Why Does Ethereum Still Need Kohaku? Privacy Concerns Aren't Just in Transactions

Author: Luna

This article is an original contribution from the author. The views expressed are solely those of the author's personal understanding. ETHPanda has edited and organized the content.

Recently, the relevant team within the Ethereum Foundation has become more active in explaining the direction of this privacy-related work around Kohaku to the outside world. The community has shown considerable interest in this name, but some confusion also exists: Is it a wallet, a protocol, or a set of more underlying developer tools? This article will clarify the problems Kohaku aims to solve in a more understandable way.

Kohaku points not to a single feature, but to a theme that is increasingly difficult to avoid in Ethereum's long-term user experience: privacy. It connects privacy protocols, wallet experiences, developer tools, and daily user activities, attempting to bring these capabilities beyond just research papers or tools for a few advanced users.

If summarized in one sentence: What Kohaku wants to achieve is to allow Ethereum users to maintain basic information boundaries while using the open network.

I. First, Understand the Problem: Why Does Ethereum Have Privacy Anxiety?

The power of Ethereum largely comes from its "openness." Transactions, contracts, asset flows, and address interactions can all be verified and audited by anyone. This transparency enables open finance, on-chain governance, and composable applications.

However, the same mechanism also brings side effects: the on-chain behavior of ordinary users is almost by default exposed. An address can reveal which assets a user holds, which protocols they have participated in, when payments or receipts occurred, which addresses they have interacted with, and can even be used to infer certain social relationships or economic status.

In real life, we do not post our bank statements, shopping records, social relationships, and salary income on public bulletin boards. But in the on-chain world, if users consistently reuse the same address, similar information exposure is very likely to occur.

Therefore, Ethereum's privacy issue is not as simple as "whether someone wants to hide bad deeds." It is more like a fundamental user rights issue: As on-chain applications increasingly resemble real-life activities, can users still decide which information should be public and which should only be disclosed in necessary scenarios?

II. What is the Kohaku Initiative?

Kohaku is a set of privacy-first tooling in the Ethereum ecosystem. It revolves around wallets, privacy protocols, developer integrations, and user experience. It is not a standalone consumer App, nor is it just a single protocol.

The Kohaku documentation lists tooling directions for privacy pool protocols such as Railgun, Privacy Pools, Tornado, some of which are still WIP or in alpha stages; the GitHub repository also continued merging related implementations and version updates at the end of May. Therefore, Kohaku is more like a set of evolving privacy infrastructure tools rather than a fully finalized product.

The question it aims to answer is also very concrete: Ethereum already has some privacy protocols and cryptographic capabilities; how can wallets and applications more easily, securely, and naturally integrate them into real-world usage scenarios?

💡 The key word for Kohaku is not "mystery," but "usability": turning privacy capabilities into basic components that wallets and applications can call, users can understand, and the ecosystem can iterate upon.

III. Why is Kohaku Considered "Infrastructure Catch-up"?

Over the past few years, the Ethereum ecosystem has spent a great deal of effort solving issues like scaling, L2, account abstraction, modularity, and data availability. This work has made transactions cheaper, throughput higher, and application deployment more flexible. But for ordinary users, another issue is equally important: Will what I do on-chain be permanently, completely, and without context exposed to everyone?

Privacy technology is not new today. The problem lies in the fact that many privacy solutions have long remained at the protocol layer, research layer, or advanced user layer. Users need to understand complex concepts, wallets require additional adaptation, and developers also lack sufficiently convenient integration methods. As a result, while privacy capabilities exist, they have not become part of the default experience.

Kohaku is precisely about bridging that "from protocol to experience" middle layer. Privacy should not just be a selling point for an independent tool; it can gradually enter more routine areas such as wallet design, account management, RPC access, fund flows, and developer interfaces.

IV. What Specific Problems Might Kohaku Be Addressing?

1. Wallet Layer Privacy: Privacy Must Enter the Entry Point

The wallet is the first entry point for the vast majority of users into Ethereum. If privacy capabilities cannot enter wallets, they will be difficult for ordinary users to truly adopt.

When users connect to a dApp today, they often directly expose a long-term address. This address might be used simultaneously for DeFi, NFTs, social interactions, receiving payments, and voting. Once these activities are linked together, the address is no longer just a technical identifier but becomes a publicly analyzable dossier.

The concept of "many accounts, many you" mentioned in the Kohaku documentation provides an intuitive idea: in reality, a person uses different identities in different scenarios. Correspondingly, in the on-chain experience, wallets could also make it easier for users to create and manage different accounts for different dApps and purposes, and complete funding and usage in more privacy-friendly ways.

2. Transaction Privacy: From "Fully Public" to "Controllable Visibility"

Ethereum transactions are transparent by default; the sender, receiver, amount, and transaction data may all be visible. But not all transactions need to disclose their complete context permanently to the entire network.

This does not mean turning Ethereum into a completely black-box system. A more reasonable direction is "controllable visibility": users can prove, disclose, and audit when necessary, but do not need to expose all information indiscriminately to all observers.

Privacy pool protocols like Railgun and Privacy Pools attempt to provide such capabilities. Kohaku's role, then, is more akin to helping wallets and applications integrate these protocol capabilities into usable experiences.

3. RPC & Network Privacy: Queries Themselves Can Leak Information

When many people discuss on-chain privacy, they only focus on whether transactions are public, overlooking another issue: when wallets query on-chain data, they might also leak what the user is looking at, checking, or which addresses they are concerned about.

Wallets typically need to obtain on-chain information via RPC. If all requests pass through centralized RPC services, users' querying behavior itself could form a profile. Therefore, the Kohaku documentation mentions directions like private RPC, user-defined RPC, light clients, and verifying untrusted RPC results through light clients like Helios.

This type of work may sound less eye-catching than "private transactions," but it is crucial for the real user experience. Because privacy doesn't only happen at the moment a transaction is sent; it also occurs in every step where a wallet loads balances, browses history, connects to applications, and requests data.

4. Developer Usability: Privacy Cannot Stay Only in Papers

For privacy technology to enter mainstream applications, developers must be able to understand and integrate it at low cost. Otherwise, even the strongest cryptographic capabilities can only serve a few teams familiar with the underlying mechanisms.

Through toolkits, documentation, and wallet implementations, Kohaku breaks down these problems into modules more accessible to developers: Which privacy protocols can be integrated? How do wallets handle accounts? How do users complete shield/unshield? How to retain necessary proving capabilities while protecting privacy?

This work requires not just code, but also ecosystem understanding. Wallet teams, protocol teams, application developers, and ordinary users all need to understand more clearly: What problems is Kohaku actually solving, and how will these capabilities enter daily use?

V. Common Misconceptions: Privacy Is Not a Thin Slogan

Misconception 1: Privacy Equals Anonymous Crime Tools

This is the most common and easily misleading misconception. In reality, privacy is a basic need for ordinary people: you would not want all your payment records, asset status, and social relationships to be queried by strangers at any time. On-chain privacy follows the same logic.

Of course, privacy tools need to address risks of abuse and explore mechanisms for proof, disclosure, and risk control. However, the existence of risks should not lead to negating all reasonable privacy needs of users.

Misconception 2: Ethereum Already Has Privacy Protocols, So the Problem Is Solved

There is a big gap between "having tools" and "users being able to use them naturally." Ordinary users will not research complex protocols for every daily interaction, nor will they voluntarily take on the security risks that come with high-threshold operations.

Therefore, the real key is to build privacy capabilities into wallets, default processes, and developer interfaces. Only when users can make safer choices without becoming cryptography experts can privacy be considered to have entered the product layer.

Misconception 3: Kohaku Is a Standalone Product

Kohaku is not a single product but a set of work revolving around privacy protocol toolkits, wallet implementations, best practices, RPC privacy, and developer integrations.

Thus, evaluating Kohaku is not just about whether it has launched a standalone App, but also about whether these tools can be absorbed by more wallets and applications to become part of the default experience.

Misconception 4: Privacy and Compliance Are Inevitably in Conflict

There is indeed tension between privacy and compliance, but it is not necessarily a binary choice. More important future directions may include minimizing information exposure, selective disclosure, verifiable claims, risk isolation, and user authorization.

In other words, good privacy design is not about making all information disappear, but about allowing information to be disclosed only in appropriate scenarios, with appropriate granularity, and to appropriate parties.

VI. What Would Users Experience After These Capabilities Enter Wallets?

If work like Kohaku is adopted by more wallets, ordinary users might first notice not complex cryptographic concepts, but several changes closer to daily use.

• Wallets might encourage users to manage accounts by scenario more, rather than tying all activities to one long-term address.
• The barrier to using privacy protocols might decrease, but this depends on wallet integration, protocol maturity, and security audit progress.
• Wallets might pay more attention to RPC, query, and network layer leakage issues; users would be protected not just in transactions themselves, but also in their querying behavior.
• Users might have more choices: when to be public, to whom, and to what extent.

These changes will not happen overnight, nor do they mean all wallets will immediately incorporate complex privacy features. But they point in the same direction: the maturation of Ethereum's user experience should not only be reflected in being cheaper and faster, but also in being safer and having more defined boundaries.

VII. What Should Developers Focus On?

For developers, the focus of Kohaku is not to require all applications to immediately shift to being privacy-first, but to make privacy capabilities easier to understand, test, and integrate.

In the past, many applications by default required users to connect with the same address and built all interactions on the premise of address traceability. As privacy tools gradually mature, product teams can rethink: Should they support more granular identities? Should they reduce unnecessary data exposure? Should they make privacy protection a more natural default process, rather than hiding it in advanced settings?

This is especially true for wallet teams. Wallets are not just signing tools; they are also the management layer for user identity, assets, permissions, and information boundaries. The value of Kohaku ultimately depends on whether these complex technologies can be translated into simple, trustworthy, low-friction interactions.

Conclusion: Privacy Is a Piece of the Puzzle for Ethereum's Journey Towards Everyday Use

If Ethereum were merely an open ledger used by a few developers and traders, the privacy pressure brought by transparency might not be so apparent. But if Ethereum is to carry broader activities like payments, identity, social interactions, organizational collaboration, and finance, then privacy is no longer a peripheral issue.

The importance of the Kohaku Initiative lies precisely here: it not only states "Ethereum needs privacy," but also places privacy back into the positions that truly affect user experience—wallets, protocols, and developer tools.

Kohaku is still under construction and iteration, but it addresses a very real problem: In a default-public on-chain world, how can users regain the right to choose?

This might also be a question that Ethereum's next phase of user experience must answer. Truly mature public infrastructure should not only allow everyone to participate but also enable everyone to maintain reasonable boundaries while participating.