Kohaku Unveils Ethereum's Privacy and Security Roadmap

In the world of cryptocurrencies, where privacy is becoming a top priority, Ethereum continues to evolve. As of October 2025, with growing Layer 2 adoption and a focus on account abstraction, the Kohaku has announced an updated roadmap highlighting tools for user protection. This roadmap, published in Ethereum Notes and available here, outlines the project's direction. The effort involves the Ethereum community and collaborators like the Walletbeat team, focusing on an SDK for developers and a reference wallet. Key initiatives include the local light client Helios, private transactions and social recovery, as well as future integrations with DeFi and post-quantum cryptography.

What is Kohaku?

Kohaku is a set of privacy and security primitives designed for Ethereum wallets. The project is developing an SDK with powerful tools for data and transaction protection, along with a reference wallet implementation based on Ambire (a browser extension). It's not a mass-market product but a showcase for power users and developers, emphasizing mainnet-first and L2 support (stage 1+ with fast withdrawals). Official repositories are open for contributions. There are no tokens or governance, the focus is on cryptographic mechanisms like ZK proofs and PIR to prevent leaks and vendor lock-in.

Key Points of the Updated Roadmap

Kohaku's roadmap is divided into phases, starting with basic privacy features and moving to advanced integrations. Here are the main directions, aimed at security without compromising usability.

Local Light Client Helios

Integrating Helios as a WASM package in the browser extension will allow wallets to operate without trusting RPC providers. With a fallback to RPC (if enabled via killswitch), this ensures local transaction verification, minimizing surveillance risks.

Minimal Execution Client

A browser-based execution client for private actions, including eth_call with an oblivious server. Initially via TEE+ORAM, and in the future purely cryptographic with PIR. This enables smart contract execution without revealing data to the server.

Private Sends and Receives

Flow-oriented private transactions via various privacy protocols. This includes private sends, receives, and payment requests through the wallet flow. Aggregated balance viewing across all enabled privacy protocols, plus traffic masking to prevent IP leaks.

Social Recovery

Integration of ZKemail, ZKpassport, and Anon Aadhaar for intermediary-free recovery. Standardized ZK proofs will speed up the process, passing the "walkaway test"—full user autonomy.

Post-Quantum Killswitch

An option for accounts with post-quantum cryptography (Falcon/Dilithium in Solidity). An automatic killswitch protects against quantum threats, with optimized verifiers for Ethereum.

Universal Ethereum App for Hardware

A reference implementation for hardware wallet manufacturers to avoid vendor lock. Plus a ZK hardware signer on Jubjub/Bandersnatch for compatibility with privacy protocols.

Spending Policies and P2P Transactions

Spending policies with limits for different signers, optional P2P transactions broadcasting directly through the p2p network without RPC. This adds flexibility for DeFi interactions, with transparent support for private addresses via ERC-7811.

Additional features include one account per dApp for enhanced isolation, a privacy-first wallet connection kit for peer-to-peer JSON-RPC connectivity, and preventing unnecessary IP leakage.

Future directions explore a native Ethereum browser for deeper security, transaction security scoring via local AI, new social recovery schemes, and advancing privacy-preserving account abstraction.

Ready to dive into the world of Ethereum? Download Atomic Wallet for secure storage of ETH!

‍