Ethereum’s Hidden Privacy Engine Just Went Public

The Ethereum Foundation published its Kohaku-Railgun package, embedding ZK privacy directly into wallets. Here’s what Vitalik’s push for native shielded transactions actually means.

The Kohaku repository on GitHub updated 12 hours ago. Not a whitepaper. Not a tweet thread. Actual code, pushed live.

The Ethereum Foundation’s Kohaku project shipped its @kohaku-eth/railgun package, embedding the Railgun privacy protocol as a working library inside Ethereum’s own tooling infrastructure. According to econoar on X, Ethereum native privacy is accelerating, and Vitalik’s latest privacy roadmap introduces Kohaku as a toolkit that uses Railgun to bake ZK privacy directly into wallets.

The repository structure is not prototype material. It lists four packages marked production-ready: the Railgun integration, a Privacy Pools library, a provider abstraction layer, and a post-quantum 4337 account implementation.

The Wallet That Knows Too Much About You

Most wallets leak. Every RPC call, every balance check, every approval, the node on the other end sees it. Kohaku was designed to close that gap, at least for the users willing to run it.

Nicolas Consigny of the Ethereum Foundation published the Kohaku Roadmap, describing the project as an SDK that exposes strong privacy and security primitives alongside a power-user browser extension forked from Ambire. The roadmap targets mainnet first, then Layer 2s that have reached at least Stage 1. Private sends, private receives, private payment requests, and aggregated balance views across shielded protocols are all on the feature list. So is a post-quantum killswitch. Not many wallets are thinking that far ahead.

Consigny also noted on X that a demo is expected by EF Devcon, with the code freely available worldwide across three repositories: the main kohaku repo, the browser extension, and kohaku-commons.

Vitalik Buterin endorsed the codebase on X, treating it as a first-class priority rather than a peripheral research project.

One Address Per App. RPC Hijacks. TEE Servers.

The roadmap features run deeper than private transactions. The default wallet behavior under Kohaku would prompt a fresh address each time a user connects to a dApp. One account per dApp is the framing. The idea being that global address linkability gets broken at the connection layer, not just at the transaction layer.

There’s also a proposal for an “oblivious server,” running eth_call interactions through TEE plus ORAM setups. The goal is reading blockchain state without exposing which storage slots the user is touching. TEEs carry known risks, side-channel attacks, SGX vulnerabilities, trust dependencies on hardware vendors. The roadmap acknowledges this.

Helios, the light client from a16z, gets integrated directly into the browser extension. Users would verify chain state locally rather than trusting an RPC provider. The fallback to a regular RPC is there, controlled by a killswitch.

Hegota Is the Other Half of This Equation

Railgun’s ZK proofs handle the cryptographic shielding. But getting those shielded transactions reliably included on-chain is a separate problem, and that’s where the upcoming Hegota upgrade enters.

Vitalik’s L1 privacy roadmap published on Ethereum Magicians earlier this year laid out how keyed nonces would prevent address-based transaction linking at the protocol level. Privacy transactions depend on fair, uncensored block inclusion. Without it, a builder could quietly filter shielded transactions out.

FOCIL, proposed for the Hegota fork, addresses exactly that. The mechanism lets multiple validators enforce transaction inclusion, removing the single-point-of-failure that a centralized block builder represents. Lido contributors, per a February post on Ethereum Magicians, formally backed FOCIL as the headliner upgrade for Hegota. Eight of eleven client teams had already built prototypes before the proposal was submitted.

The Ethereum Foundation’s Strawmap laid out a multi-year sequence of forks going through 2029. Privacy features appear as a distinct horizontal layer inside that plan, not an afterthought.

The Collaboration List Is Long

Kohaku is not a solo EF project. The roadmap names Ambire, Wonderland, Railgun, Helios, PSE, Oblivious Labs, ZKnox, and several individual contributors including samczsun, Micah Zoltu, and pcaversaccio. The Walletbeat team is also listed as an expected collaborator.

The plugin system is what allows wallet teams to adopt pieces of the SDK rather than the entire stack. A wallet that only wants private sends can take that module. A team that wants the full post-quantum 4337 setup can implement that instead.

ERC-8086 was raised in the Ethereum Magicians thread as one possible future direction, making public-to-private mode an intrinsic token property rather than an external pool interaction. Buterin’s magicians post drew 73 likes and 14,000 views since April 2025, with the thread still active through late 2025.

The @kohaku-eth/railgun package version update that pushed 12 hours ago was labeled “Version Packages (alpha).” The word alpha is doing some work in that label.

The post Ethereum’s Hidden Privacy Engine Just Went Public appeared first on Live Bitcoin News.