The Ethereum Foundation officially announced Kohaku’s end-to-end privacy solution and user experience.

The Ethereum Foundation has officially announced Kohaku, an end-to-end privacy solution and reference wallet designed to provide wallet teams with composable privacy and security building blocks rather than serving as a general-purpose consumer wallet.

Core Components & Goals

Provides an SDK with privacy/security primitives and a reference browser extension wallet for advanced users.
Aims to collaborate with wallet teams, allowing them to integrate all or part of its capabilities via a plugin system.
Initial focus is on mainnet, with Layer 2 support to follow.

Key Privacy Features

Integrates the Helios light client for local blockchain state verification, reducing reliance on centralized RPCs.
Plans private eth_call execution using TEE+ORAM, with a long-term goal of pure cryptographic PIR.
Supports private sends/receives and encrypted payment requests via built-in protocols like Railgun.
Aggregates balances from multiple privacy protocols into a unified view.
Implements "one dApp, one account" by default to reduce address correlation.
Includes social recovery using zero-knowledge proofs and a post-quantum emergency signature switch.

Collaboration & Development

Developed in collaboration with teams including Ambire, Railgun, Wonderland, Helios, and the PSE team.
The reference wallet is forked from Ambire and is currently under development, not yet ready for production.

How It Enhances Privacy Over Wallets Like MetaMask

Uses privacy pools (e.g., Railgun) to shield transactions, making sender, receiver, and amount undiscoverable on-chain.
Reduces metadata leakage by using local light clients, optional P2P transaction broadcasting, and minimizing RPC exposure.
Enhances user experience by generating new addresses per dApp and enabling private payments without on-chain exposure.

Kohaku represents a shift towards comprehensive, end-to-end privacy in Ethereum interactions, moving beyond simple on-chain privacy to address vulnerabilities in node trust, network broadcast, and user connectivity.

Author: Zhixiong Pan

Source: chainfeeds

Although the Ethereum Foundation officially announced the privacy wallet tool Kohaku project yesterday, the project had actually been confirmed through some channels as early as June this year.

Kohaku will integrate multiple components across multiple teams to create a complete browser plugin wallet that can be used as a reference for other wallets to enhance end-to-end privacy. These include the Helios light client developed by a16z, the Ethereum Foundation's PSE team, as well as Ambire, Railgun, Wonderland, and others.

The origins of the word Kohaku are quite interesting. Since the project forked from Ambire, they chose the Japanese form of Amber: Kohaku. However, Kohaku also means "koi fish" (specifically red and white), so the project also used the koi fish as its image.

What is Kohaku?

Kohaku is a set of privacy and security primitives and SDKs for wallets, along with a reference wallet (browser extension) for advanced users to put these capabilities into practice.

Kohaku isn't designed to be a mass-market consumer wallet, but rather to provide composable privacy and security building blocks for various wallet teams, allowing users to integrate all or some of these features (via plug-ins) as needed. The initial focus is on privacy features, with the reference wallet being a browser extension forked from Ambire. Officials clearly prioritize mainnet development, with support for Layer 2 (and a focus on "fast withdrawals") to follow.

Kohaku's core goals are to:

An SDK with strong privacy/security primitives;
A reference wallet based on the SDK for heavy users;
Collaborate with other wallets to access all or part of the capabilities as needed;
The reference wallet is a fork of Ambire, with the mainnet first and L2 added later;
Both the SDK and the reference wallet come with a plugin system, making it easy for each wallet team to select features as needed.

Core Direction: Not Just "On-chain Privacy" but "End-to-End"

Kohaku's privacy isn't simply about "putting transactions into a private pool." Instead, every step, from device to node, considers trust and exposure. The roadmap outlines a clear "privacy/security checklist":

Built-in Helios light client (WASM): This runs blockchain state verification locally, minimizing reliance on centralized RPC. (Helios is a multi-chain Ethereum light client from a16z that compiles to WASM, making it suitable for embedding in wallets and dApps.)
Minimal execution client + private eth_call: Even if you're just reading on-chain state (the common eth_call), you need to "keep the server unaware of what you're reading." The roadmap states that "TEE+ORAM (Trusted Execution Environment + ORAM) will be implemented first, with a long-term goal of pure cryptographic PIR."
Private Send/Private Receive/Private Payment Request: The wallet has multiple built-in privacy protocols (Railgun is the first one to be included), supporting "private sending/receiving" and "encrypted payment requests".
Unified view of private balances (multi-protocol aggregation): If you have funds in multiple privacy protocols, the wallet will provide an aggregated view.
Avoid IP leakage and hide traffic, optional P2P broadcast transactions (bypassing traditional RPC broadcast).
The default setting when connecting to a dApp is "one dApp, one account": this naturally reduces address correlation.
Social retrieval (ZKEmail/ZKPassport, etc.): Use zero-knowledge to enable retrieval without revealing your identity.
Post-quantum "emergency switch": When necessary, you can switch to post-quantum signatures such as Falcon/Dilithium (Solidity verifier optimization) to prevent quantum security risks.
Universal Hardware Ethereum App / ZK Hardware Signer / Spending Limit Policy: Make hardware-side capabilities into open source reference implementations, break vendor lock-in, and introduce more detailed "spending policies."

You can think of it as: Railgun and other "on-chain privacy pools" are one of the foundations, but Kohaku also needs to fill in the "loopholes that are easy to leak privacy" such as node trust, network broadcast, front-end connection, recovery, and hardware signature, so as to achieve "end-to-end less exposure."

Roadmap and Collaborative Ecosystem

Phase 1: Privacy/security basic capabilities.
Continuing direction: Make the wallet as "close to the device/kernel" as possible, and even explore "native Ethereum browser" in the future, with IPFS front-end, deeper P2P integration, local AI transaction security scoring (no data leakage), etc.
Collaborating teams: Ambire, Railgun, Wonderland, Helios, PSE, Oblivious Labs, ZKnox, etc.

Product form: SDK + reference wallet (browser extension)

SDK: A composable privacy/security module for other wallet teams.
Kohaku Extension: A browser extension forked from Ambire, used to "run, demonstrate, and prototype these privacy and security capabilities." It's targeted at advanced users, not a final product for the general public.
On GitHub, we can see that the main repository (ethereum/kohaku) is a monorepo, listing the @kohaku-eth/railgun package ("railgun privacy protocol lib"). There are also the kohaku-extension and kohaku-commons repositories. The former contains the extension code (based on Ambire), while the latter is Ambire's common logic library (introduced by the fork).
The homepage of the warehouse also reminds: It is still under development and is not ready for production environment.

Why is it more "private" than MetaMask?

Let’s first talk about the current situation of MetaMask or other wallets:

You are using an open account (EOA), where the address and transactions are permanently public.
When you interact with a dApp, you often use centralized RPC (such as Infura), and the RPC service can see the request and IP you initiate.
If you frequently use the same address to connect to different dApps, you are likely to be profiled by on-chain analysis.

How does Kohaku change this path? Kohaku uses an end-to-end approach to minimize the amount of information that can be linked. Its core differences lie in three key areas:

On-chain transfer itself

Through protocols like Railgun, the funds you want to transfer are first shielded (pooled) to a private address (0zk), and then the transfer/interaction occurs within the private pool; what is seen on the chain are cryptographic records such as new commitments/Nullifiers (anti-double spending), which do not directly expose the source, destination, or amount of funds. The Railgun documentation clearly states: 0zk addresses never appear on the chain, and the system uses UTXO/Note + zk proofs to update status and prevent double spending.
Note: Shield and Unshield (withdrawal) transactions are visible on-chain (because you deposit/withdraw ERC-20 into/from the contract), but transfers, swaps, and calls within the pool are private. Railgun currently charges a 0.25% fee for Shield transactions (determined by its DAO; only Shield transactions are charged, not private transfers within the pool).

Interacting with nodes/network

The wallet has a built-in Helios light client: many read verifications are done locally, reducing trust and exposure to RPC (especially reading).
Planned "private eth_call": Even if you only read on-chain storage, you must use TEE+ORAM (the long-term goal is PIR) so that the other party cannot see what you read.
Optional P2P broadcast: directly send transactions without traditional RPC, reducing the probability of binding "your IP + your transaction".

Frontend/Connectivity and Relevance

Default "one dApp, one account": Each time you connect to a dApp, the wallet will suggest you use a "new address/new account" to avoid cross-site profiling.
Private payment request/private receipt: The payment is sent to the other party using a link/QR code, and the "0zk payment information" does not appear on the chain.
Social retrieval also uses ZK: such as ZKEmail, ZKPassport, and Anon Aadhaar, so that the "recovery" process does not leak privacy.

Complete user experience from MetaMask to Kohaku

You can think of it as: first put the money "in a private wallet", do things in it, and then decide how to "get out".

Step A: Install the Kohaku browser extension and import your mnemonic phrase or create a new one.
Step B: Enable "Private Mode" in the settings and check the Railgun plugin (Kohaku supports multi-protocol plugins). The wallet will generate key material for 0zk locally.
Step C: Shield (Pool Entry): Deposit the ERC‑20 you wish to “privately use” into the Railgun contract (if it is native ETH, it will be wrapped into wETH before entering the pool, this is Railgun’s rule). This step is visible on-chain (because you are depositing funds into the contract), but it is the only “public transaction” to “enter the privacy space.”
Step D: Transfer/Swap/LP/interact with dApp contracts in the private pool. ZK proofs will be generated locally. Only commitment/Nullifier updates will be visible on the chain, and you cannot tell who you transferred to or how much.
Step E: Private payment: You can send the 0zk payment link/QR code to others. This address information will not appear on the chain.
Step F: Unshield (withdraw from the pool) to a new public address when necessary (preferably, avoid returning to the original address to reduce correlation). Some protocols or front-ends may configure delay windows/compliance checks (such as the Privacy Pools direction and the Railgun community's proof mechanism); the Railgun ecosystem has also introduced mechanisms such as a "short observation period with only original return access" to ensure compliance.
Step G: Optionally enable P2P broadcasting, separate accounts for each dApp, and Helios local verification to further reduce the "metadata that can be bound."

Which part is still visible?

Your deposits (Shield) and withdrawals (Unshield) into and out of a privacy pool are public transactions. However, transfers/interactions within the pool are private (you can't see the sender, receiver, or amount; you can only see the "pool status" being updated).
If you withdraw funds directly to the public address you previously deposited funds to, analysts may still "reasonably speculate" that the two are related - it is best to withdraw to a new address or continue spending in the private domain.

Summarize

Kohaku introduces a new privacy and security paradigm to the Ethereum wallet ecosystem, moving beyond a simple on-chain privacy protocol to deeply integrated end-to-end privacy protection. It will significantly enhance the privacy experience for users interacting with decentralized applications, transforming the current paradigm of transparent on-chain behavior and setting a new standard for "privacy by default" for future wallet products.

As its SDK and plugin system are widely adopted by more wallet teams, the way users interact with blockchains may be reshaped: from transparency to privacy, from centralized trust to local verification, and from on-chain public identity to zero-knowledge identity. Kohaku will propel the Ethereum ecosystem into an era of mainstream privacy applications, accelerate the exploration of innovative models that coexist with compliance and privacy protection, and lay a critical foundation for the decentralized internet to enter the next stage.