bridges or KYC’d on-ramps link activity to real identities. Existing privacy tools address parts of the problem but remain fragmented, each with its own UX, assumptions, and integration overhead, forcing users to choose which protocol to use rather than how private they want to be. Kohaku is motivated by this gap: a unifying framework that allows wallets and applications to access multiple privacy rails through a single, consistent interface, making privacy an everyday capability rather than a specialized destination.

Kohaku is developed by the Ethereum Foundation. Kohaku’s initial demonstration SDK was built in collaboration with the Railgun developer community, showcasing how existing privacy systems can be integrated through a shared interface and used directly inside wallets without bespoke integrations.

The Kohaku initiative reflects the Ethereum Foundation’s broader vision of evolving privacy from a protocol-specific feature into a standardized capability available to all users and developers. As an open framework, Kohaku invites contributions from external teams building privacy rails—such as shielded pools, private rollups, MPC/TEE/FHE systems, and emerging cryptographic protocols—to implement adapters and extend the ecosystem. This collaborative model is intended to accelerate experimentation, encourage interoperability, and help establish privacy as a first-class primitive across Ethereum’s rapidly expanding infrastructure.

Kohaku introduces an important shift in how privacy can be delivered across the Ethereum ecosystem, reframing it from a collection of isolated protocols into a standardized capability that wallets and applications can build around. Rather than promoting any single privacy rail, Kohaku focuses on unifying access to them, reflecting an architectural belief that Ethereum’s privacy stack should evolve through modular coordination rather than protocol consolidation. This approach prioritizes neutrality and extensibility: developers remain free to choose the privacy systems—Railgun, Privacy Pools, Hinkal, or private L2s like Miden—that best align with their applications, while Kohaku supplies the shared interface needed to integrate them cleanly. Although this model introduces more components than vertically integrated systems, it enables smoother adoption of advanced cryptography such as MPC, FHE, and zkVM-based private execution as they mature. If wallets, dApps, and privacy rails converge on Kohaku’s abstractions, the framework could become a foundational layer—doing for privacy what ERC standards did for tokens—by making private any interactions a natural part of everyday wallet operations rather than a specialized or protocol-specific workflow.

Initiation:

1. User initiates a private action inside their wallet (for example, a private send or private swap request).
2. The wallet invokes the Kohaku privacy interface, which provides a unified entry point for all privacy-related actions.
3. The wallet or dApp selects a privacy rail by choosing the appropriate Kohaku adapter (such as Railgun or an off-chain/private L1/L2 environment).

Railgun Path (On-Chain Privacy Module)

1. The wallet calls the Railgun adapter, which manages interaction with Railgun’s smart contracts.
2. Assets are shielded into Railgun, converting public balances into shielded commitments.
3. The private action—such as a private transfer or private DeFi interaction—is executed inside Railgun using its ZK-based architecture.
4. If needed, users may unshield assets back to a public balance, exposing only the final withdrawal while keeping the internal transfer graph private.

Off-Chain / Cross-Chain Path (Private L1/L2 or zkVM Environment)

1. The wallet calls the off-chain connector, which bridges assets into an external private execution environment.

2. A bridge contract locks or tracks assets as they move into the private domain.

3. The private environment (L1, L2, or specialized zk/FHE system) executes private logic, such as:

4. transferring balances

5. swapping tokens

6. lending/borrowing

7. other application-specific private actions

8. After execution, the private environment generates a proof or result and returns it to Ethereum through the bridge.

9. Assets are withdrawn or returned to the user in the public domain.

Finalization

1. The wallet updates the user’s state to reflect the result of the chosen privacy flow—either the shielded balance within Railgun or the returned assets from a private L1/L2.

1. How should developers compare the privacy guarantees of different rails (Railgun, Privacy Pools, Hinkal, private L2s) when deciding which adapter to integrate through Kohaku?
2. How can Kohaku ensure consistent user experience across privacy rails that have fundamentally different trust models, proving mechanisms, and withdrawal semantics?
3. Will cross-chain private execution (e.g., via Miden or Aleo) introduce new metadata leaks at the bridge layer, and how should developers evaluate those tradeoffs?
4. How might Kohaku catalyze new categories of applications—private social networks, private DAOs, or privacy-preserving financial tools—that were previously impractical?
5. As new privacy technologies like FHE, MPC, and zkVMs mature, how should Kohaku evolve its adapter standard to maintain interoperability without fragmenting the ecosystem?

1. Kohaku GitHub Repository https://github.com/ethereum/kohaku
2. Kohaku Roadmap (Ethereum Foundation Notes) https://notes.ethereum.org/@niard/KohakuRoadmap
3. Railgun Protocol Documentation https://docs.railgun.org
4. Privacy Pools Documentation https://docs.privacypools.com
5. Hinkal Protocol https://hinkal.pro
6. Tornado Cash Documentation (Archived / Reference Only) https://github.com/tornadocash/tornado-core
7. Miden Documentation https://miden.xyz
8. Aleo Developer Documentation https://developer.aleo.org
9. Aztec Network Documentation https://docs.aztec.network

Current Privacy Solutions

Ethereum already has a surprisingly rich ecosystem of privacy tools, but they are scattered across different layers and expose different mental models to users. Existing approaches fall into two buckets relevant to private payments: on-chain privacy protocols that live directly on Ethereum and EVM networks, and off-chain or separate-chain systems that execute privately elsewhere and then bridge results back.

On-chain protocols

Tornado Cash is a fixed-denomination mixer where users deposit assets into a shared pool and later withdraw to a new address using a zero-knowledge proof. This breaks the link between sender and recipient but only for simple transfers and requires careful operational hygiene. Limited anonymity sets and regulatory challenges further constrain its usability.

Railgun provides a shielded balance system where users hold private balances on Ethereum or L2s and can perform transfers or DeFi actions without exposing their transaction graph. It offers strong privacy and native composability, though users and wallets must handle concepts like shielding, relayers, and viewing keys.

Privacy Pools extend mixer designs with association sets, allowing users to withdraw funds while proving they come from a curated group of legitimate deposits. This enables compliance-friendly privacy but introduces new components such as set providers and policy decisions.

Hinkal functions as privacy middleware using an invisible wallet model. Users shield assets into Hinkal and interact with DeFi while keeping their public address clean. Optional attestations make it more attractive for institutional use, though it still requires dedicated wallet integration.

These protocols demonstrate that private transfers, private DeFi, and compliance-aware flows are all possible on Ethereum today, but each demands its own integration and mental model.

Off-chain and separate-chain services

Miden is a zk-rollup built on a custom VM that supports private, high-throughput execution. Users bridge assets in, execute privately, and bridge results back, making Miden a private L2 environment rather than a drop-in module. It has potential as a future privacy backend via adapters.

Aleo is a private L1 with fully encrypted, programmable applications. Users operate entirely within the Aleo ecosystem and must bridge in and out, but the system can serve as a privacy coprocessor for Ethereum once integration paths mature.

Other emerging systems, including experimental networks like Satra, explore zkVMs, MPC, or FHE-based private execution. These operate independently today and require bridging but expand the long-term design space for privacy modules.