Ethereum 一直面臨一個核心矛盾:它是一個建立於透明度之上的網絡,但日益暴露用戶資料。鏈上擁有先進零知識密碼學、嚴謹審計規範、及數十億資產保障,然而2025年的普通用戶在追求基本財務隱私時仍然遇到繁瑣且分散的體驗。交易依然可追查、資產餘額是公開的,元資料經中央化基礎設施外洩。研究理論存在—但易用性並沒有。
這個缺口正是 Kohaku 想要填補的。於2025年11月在布宜諾斯艾利斯舉行的Devcon大會上,由Vitalik Buterin發佈。Kohaku是以太坊把多年隱私研究落實到日常工具最具野心的嘗試。這不是新混幣機,不是新Layer-2,也不是另一套理論協議,而是針對錢包層的框架—一套SDK、參考實作和設計模式,將現有隱私基礎設施整合到一致且以用戶為中心的體驗當中。
隨著風險提高,隱私問題再度成為焦點。現實資產通過公鏈流動,機構資金需要低調,制裁混幣工具後合規監管加強,更重要的是鏈上身份與現實生活日益結合,帶來真實的人身和財務風險。在此情況下,以太坊的傳統透明度反而成為一種弱點。
本文將詳細解析Kohaku:其功能、運作方式、重要性,以及它在以太坊未來的隱私、安全與監管生態中的定位。
走到2025:以太坊為何會進入這個隱私新階段
要理解Kohaku,必須知道其背後數十年的基礎建設及重複出現的失敗。
以太坊的安全文化源自一場創傷:2016年DAO攻擊,當時因重入漏洞導致約6,000萬美元ETH被盜。這次事件催化全生態轉變,審計成為日常,Multi-sig(多重簽名)錢包從理論轉為實用,SEAL等安全團隊出現,Solidity及Vyper語言加強保障。至2025年,嚴重資本操作已默認用多簽錢包,一層網絡(Layer-1)安全性顯著提升。
隱私基建沿著平行軌道發展。2018年Byzantium升級增加了橢圓曲線預編譯(EC-add、EC-mul、EC-pairing),讓零知識SNARKs於以太坊成為現實,為日後隱私協議打下基礎,包括Tornado Cash與Railgun。
Tornado Cash作為早期最著名的隱私工具,以混幣模式打破交易鏈接,曾經處理過數以十億計的存款。但突出表現也引來監管。2022年8月,美國財政部海外資產控制辦公室制裁Tornado Cash,指其涉嫌協助北韓Lazarus Group等黑客洗錢逾70億美元。相關錢包被凍結,美國人與其互動等同違法。
此舉讓生態出現巨大法律不確定性。GitHub封鎖開發者帳號,Circle在相關地址凍結USDC,訊息明確:無論正當性,隱私工具都會受到強力監管審查。
2024年11月,美國第五巡迴上訴法院推翻制裁,裁定OFAC無權制裁不可更改、無人掌控的智能合約。2025年3月,OFAC正式取消Tornado Cash制裁。但這段經驗已深深影響開發者信心,突顯不考慮合規的隱私協議處境有多脆弱。
同時,安全威脅的數據越見嚴峻。2025年上半年加密黑客事件已超2024全年,共失2.47億美元,分334宗攻擊。錢包被盜特別嚴重,34宗個案損失17億美元。地址投毒攻擊於2022至2024年間影響了1700萬用戶,損失8,380萬美元。釣魚及錢包抽水工具於2024年單年偷走約5億美元。
這些數據反映:區塊鏈公開透明反被用作武器。攻擊者用鏈上數據鎖定目標、分析交易規律安排釣魚,又製造相似地址誘使用戶誤複製,令風險升級。
除財務攻擊外,鏈上身份曝光帶來人身危機。資安專家Jameson Lopp稱,2025年已通報32宗針對加密持有人的「板手攻擊」(wrench attacks),全年或超越2021最高紀錄,包括綁架、肢解及勒索。而鏈上餘額公開,助攻擊者精確鎖定高價值目標。
在這種背景下,隱私已由理念變為必需。可惜即使密碼學技術先進,普通用戶仍困於使用困難。隱私協議需獨立助記詞,Shield池不支援多簽,鏈上交易廣播服務常失效,使用體驗分散、技術性高,令人沮喪。
2025年4月,Buterin發表《我為何支持隱私》,詳細論證隱私對自由、秩序和進步的重要性。他強調隱私能抵禦中央監控及分散社會壓力,公開人物還會因財務活動受騷擾或評價。文章亦提到AI崛起,警告其數據收集及分析能力大增。Buterin認為,零知識證明及其他密碼方案令「隱私優先」方案可兼顧安全及問責。
這篇文章為隨後的動作奠下理念基礎,即要在以太坊用戶實際體驗層全面推進隱私。
什麼是Kohaku?
Kohaku其實是以太坊面向錢包的新一代隱私安全工具箱。由以太坊基金會隱私群組主導,集結47位研究員、工程師及密碼學家,團隊由Blockscout創辦人Igor Barinov協調。Kohaku讓開發者毋須倚賴中央第三方即可用開源框架製作安全且保護隱私的錢包。
項目包含數個組件:基礎是模組化SDK,提供可重用組件,涵蓋隱私發送收款、更安全的密鑰管理與恢復,還有基於風險的交易控制。開發者無需重頭自建隱私棧,SDK提供標準模式,他們可按需求選用。
SDK之外,還有參考錢包實作:以Ambire錢包為基礎分叉的瀏覽器擴展版,主要給高階用戶。這版示範如何把不同隱私原語配置起來,是功能工具亦是其他錢包團隊範本。
重要的是,Kohaku並非新混幣機或獨立鏈,而是插入現有以太坊隱私基礎設施。GitHub代碼庫包含Railgun與Privacy Pools等協議軟件包,用戶可善用成熟系統屏蔽資金,兼享更優錢包整合體驗。
對用戶而言,首發版Kohaku支援多項功能。私有及公開交易模式共存於一個錢包內,每次操作自主選擇曝光度。框架支援每個DApp獨立帳戶,降低不同服務行為被關聯。P2P廣播繞過中心化... RPC servers that can log transaction metadata. Tools to hide IP addresses and other network-level identifiers are integrated into the design.
可記錄交易元數據的RPC伺服器。設計中已整合了隱藏IP地址及其他網絡層識別碼的工具。
The project also incorporates new recovery mechanisms that do not rely solely on seed phrases. Using zero-knowledge tools like ZK-Email and Anon Aadhaar, users can prove their identity to recovery systems without revealing personal information, enabling social recovery that preserves privacy.
此項目亦引入了不單靠助記詞(seed phrases)的新型恢復機制。透過ZK-Email 和 Anon Aadhaar等零知識技術,用家可以於無需洩漏個人資料的前提下,向恢復系統證明其身份,實現兼顧私隱的社交式資產恢復。
Kohaku emerges from the Ethereum Foundation's broader Privacy Cluster initiative, which works across five key areas: private reads and writes for payments and interactions without surveillance, private proving for portable verification, private identities through selective disclosure, privacy experience improvements for everyday users, and institutional adoption through a dedicated task force. The cluster builds on over 50 open-source projects developed by the Privacy and Scaling Explorations team since 2018, including primitives like Semaphore for anonymous signaling, MACI for private voting, and zkEmail.
Kohaku 是源於以太坊基金會內容更廣泛的私隱群組計劃,涵蓋五大重點範疇:交易和互動的隱私讀寫(無須受監察)、可移動驗證的隱私證明、透過選擇性披露實現的私密身份、提升日常用戶的隱私體驗、以及成立專責小組推動機構採用。此群組建基於自2018年以來,Privacy and Scaling Explorations 團隊超過50個開源項目,包括 Semaphore(匿名訊號)、MACI(私密投票)、zkEmail等基礎模組。
Deep Architecture Breakdown: How Kohaku Works
架構深度解析:Kohaku 如何運作
Understanding Kohaku's significance requires examining its technical architecture. The framework addresses privacy at multiple layers - key management, transaction shielding, and network-level metadata - while maintaining compatibility with Ethereum's existing infrastructure.
要明白 Kohaku 的重要性,就要從技術架構角度去理解。此框架於多個層面解決私隱問題 —— 包括金鑰管理、交易遮蔽、及網絡層元數據 —— 同時與以太坊現有基礎設施保持兼容。
Multi-Key Wallet Architecture
多重金鑰錢包架構
Traditional cryptocurrency wallets rely on a single private key derived from a seed phrase. This creates a binary security model: either you have full control, or you have none. Kohaku introduces a more granular approach through multi-key architecture with defined roles and permissions.
傳統加密貨幣錢包一般只用來自助記詞的一組私鑰,帶來二元化的安全模式:要麼全控,要麼無控。Kohaku 則以多重金鑰、明確分工和權限劃分,令安全管理更細緻。
Under this model, wallets can assign different keys to different functions. A viewing key might allow monitoring balances without spending authority. A spending key might require additional authentication for transactions exceeding certain thresholds. High-value transfers can trigger extra confirmations or multi-factor verification, implementing the kind of risk-based access controls that Buterin has advocated.
於此模式下,錢包可將不同用途分派給不同金鑰。例如查看金鑰可查閱結餘而無支出權限;支出金鑰則當超越特定金額時需要額外認證;高價值轉賬可以觸發額外確認或多重認證,真正實現 Buterin 所推崇的風險分級存取控制。
This architecture also enables new recovery patterns. Rather than relying exclusively on seed phrases - which remain the dominant single point of failure in crypto security - Kohaku's framework supports recovery through zero-knowledge proofs of identity. A user might recover access by proving they control a specific email address or government identity document, without revealing the document itself. The cryptographic proof demonstrates legitimacy without exposing personal information to the recovery system.
此架構亦支援新型的恢復模式。不再單靠助記詞(這仍然是加密安全的一個單點故障源),Kohaku 的方案容許透過零知識身分證明進行恢復。用戶只需證明自己控制著特定電子郵箱或政府身份文件,毋須提交文件內容本身。不洩漏個人資料下,由密碼學證明合法性。
Opt-In Shielding and Private Transactions
自願選用遮蔽及私隱交易
Kohaku does not force all transactions into obscurity. Instead, it lets wallets offer public and private modes side by side. When users choose privacy, the wallet routes transactions through protocols like Railgun or Privacy Pools, generating fresh, unlinkable addresses for receiving funds and minimizing the onchain footprint.
Kohaku 並非強迫所有交易都隱藏不公開,而是讓錢包同時支援公開與私密兩種操作。當用戶選擇私隱模式時,錢包會透過 Railgun 或 Privacy Pools 等協議進行轉發,並產生全新、不可連結的收款地址,盡量減少鏈上痕跡。
Railgun uses zk-SNARKs to shield transaction details - token types, amounts, and parties involved - while allowing interactions with existing DeFi protocols like Uniswap and Aave. Users "shield" tokens by depositing them into Railgun's smart contracts, conduct private operations, and can later "unshield" to public addresses when needed. The protocol has been deployed across Ethereum, Polygon, BSC, and Arbitrum.
Railgun 用zk-SNARKs 技術遮蔽交易資料(如資產類型、金額及涉及方),同時讓用戶與現有 DeFi 協議如 Uniswap、Aave 無縫互動。用戶可將代幣「遮蔽」存放於 Railgun 智能合約,進行私密操作,日後需要時再「解除遮蔽」提回公用地址。該協議已在 Ethereum、Polygon、BSC 及 Arbitrum 上線。
Privacy Pools, developed by 0xbow, add a compliance dimension through "association lists." These lists enable users to generate zero-knowledge proofs demonstrating that their funds do not originate from sanctioned or illicit sources - a "proof of innocence." The approach attempts to separate legitimate privacy-seeking users from bad actors, allowing wallets to block clearly illicit flows without stripping privacy from everyone else.
Privacy Pools(由 0xbow 開發)則加入了「聯繫清單」以配合合規需要。這些清單讓用戶出示零知識證明,證明資金來源不涉及受制裁或違法資產——即「清白證明」。此舉旨在劃清正當追求私隱的用戶與不法分子,令錢包可封鎖明顯非法流,一般用戶則繼續享有隱私。
This selective visibility represents a pragmatic middle ground between maximal privacy and full transparency. It acknowledges the reality that some degree of compliance integration may be necessary for mainstream adoption while preserving privacy as the default for legitimate users.
這種選擇性可見策略,在極端私隱及完全透明之間,取了一個務實的中間位。它承認某程度的合規整合對普及有其需要,並維持正當用戶的私隱作為預設。
Network-Level Privacy
網絡層私隱
Transaction privacy extends beyond what appears on the blockchain. When users broadcast transactions, check balances, or interact with decentralized applications, they typically route through Remote Procedure Call servers that can log IP addresses, view queries, and correlate activity. This metadata leakage undermines transaction privacy even when the onchain footprint is minimized.
交易的私隱遠超區塊鏈資料本身。當用戶廣播交易、查閱餘額、或與去中心化應用互動時,通常會透過 RPC 伺服器,這些伺服器或會記錄IP位址、查詢內容並關聯活動紀錄。即使鏈上資料極少,只要這些元數據外洩,交易私隱同樣受到威脅。
Kohaku's roadmap addresses network-level privacy through several mechanisms. Integration with mixnets allows transactions to be relayed through multiple nodes, obscuring the originating IP address. Plans for zero-knowledge-powered RPC or browser integrations would allow users to read blockchain data without revealing their queries to service providers. The reference wallet integrates the Helios light client, which validates blockchain data locally without trusting centralized RPC providers - eliminating a key privacy leak in current infrastructure.
Kohaku 計劃針對網絡層私隱提供不同方案:整合混合網絡(mixnets),令交易經多個節點轉發,隱藏源頭IP地址。未來計劃加入零知識驅動的 RPC 或瀏覽器插件,用戶查閱區塊鏈資料時無需向服務商曝光查詢內容。官方錢包亦內置 Helios 輕客戶端,本地驗證鏈上資料,無需信任中心化RPC伺服器,堵塞現有基礎設施內的重要私隱漏洞。
These measures reflect an understanding that privacy requires defense in depth. Shielding transaction amounts means little if an observer can correlate query patterns to user identities.
這些措施反映團隊認為私隱必須層層把關。即使交易金額已遮蔽,如果查詢行為可被對應到身份,私隱也形同虛設。
L2-Agnostic Design
L2-無關架構設計
Ethereum's roadmap increasingly emphasizes a rollup-centric future, where layer-2 networks handle most transaction execution while layer-1 provides security and data availability. In this environment, privacy must work consistently across multiple chains - otherwise, users face fragmented experiences depending on which rollup hosts their assets.
Ethereum 的發展藍圖漸趨「Rollup為中心」(rollup-centric future),即 L2 協議主理運行層,主鏈則負責安全與數據可用性。若要在這格局下推動普及,私隱技術必須能跨鏈協作,否則用戶體驗因資產身處的Rollup不同而支離破碎。
Kohaku's design is L2-agnostic, providing patterns and code that rollups and applications can all rely on. Instead of every network inventing its own stealth address system or recovery flow, Kohaku offers a shared baseline. This matters for both user experience and privacy guarantees, since larger privacy sets across more networks provide stronger anonymity.
Kohaku 設計上「不連繫特定L2」,為各Rollup及應用提供統一的模式與程式碼。避免每個網絡重造輪子,各自設計私密地址或恢復流程。這對用戶體驗及私隱強度都極為重要,因為橫跨多鏈的「私隱集合」愈大,匿名性愈高。
Why Kohaku Matters in 2025
Kohaku 在2025的重要性
Kohaku's significance extends beyond its technical features. The framework represents an attempt to close the persistent gap between Ethereum's theoretical privacy capabilities and its practical user experience.
Kohaku 的意義不單止在於技術。它試圖彌補以太坊理論上擁有的私隱能力,與現實用戶體驗之間,一直以來的落差。
For years, research teams shipped faster proofs, more efficient cryptographic primitives, and safer contract patterns. But Buterin's complaints at Devcon were mundane: extra seed phrases, no multisig support in private pools, unreliable broadcasters, five clicks to do a private send, public balances that make users targets. These usability failures have pushed people back to centralized exchanges because they are simpler - a perverse outcome for a decentralized ecosystem.
多年來,研究團隊不斷推出更快的證明、更高效的密碼學元件及更安全的合約模式。但正如 Buterin 在 Devcon 所批評:多餘的助記詞、私密池無法多簽、多數廣播器不可靠、做一次私密轉賬要點五次、餘額公開令用戶成為目標等日常問題。這些易用性敗筆,反倒令用戶回流中心化交易所──這和去中心化世界的初衷背道而馳。
By focusing on wallets, Kohaku targets the layer closest to users. It provides L2 networks and DApps something they have been missing: a shared, privacy-aware baseline. Rather than treating privacy as an advanced feature for power users, Kohaku makes it accessible as a default option that works within familiar interfaces.
Kohaku 以錢包為切入點,直接針對最貼近用戶的一層,為 L2 網絡及 DApp 補足一直欠缺的「私隱底線」。它不再將私隱視為進階玩家專屬的「高級功能」,而是以預設、直觀而無門檻的方式提供給所有用戶。
The security implications are substantial. Wallet poisoning, phishing, and metadata tracking all exploit the transparency that Ethereum provides. When users can shield balances, generate fresh receiving addresses, and obscure their network activity, attack surface diminishes significantly. Self-custody becomes more competitive with centralized exchanges that offer privacy through internal ledgers rather than onchain transparency.
這對安全的意義尤其重大。錢包投毒、釣魚和元數據追蹤,全都依賴以太坊高度透明。當用戶可遮蔽餘額、生成新收款地址及隱藏網絡活動,黑客的攻擊面大大縮細。自我託管的私隱性亦有望追平甚至超越那些僅依賴內部台帳而非公鏈透明的中心化交易所。
Institutional adoption presents another consideration. Traditional finance operates with significant privacy expectations - banks do not publish customer balances, and trading desks guard their positions jealously. As tokenized assets and institutional capital flow onto Ethereum, the absence of privacy creates barriers. The Ethereum Foundation has launched an Institutional Privacy Task Force to explore how privacy-preserving technologies can coexist with compliance requirements, aiming to publish guidelines that map privacy tools to frameworks used by businesses and auditors.
面對機構級應用,私隱更是不容忽視的一環。傳統金融對私隱有極高要求──銀行從不公開客戶結餘,交易部門更是視持倉如命。當資產代幣化及機構資金漸流入以太坊,缺乏私隱將成絆腳石。Ethereum Foundation 已設立Institutional Privacy Task Force,研究如何令私隱技術及合規和平共處,並發佈指引將私隱工具對應企業、審計等業界使用的框架。
Regulatory and Ecosystem Implications
法規及生態影響
Kohaku arrives amid ongoing tensions between privacy advocates and regulatory authorities. The framework explicitly navigates this terrain by incorporating "responsible privacy" features alongside its core privacy-preserving capabilities.
Kohaku 推出時正值私隱派與監管機構各執一詞。此框架明確在兩極之間尋求平衡,既堅持私隱原則,亦引入「負責任的私隱」配合合規需要。
Association lists exemplify this approach. By allowing users to prove their funds do not originate from sanctioned sources, Privacy Pools create a mechanism for compliance-friendly privacy. Users can interact with services that require such assurances without revealing their entire transaction history. The approach acknowledges that some visibility may be appropriate for certain contexts while maintaining default privacy elsewhere.
所謂聯繫清單正是此理念表現。用戶可證明資金非源自受制裁來源,Privacy Pools 就是這種有利合規的私隱機制。用戶與要求這類保證的服務互動時,無須交出完整交易紀錄。Kohaku 承認某些場景下適當曝光有其合理性,其餘則默認私隱為首選。
This pragmatism generates controversy within the community. Critics argue that any selective visibility normalizes financial surveillance and creates pressure to prove innocence - inverting the presumption that should protect legitimate users. They note that "unlawful sources" can be defined by governments with varying commitments to human rights, potentially weaponizing compliance mechanisms against dissidents or marginalized populations.
這種務實方針在社群內引起不少爭議。批評者認為任何「選擇性曝光」都會慣常化財務監控,倒過來逼良為證,顛覆本應保障正當用戶的推定。他們指出「不法來源」的定義操之政府,難保不會淪為打壓異見或弱勢的工具。
Defenders counter that practical privacy tools require navigating existing regulatory realities.
支持的人則認為,私隱工具若要落地,難免要面對現實監管環境……They point to the Tornado Cash sanctions as evidence that maximalist approaches invite aggressive enforcement, whereas tools with compliance integration may achieve broader adoption and therefore deliver more meaningful privacy at scale.
他們指出,Tornado Cash 遭受制裁是一個例證,說明極端主義做法容易招致強硬執法;相反,有合規整合的工具可能更易被廣泛採用,因此能在大規模上提供更有實質意義的私隱。
The MiCA regulation in the European Union, fully applicable since December 2024, adds complexity. MiCA requires crypto-asset service providers to implement the Travel Rule, exchanging sender and recipient information with every transfer. National authorities across EU member states now enforce compliance requirements that could conflict with privacy-preserving tools.
歐盟於 2024 年 12 月全面實施的 MiCA 規例,令情況更複雜。MiCA 要求加密資產服務供應商執行「Travel Rule」,即每次轉帳都要交換發送者和收款人的信息。各個成員國的主管機關均會執行合規要求,這些要求可能與保障私隱的工具產生衝突。
Yet MiCA also creates incentives for innovation. Clear regulatory frameworks provide certainty that encourages institutional participation, and the ability to demonstrate compliance through cryptographic proofs rather than full disclosure could prove valuable to entities navigating these requirements. Kohaku's design allows selective disclosure - proving what is necessary without revealing what is not.
不過,MiCA 亦為創新帶來誘因。明確的監管框架提供了穩定預期,促進機構參與,同時能以密碼學證明而非全數披露資料去證明合規,對應對這些要求的機構來說十分有價值。Kohaku 的設計容許選擇性披露——只證明必要事項,無需洩露全部資料。
FATF guidance and potential U.S. legislative action present additional considerations. The regulatory landscape remains unsettled, and tools like Kohaku must maintain flexibility to adapt as requirements evolve.
FATF(金融行動特別組織)的指引及美國潛在的立法行動帶來更多須要考慮的因素。監管形勢仍未明朗,像 Kohaku 這類工具必須保持彈性,以因應日後條件的改變。
Trade-Offs, Limitations, and Risks
取捨、限制與風險
Kohaku is not a complete solution, and its architecture introduces trade-offs that deserve careful consideration.
Kohaku 並非萬能方案,其架構上的設計亦帶來多種取捨,需要仔細考量。
A wallet that juggles multiple keys, recovery paths, privacy toggles, different broadcasting options, and plug-in modules presents a larger attack surface than a simple seed-phrase-and-send setup. Each component introduces potential vulnerabilities. Misconfigurations or insecure add-ons could compromise privacy or security. The complexity demands serious audits and clear rules around upgrades and defaults.
一個同時管理多把金鑰、多種復原方案、私隱開關、不同廣播選項及外掛模組的錢包,比起單純的「助記詞加轉帳」方案擁有更大被攻擊的表面。每個環節都有潛在漏洞,設定失誤或不安全的外掛有可能損害私隱及安全。這種複雜性要求嚴格的審計流程和明確的升級、預設規則。
User experience presents another challenge. Clarity between private and public flows is essential - users must understand when their actions are shielded and when they are not. Confusion could lead to inadvertent exposure, undermining the privacy guarantees users expect. The framework can suggest good patterns, but it cannot force wallet teams to ship clear interfaces.
用戶體驗亦是一大挑戰。清楚分辨私密與公開流程至關重要——用戶必須知道他們的操作何時受保護、何時不受保護。混淆可能導致無意間外洩敏感資料,削弱用戶原本期望的私隱保障。框架可建議良好示範,但無法強制錢包開發團隊交付清晰介面。
Developer responsibility becomes significant under this model. Kohaku provides building blocks, but implementation quality varies. A poorly implemented wallet could misconfigure privacy protocols, leak metadata, or fail to properly manage key hierarchies. The ecosystem will need standards, audits, and best practices to ensure that Kohaku-based wallets actually deliver their promised protections.
在這模式下,開發者的責任變得更加重大。Kohaku 只提供基礎模組,落實執行的質量高低有別。劣質的錢包可能設定錯誤私隱協議,外洩中繼資料,或未能妥善處理金鑰層級管理。整個生態必須建立標準、審計流程和最佳實踐,確保以 Kohaku 為本的錢包真正實現所承諾的保護。
Performance and cost considerations also apply. Zero-knowledge proofs, while dramatically more efficient than earlier generations, still impose computational and gas costs. Privacy features may increase transaction expenses, creating trade-offs that users must navigate based on their needs and resources.
效能和成本方面同樣需要考慮。零知識證明雖比往代技術大幅提升效率,但仍然涉及運算與 gas 開支。私隱功能或令交易成本上升,用戶需要根據自身需要和資源取捨。
Finally, regulatory pressure represents an ongoing risk. Even with compliance-friendly features, privacy tools may face future restrictions as governments develop more sophisticated approaches to blockchain oversight. Tools designed for current regulatory frameworks may require modification as those frameworks evolve.
最後,監管壓力屬於持續的風險。即使設有合規支援,私隱工具未來仍有機會受到額外限制,尤其當政府加強針對區塊鏈的監察。因應監管框架轉變,現有工具可能需調整改良。
How Kohaku Fits Into Ethereum's Roadmap
Kohaku 如何融入以太坊藍圖
Kohaku aligns with several major themes in Ethereum's evolution, positioning privacy as a natural extension of the network's development rather than a niche add-on.
Kohaku 與以太坊發展中的多個主要主題一致,把私隱視為網絡發展的自然延伸,而非次要功能。
Account abstraction through ERC-4337 transforms wallets from simple key-holding mechanisms into programmable smart accounts. Deployed on Ethereum mainnet in March 2023, ERC-4337 enables features like custom signature schemes, gasless transactions through paymasters, and sophisticated recovery mechanisms without requiring consensus-layer changes. Kohaku's multi-key architecture and ZK-based recovery patterns build on these capabilities, leveraging smart account flexibility to implement privacy features that traditional externally owned accounts cannot support.
利用 ERC-4337 實現賬戶抽象,將錢包從單純保管金鑰的工具,轉化為可編程智能賬戶。ERC-4337 於 2023 年 3 月在主網上線,實現了自訂簽名、由支付者承擔 gas 的免 gas 交易,以及無需共識層更改的進階復原機制。Kohaku 的多金鑰架構和基於零知識的復原模式正是建立於這些能力之上,善用智能賬戶靈活性以加入傳統外部所持賬戶無法支援的私隱功能。
Stealth addresses, standardized through ERC-5564, provide another building block. These addresses allow senders to generate fresh, unlinkable receiving addresses for recipients, breaking the connection between public identity and incoming funds. Kohaku incorporates stealth address support as part of its receiving privacy features.
ERC-5564 的隱密地址提供另一項拼圖。這種地址能讓發送者為收款人動態生成新、不可連結的收款地址,切斷公開身份和收款之間的聯繫。Kohaku 已把隱密地址支援整合至其收款私隱功能。
Decentralized identity represents a growing focus for Ethereum, with applications requiring verification of attributes - age, nationality, accreditation - without full disclosure. Zero-knowledge proofs enable selective disclosure, proving specific claims while maintaining overall privacy. Kohaku's framework supports these patterns through its private identity tooling.
去中心化身份(DID)越來越受以太坊關注,應用層需要在無需完全披露個人資料下驗證特質——如年齡、國籍、認證資格等。零知識證明讓用戶實現選擇性披露,只需證明必要資料而無需洩露一切。Kohaku 的框架透過專屬身份工具支援這種應用模式。
The broader ZK-EVM progress also supports Kohaku's goals. As zero-knowledge technology becomes more efficient and accessible, the costs and complexity of privacy features decrease. Developments in zkSNARK circuits, developer tooling, and proof generation performance all contribute to making privacy practical at scale.
ZK-EVM 技術整體進展亦支持 Kohaku 目標。隨著零知識技術提效及普及,私隱功能的成本和技術門檻隨之降低。zkSNARK 電路、開發工具、證明生成效能等種種發展,均有助大規模落實私隱。
Buterin has described this trajectory as moving toward "privacy by default" - a state where private interactions become the norm rather than the exception. Kohaku represents a significant step on that path, translating protocol-level capabilities into user-facing tools.
Buterin 曾形容這發展路徑為「預設私隱」——即私隱互動成為常態而非例外。Kohaku 是這路線上重要一步,將協議層能力轉化成用戶端工具。
Case Studies and Examples
案例分析及實例
Understanding Kohaku's practical impact requires examining concrete scenarios where its features address real user needs.
要了解 Kohaku 實際影響,可透過分析它在真實情境下如何滿足用戶需要。
Consider a user wanting to send a private transfer. Under current infrastructure, they would need to download a separate privacy wallet, generate a new seed phrase, fund that wallet through a potentially traceable transfer, navigate the privacy protocol's interface, and hope public broadcasters function correctly. Buterin described this experience at Devcon: "It takes like five clicks to do a private send and withdraw. Last week, I had to fight against public broadcasters. It took about ten tries until eventually I figured out that it works after you turn on a VPN."
假設一個用戶想進行私人轉帳,現有基礎設施下,他需先下載另一個私隱錢包,生成新助記詞,再透過可能被追蹤的轉帳為錢包注資,然後用私隱協議的複雜介面操作,更要祈求公開廣播節點可正常運作。Buterin 在 Devcon 上曾形容這經驗:「做一次私密發送及提現要點夠五下。上星期要不斷跟公共廣播站博弈,試了差唔多十次,最後發現要開 VPN 先得。」
With Kohaku, the same user would toggle privacy mode within their existing wallet, select the recipient, and send. The wallet handles Railgun integration, stealth address generation, and peer-to-peer broadcasting automatically. The complexity shifts from user-facing to infrastructure-level.
用 Kohaku,這名用戶只需於現有錢包開啟私隱模式,選擇收款人並發送即可。錢包會自動處理 Railgun 整合、隱密地址生成、及對等廣播等細節。複雜度由使用者層轉移至基礎設施層。
Wallet implementations could leverage Kohaku's risk-tiered permissions for institutional use cases. A treasury management application might require single-signature approval for transactions under $10,000, dual-signature for amounts between $10,000 and $100,000, and three-of-five multisig with time delays for larger transfers. The framework's multi-key architecture supports these patterns natively rather than requiring custom development.
錢包實現層可善用 Kohaku 的分級風險授權系統以切合機構需求。例如,財資管理 app 可限定 10,000 美元以下交易只需單簽同意、10,000 至 100,000 美元需雙簽、10 萬以上使用三之五多簽及延遲設定。這些模式在框架多金鑰架構下可原生支援,毋須自訂開發。
DApps themselves might leverage Kohaku patterns for privacy-respecting user interactions. A lending protocol could verify collateralization ratios using zero-knowledge proofs without exposing actual collateral values to other users. A decentralized exchange could match orders without revealing trading strategies to front-runners. A payroll system could distribute salaries to stealth addresses without publishing employee compensation publicly.
DApps 亦可利用 Kohaku 模式實現尊重私隱的用戶互動。借貸協議可用零知識證明驗證抵押比率,毋須向其他用戶揭露實際抵押資產;去中心化交易所可以在不洩露交易策略下配對訂單,從而防止搶跑行為;薪酬系統可以私密方式發工資至隱密地址,不需公開員工薪額。
Metadata leaks that Kohaku aims to fix include IP address exposure through centralized RPC providers, query pattern analysis that correlates viewing activity with wallet ownership, and transaction timing that enables network-level surveillance. By integrating light clients, mixnets, and peer-to-peer broadcasting, the framework addresses these vectors systematically rather than leaving them to user workarounds like VPNs.
Kohaku 針對的中繼資料洩漏包括:因傳統 RPC 服務而曝露的 IP 地址、通過查詢模式分析把瀏覽行為與錢包持有者連結起來、以及用交易時間對用戶進行網絡監控。透過集成輕客戶端、混合網絡(mixnet)及對等廣播,該框架系統性解決這些外洩來源,不再需用戶個別靠 VPN 等權宜之計。
L2 adoption could follow a standardization pattern similar to token standards. Just as ERC-20 created a common interface for fungible tokens that all applications could support, Kohaku's patterns could create common privacy interfaces that work consistently across Arbitrum, Optimism, Base, and other rollups. Users moving assets between networks would maintain privacy guarantees rather than losing them at each bridge.
L2 普及可循類似 ERC-20 的標準化路線——ERC-20 為可替代代幣建立統一接口,各 DApp 均可支援。Kohaku 可以創造橫跨 Arbitrum、Optimism、Base 及其他 rollup 一致運作的私隱標準接口。用戶橫跨不同網絡時,私隱保障不會每次跨橋就失效。
Comparison With Other Privacy Efforts
與其他私隱方案比較
Kohaku operates in an ecosystem with multiple privacy approaches, each addressing different aspects of the challenge.
Kohaku 於一個多元私隱生態中運作,每種方案針對不同挑戰層面。
Railgun focuses on shielded DeFi interactions. Users can swap, lend, and provide liquidity through privacy-preserving smart contracts while maintaining full custody of their assets. Railgun's integration into Kohaku allows its capabilities to reach users through a standardized wallet interface. RAIL token holders govern the protocol, and the system generates significant fee revenue.
Railgun 專注在私隱化的 DeFi 互動。用戶可在保障私隱的智能合約上 swap、借貸、提供流動性,同時完全控制資產存取。Railgun 整合進 Kohaku,使其功能經標準化錢包介面抵達用戶。RAIL 代幣持有人管理協議,系統亦產生大量費用收入。
Tornado Cash, despite its regulatory history, remains a functional mixer available on Ethereum. It provides transaction privacy by pooling deposits and breaking links between sources and destinations. However, it lacks the compliance features that protocols like Privacy Pools provide, and its regulatory experience may limit mainstream adoption.
Tornado Cash 雖然有其監管「黑歷史」,依然作為混幣工具於以太坊上可用。它將多個存款池混合,打斷來源與目的地之間的聯繫以實現交易私隱。但它缺乏如 Privacy Pools 一類協議所具備的合規功能,其監管遭遇亦可能令其難以更廣泛應用。
Aztec Network takes a different approach entirely, building a privacy-first layer-2 network that enables private smart contract execution. Rather than adding privacy to existing Ethereum infrastructure, Aztec creates a separate environment where privacy is the default. The network launched its Ignition Chain on Ethereum mainnet in November 2025, positioning itself as the first fully decentralized L2 with programmable privacy. Aztec uses its Noir programming language to abstract cryptographic complexity, allowing developers to build applications thatHere is your translated content (in zh-Hant-HK), keeping markdown links untranslated as instructed:
公私元素混合
Privacy coins(例如 Monero 及 Zcash)本身就喺其各自網絡嘅基礎層提供原生私隱保障。Monero 透過環簽名同 stealth address 預設啟用私人交易,而 Zcash 就使用 zk-SNARKs 提供可選擇嘅屏蔽交易。不過,呢啲網絡同以太坊 DeFi 生態圈分開運作,對於想喺以太坊應用層內保持私隱嘅用戶嚟講,實用性有限。
Polygon Miden 提供咗另一種方法:呢個基於 STARK 嘅 ZK-rollup 可以喺客戶端做證明,兼保障私隱同擴展性。唔同於喺 sequencer 基礎設施上做證明嘅系統,Miden 容許用戶自己喺裝置上產生證明,提升私隱,確保交易細節永遠唔會離開用戶控制。項目強調透過自家虛擬機架構實現可編程私隱。
由 Aztec 開發嘅 Noir,都值得一提,佢係好多新型私隱基礎設施底層用嘅程式語言。Noir 抽象化咗零知識電路嘅複雜性,令開發者唔洗深入密碼學專業都可以寫到私人應用邏輯。隨住 Noir 嘅工具越嚟越成熟,建構保障私隱嘅應用門檻開始下降,推動咗尊重私隱嘅 DApp 生態擴展。
Kohaku 嘅獨特貢獻係錢包層面嘅整合同用戶體驗標準化。當 Railgun 呢啲協議提供底層私隱技術時,Kohaku 就提供咗令技術容易接觸到用戶嘅介面設計。佢唔係同呢啲工具競爭——反而係將佢哋整合成一個有系統嘅用戶體驗,方便其他錢包跟用。呢個定位令 Kohaku 成為整體私隱生態系統嘅補充,而唔係取代品。
未來展望:2025-2027
未來幾年有多種發展會影響 Kohaku 嘅發展路線。
錢包普及係最直接嘅問題。主流錢包供應商,例如 MetaMask 同 Rainbow,會選擇整合 Kohaku 嘅做法——定係會自家發展競爭方案。鑒於次框架來自以太坊基金會生態,亦獲得 Buterin 認可,整合機會大,但實際上完成嘅時間表同功能完整度會有所不同。
L2 標準化有機會加深 Kohaku 嘅影響力。如果主流 rollup 採用以 Kohaku 為基礎嘅統一錢包私隱標準,用戶就可以喺唔同網絡儲資產時都有相似嘅私隱保障。呢種一致性會靠擴大整個生態系統入面嘅 privacy set,穩固私隱保障。
監管發展會考驗 Kohaku 嘅合規功能。執法、立法變化,以及如 FATF 等國際組織嘅協調,將決定私隱工具要點先可以繼續運作。Kohaku 嘅選擇性披露同關聯列表功能可能會有好大幫助——又或者會被要求修改。
私隱 RPC 基礎設施預期成熟中。專門研究用零知識證明處理查詢、以及為交易廣播加入 mixnet 嘅項目,都有望推出 production-ready 解決方案,輔助 Kohaku 嘅錢包層面功能。呢啲發展可以解決目前基礎設施未完全避免嘅 metadata 洩漏。
私隱與現實資產及機構採納嘅交會都會成為重要支點。隨住 tokenized 證券、地產及傳統資產搬上鏈,來自傳統金融界對私隱嘅要求都會逐漸影響。Kohaku 嘅機構專項小組產出嘅工具同合規方案將會受到實際需求檢視。
最後想法
Kohaku 代表以太坊目前最貼近主流嘅私人用戶體驗嘗試。佢出現喺一個以太坊本身透明嘅基礎設施唔止喺哲學層面令人不安,甚至實質帶嚟財務監控、身體威脅、同高級詐騙危機嘅時刻;佢出現於一連串歷時多年的研究之後,雖然已有強大密碼學工具,卻一直無法落到市井用家手中。
呢個框架咗於私隱、安全、監管、同錢包設計嘅交集。佢唔可以解決所有難題,亦唔可能滿足所有群體。私隱主義者會批評其合規功能,監管機構可能會要求更多透明度,開發者落實時質素參差,用戶都要適應新複雜度同新能力共存。
但 Kohaku 做到之前私隱企劃做唔到嘅事:為以太坊用戶帶嚟一條實際可行嘅私隱普及之路。不係實驗品。唔係小眾。唔係得技術人用。係普遍,用你已經慣用嘅錢包都得。
因為 Kohaku 來自以太坊核心生態,而唔係單一初創,所以佢好有可能成為其他錢包對照或超越嘅新標準。呢啲模式可能會變成普遍預期;呢啲功能可能會成為預設。
Buterin 喺 Devcon 嘅結語一如既往咁坦率直接:「我哋依家去到最後一哩路,正正喺這一哩路,我哋要集中努力、認真做得更好。」
Kohaku 就係呢個努力。成敗與否,將決定以太坊嘅私隱黃金十年終極係咪真係變到私人以太坊——抑或矛盾繼續存在。