Compliance Privacy, What is Ethereum's Latest Privacy Major Upgrade Kohaku?

On November 16, Ethereum founder Vitalik showcased Kohaku, a privacy-first tool for the Ethereum ecosystem, at Devcon 2025 in Buenos Aires, Argentina. Kohaku aims to enhance the privacy and security of the Ethereum ecosystem.

What exactly is Kohaku? How does it achieve privacy? Is privacy becoming increasingly important in the Ethereum ecosystem?

Ethereum in 2025: Increasing Focus on Privacy and Security

As early as 2023, Vitalik mentioned the "Privacy Transition" in his article on the "Three Transitions":

"Ensure privacy-protecting value transfer services and that all other tools under development (social recovery, identity, reputation) have privacy-protecting features."

"Without a privacy transition, Ethereum will fail because exposing all transactions (including POAP, etc.) for everyone to see is too much privacy loss for many users, who will turn to at least somewhat data-hiding centralized solutions."

Two months after the publication of the "Three Transitions" article, Vitalik was involved in co-authoring "How Privacy-Preserving Pool Protocols Balance Privacy and Compliance Requirements." Later, when we introduce Kohaku, we can see the practical results of Ethereum in this direction.

At the end of 2024, Vitalik published a blog post elaborating on the vision for an ideal secure wallet, once again mentioning that "Privacy and security attributes are the most valuable to focus on."

Entering 2025, Vitalik increasingly emphasizes privacy, and the Ethereum Foundation has also taken more actions in the privacy direction. In April of this year, Vitalik released a simplified version of the Ethereum L1 Privacy Roadmap.

In May, he posted on social media, stating, "Nordic countries are abandoning the push for a cashless society because they found the centralized implementation of this concept too fragile. It turns out that cash as an alternative means is necessary. Ethereum needs to have enough resilience and privacy to play a trusted role in this scenario."

On September 14, the Ethereum Foundation released an end-to-end privacy roadmap aimed at building comprehensive privacy protection for the world's second-largest blockchain. The original "Privacy and Scalability Exploratory Team" was renamed the "Ethereum Privacy Stewardship" (PSE), shifting its focus from speculative exploration to solving real problems and optimizing ecosystem outcomes.

On October 9, the Ethereum Foundation announced the formation of a Privacy Cluster, consisting of 47 top blockchain researchers, engineers, coordinators, and cryptography experts, to drive privacy-preserving features for the Ethereum network. Led by Igor Barinov, the cluster will integrate existing foundation privacy R&D projects and drive new privacy-related initiatives. On the same day, Vitalik retweeted the Kohaku roadmap, stating that full-stack privacy and security are Ethereum's top priorities.

On October 10, the Ethereum Foundation's Fund Recovery Coordinator team partnered with Keyring Network to launch a new funding mechanism to support privacy developers.

The latest and perhaps most significant development is what we saw at Devcon, the on-site demonstration of Kohaku. It's worth mentioning that in a year where Ethereum has increasingly focused on advancing privacy and security, the token that has benefited the most is likely Railgun ($RAIL), which just hit a historic high of $5 earlier this month, nearly 10 times its price from the low point in April.

What Is Kohaku?

Kohaku is an open-source project designed to enhance on-chain privacy and security. It provides a modular framework that allows developers to build secure, privacy-focused wallets without relying on centralized third-party entities.

On Kohaku's official Github page, the documentation mentions three privacy-preserving liquidity pool protocols: Railgun, Privacy Pools (in development), and Tornado (in development). These protocols enable users to securely obfuscate funds.

Kohaku may be the largest privacy upgrade solution for Ethereum to date. To better understand its workflow, here is a Kohaku workflow diagram drawn by @iamjosephyoung:

- Suppose Bob has a regular address (0xABC...); he creates a stealth key pair associated with that address

- Based on that key pair, Alice derives a completely random and one-time-use stealth address and transfers $1000 to that address

- Bob scans the network to see if the address associated with his stealth key pair has received funds

- Bob spends or claims the $1000; the one-time address expires and is no longer used

In summary, Kohaku uses a user's public key to create a temporary stealth address, allowing you to perform private operations without revealing the association with the main wallet. The stealth address is a privacy solution proposed by Vitalik (ERC-5564 standard), allowing the sender to generate a unique, one-time address for the recipient. This address is designed for a single transaction and is not reused, preventing the transaction from being traced back to the user's identity. People can only see that Alice sent money to this address, but they cannot know that behind this address is Bob, who can directly control the assets in this address through his key pair.

Unlike a mixing pool like Tornado Cash, which is shared by all users, Kohaku does not rely on mixing with other users at all. It is compliant with regulations because Bob can selectively disclose a full transaction history as needed.

Railgun even has a decentralized anti-malware transaction prevention system called "Private Proofs of Innocence," which uses only publicly available malicious address sets from the chain to prove the security of fund sources without compromising user privacy, preventing users from receiving illicit funds.

At Devcon in person, Privacy Pools (@0xprivacypools) demonstrated this feature live in a transfer.

Kohaku not only follows the compliance trend without compromising auditability but also addresses privacy needs. In the long run, this could provide an ideal option for institutions looking to transfer large amounts of funds on-chain.