Vitalik Outlines Three Steps Toward Ethereum Native Privacy

20th May 2026- Vitalik Buterin on May 20, 2026 outlined three upgrades aimed at making Ethereum native privacy practical. None require a major protocol overhaul. The Ethereum co-founder posted the update on X. He listed three pillars: Account Abstraction paired with FOCIL, keyed nonces via EIP-8250, and access-layer work through the Kohaku SDK. Two of the three target the Hegota upgrade, expected in late 2026.

AA and FOCIL Give Privacy Transactions Guaranteed Inclusion

The first pillar combines Account Abstraction with Fork-Choice Enforced Inclusion Lists. Account Abstraction, via EIP-8141 (Frame Transactions), makes smart-contract wallets first-class citizens. As a result, privacy transactions no longer need fragile relay infrastructure.

FOCIL (EIP-7805) adds censorship resistance. A rotating committee of roughly 16 validators per slot publishes inclusion lists. Attesters then reject any block that ignores valid listed transactions. Together, these two proposals guarantee rapid inclusion in one to two slots, even under active censorship.

Vitalik highlighted the synergy in a February 2026 post. “With FOCIL and 8141 together, anything can be included onchain through one of 17 different actors,” he wrote. That includes smart wallet, gas-sponsored, and privacy protocol transactions. “This gives us guaranteed rapid inclusion.”

The context matters. After the 2022 Tornado Cash sanctions, over 70% of Ethereum blocks briefly censored sanctioned transactions, according to MEV Watch data. FOCIL directly addresses that vulnerability by distributing inclusion power across a committee rather than trusting a single block builder.

Keyed Nonces Solve a Hidden Bottleneck

The second pillar is EIP-8250, proposed on May 5, 2026. Its authors include Thomas Thiery, Toni Wahrstätter, lightclient, and Vitalik Buterin. The proposal replaces the single linear nonce with a pair: a nonce key and a nonce sequence.

This change targets a specific problem in privacy protocols. Protocols like Railgun route many users through a shared contract address. With a single nonce, one delayed transaction blocks every subsequent one from the same sender. In contrast, keyed nonces create independent lanes, so each withdrawal or transfer proceeds without waiting.

Kohaku Brings Ethereum Native Privacy to the Wallet Layer

The third pillar operates at the access layer. Kohaku is an Ethereum Foundation-backed open-source SDK for privacy-first wallet infrastructure. The Foundation publicly unveiled it at Devcon in November 2025.

Kohaku bundles several privacy features into one framework. It supports private sends and receives through Railgun and Privacy Pools. It also includes stealth addresses and social recovery.

The most novel feature is private reads. Right now, every balance check or contract query leaks metadata to the RPC provider. Kohaku uses Oblivious RAM, Trusted Execution Environments, and Private Information Retrieval to fix this. As a result, the RPC never learns what data the user requested.

Unlike FOCIL and keyed nonces, Kohaku does not require a hard fork. Production-ready packages are already available as of May 2026, and wallet developers can integrate the SDK today.

Hegota Upgrade Timeline Remains a Target

The protocol-level changes all target the Hegota hard fork. It is currently expected in the second half of 2026. However, no exact activation date has been set, and Ethereum upgrades have historically faced delays.

If the upgrade ships on schedule, Ethereum gains three things at once: censorship-resistant inclusion, concurrent privacy transactions, and wallet-level tooling. That would mark the most significant Ethereum native privacy improvement since launch.

The approach differs sharply from privacy chains like Aztec. Those projects offer full default privacy but require users to move to a separate network. Ethereum’s strategy is incremental. It layers privacy into existing infrastructure and bets on network effects over starting from scratch.

Critics Raise Valid Concerns

Not everyone is convinced. Privacy maximalists argue that Ethereum’s incremental approach will never match dedicated privacy chains, where all transactions are shielded by default. On Ethereum, privacy remains opt-in, which limits its effectiveness because the anonymity set is smaller.

Regulatory concerns persist as well. Stronger privacy tools could reignite scrutiny from regulators who targeted Tornado Cash in 2022. Privacy Pools let users prove their funds are not from sanctioned sources. However, that compliance approach has not been tested in court.

Some researchers have also raised concerns about FOCIL’s attack surface. A well-funded actor could theoretically bribe committee members to exclude rather than include transactions. While the committee’s rotating composition makes sustained attacks difficult, the risk is an open research question.

What Comes Next for Ethereum Privacy

Vitalik’s tweet serves as a progress report on a strategy first outlined over a year ago. The three pillars target different layers of the stack. FOCIL handles inclusion, keyed nonces handle concurrency, and Kohaku handles metadata protection.

Wallet developers can start building with Kohaku today. Protocol developers are refining FOCIL and EIP-8250 for Hegota. The community reaction on X has been overwhelmingly positive, with developers praising the “privacy as first-class citizen” framing.

The real test comes when Hegota ships. Until then, Ethereum native privacy remains a work in progress, with the most critical pieces still months from mainnet deployment.