Advancing privacy standards for institutional applications

The Institutional Privacy Task Force (IPTF) is a dedicated team that helps onboard institutions onto Ethereum, with a focus on ensuring their privacy needs are met in a performant, secure, usable, and accessible way.

See approaches See writeups

Find the right privacy solution

We document patterns, use cases, and regulatory frameworks for implementing privacy-preserving financial applications on Ethereum.

Approaches

Read worked architectures directly. Each names trade-offs in plain language, evaluates under CROPS, and references a working prototype where one exists.

10 approaches
Image

Problem areas

Begin from the institutional question that mirrors your situation. Each use case pairs with one or more approaches that demonstrate how others have built solutions.

23 use cases
Image

Reusable solutions

Build your own approach using the cryptographic primitives applied in our case studies. Each building block includes its risk profile, architectural layer, and trade-offs.

70 building blocks
Image

Who is this for

IPTF coordinates between vendors and protocols, institutions, and regulators. The map and the approaches are written so each group can reach the same evidence by a different door. Pick the column that fits your role; each one is a recommended reading order, not a forced path.

For business stakeholders

Decide what to integrate.

  1. 01 Use cases Start with business requirements and challenges.
  2. 02 Jurisdictions Regulatory considerations in the regions you operate in.
  3. 03 Approaches Recommended architectures with named trade-offs.
For technical teams

Decide how to build.

  1. 01 Building blocks Reusable technical building blocks with standardized evaluations.
  2. 02 Approaches Detailed implementation guidance from worked approaches.
  3. 03 Vendors Tooling and infrastructure options mapped to patterns.
  4. 04 Domains Domain-specific considerations across payments, custody, identity, and more.
For legal and compliance

Map regulatory requirements.

  1. 01 Jurisdictions Regulatory frameworks applied as overlay on the architectures.
  2. 02 Use cases Compliance constraints surfaced in context, written from interview.
  3. 03 Approaches Architectures evaluated for regulated deployment.
  4. 04 Disclosure mechanisms Selective disclosure with keys and proofs for audit and reporting.

Recent writeups from the team

Long-form research, guides, POCs, and analysis from IPTF engineers.

Image
2026-05-29

Resilient Civic Participation

Petitions on Ethereum where the signer list never exists and the outcome stays verifiable from chain state alone.
Image
2026-05-14

Resilient Disbursement Rails

Aid payments on Ethereum that protect recipients even when local partners are compromised, or when recipients cash out into local currency.
Image
2026-04-22

Resilient Plural Identity

Designing identity on Ethereum that survives issuer failure: plural attestation sources, vOPRF sybil resistance, and an on-chain trust anchor that no single party can revoke.
See all writeups

How we assess solutions

Every pattern on this site is rated against four properties (the CROPS framework) and tagged for the institutional context it fits.

CR

Censorship-resistance

Whether a counterparty, sequencer, or relayer can block your transaction.

OS

Open source

Whether the implementation is free to audit, fork, and self-host.

P

Privacy

How much of the transaction (amounts, parties, patterns) stays hidden.

S

Security

The trust assumptions and threat model the architecture relies on.

Institution to institution

Both counterparties are regulated institutions. Symmetric power dynamic; both parties have legal teams, vendor choice, and contractual recourse.

Institution to user

One counterparty is a regulated institution, the other an individual. Asymmetric power dynamic; privacy must protect the user from the institution.

Browse the patterns

What institutions ask us most

Five questions we hear repeatedly. Each one links into the full FAQ where the answer cites the relevant pattern, jurisdiction, and approach.

Is Ethereum private enough for institutional use?

Not by default. Ethereum is a public, transparent ledger — every transaction, balance, and counterparty relationship is visible to anyone. For institutional use, this is a non-starter: treasury operations leak competitive intelligence, counterparty exposure becomes public, and regulatory obligations around data minimization are impossible to meet.

However, a growing ecosystem of privacy-preserving layers can be composed on top of Ethereum: shielded pools, privacy L2s, zero-knowledge proofs, and trusted execution environments. The question is not whether Ethereum is private, but which privacy architecture fits your requirements and what trade-offs you are accepting.

Private Payments Shielded ERC-20 Transfers Private L2s
What does MiCA say about on-chain privacy?

MiCA does not prohibit on-chain privacy, but it imposes obligations that any privacy architecture must accommodate: KYC/AML for crypto-asset service providers, Travel Rule compliance for transfers, and record-keeping requirements. The key question is whether your privacy solution supports selective disclosure — the ability to reveal specific transaction data to regulators without making it publicly visible.

Viewing keys and zero-knowledge proofs of compliance (proving you hold a valid KYC attestation without revealing your identity) are the primary mechanisms. The regulatory posture is: privacy is acceptable as long as compliance access exists.

EU / MiCA Regulatory disclosure
How do viewing keys work for regulatory access?

Viewing keys are cryptographic keys that grant read-only access to shielded transaction data without granting transfer authority. A user or institution holds a spending key (for moving funds) and a separate viewing key (for disclosure). The viewing key can be shared with a regulator or auditor, who can then decrypt and verify specific transactions without seeing anything else in the pool.

The key properties: viewing keys are scoped (can be time-bounded or limited to specific accounts), they are read-only (no transfer authority), and they can be revoked. Dual-key architecture works in both L1 shielded pools and L2 privacy systems.

User-controlled viewing keys Regulatory disclosure
Can institutions use DeFi and stay compliant?

It depends on the DeFi protocol and the jurisdiction. The core tension is that DeFi composability often requires public state, while institutional compliance requires controlled access. Permissioned DeFi pools (where participants are KYC'd before entry) and privacy layers with attestation-gated access are the two main patterns that reconcile these requirements.

Shielded pools with attestation-gated entry can provide DeFi-like composability while maintaining a compliance perimeter. Our approaches on private payments and private trade settlement demonstrate this end-to-end.

Private Payments Verifiable attestation
Which privacy solutions are production-ready today?

Privacy-preserving KYC (zero-knowledge credential verification) is the most mature — several vendors offer production-grade solutions. L1 shielded pools are production for individual use but institutional adoption is still early. Privacy L2s are approaching mainnet but not yet production for institutional workloads. FHE-based solutions are at the proof-of-concept stage.

The honest answer: no single privacy architecture is fully production-ready for all institutional use cases today. The practical path is to pick the approach whose maturity matches your deployment timeline and risk tolerance.

Private Identity Railgun Aztec
Read all FAQs

Talk to the IPTF team

If you are an institution with a privacy requirement, a builder shipping a solution, or a regulator who wants the picture, we are listening.

iptf@ethereum.org

General correspondence with the team.

GitHub · iptf-map

Open issues, propose patterns, contribute use cases.

GitHub · iptf-pocs

Working prototypes and reference implementations.