Institutional Privacy Task Force
Joined September 2025
- Tweets 87
- Following 6
- Followers 624
- Likes 41
10 Photos and videos
Jun 11
Shielding is the most practical primitive to achieve private transactions on Ethereum. Today's architectures come with a lot of trade-offs.
New IPTF writeup: Exploring Hardened Shielded Pools. An extension to our working pool that tackles on-chain state growth and private reads.
2
1
13
1,641
Jun 11
2. Private reads: before each spend, a wallet fetches an authentication path from the commitment tree. That fetch leaks which note you're about to spend.
PIR (Private Information Retrieval) lets the wallet fetch a known row without the server learning which row was requested.
1
141
Jun 11
But PIR only solves the known-index fetch. Two problems don't reduce to that:
- Finding a neighbor leaf in a nullifier tree
- Finding your notes in a crowd of ciphertexts
Both are private selection. That's the harder problem left.
Writeup: iptf.ethereum.org/blog/explo…
3
319
Jun 5
Excited to see @motypes speaking at the Institutional and Policy Forum in Berlin.
Institutional adoption of Ethereum depends on more than infrastructure. It requires privacy, compliance, policy engagement, and credible real-world use cases.
This is exactly the work IPTF is focused on: helping institutions understand how privacy-preserving Ethereum infrastructure can support capital markets, payments, identity, and public-sector systems.
See you in Berlin.
Helping institutions and governments build on Ethereum is a specific kind of work, and it is what he does at the Ethereum Foundation. He'll be at the Institutional and Policy Forum in Berlin on 15 June.
Mo Jalil (@motypes) is Head of Institutional Privacy at the @ethereumfndn, where he helps institutions and governments adopt Ethereum as public infrastructure.
His background spans privacy, AI and capital markets. A former founder and Goldman Sachs alumnus, his focus is on decentralised technologies and their real-world adoption.
He knows the institutional side from the inside, which is exactly what the work requires.
Join us in Berlin: luma.com/pb46re0a
1
6
281
Jun 4
iptf [dot] ethereum [dot] org is live with a major update!
A comprehensive, navigable guide to privacy on Ethereum: for institutions deploying private infrastructure, and for the end users protected by it.
5
7
33
3,623
Jun 4
Every approach is evaluated under CROPS: Censorship Resistance, Openness, Privacy, and Security.
Institution-to-institution and institution-to-user power dynamics are each modeled, with per-persona summaries for business, technical, and legal functions.
1
2
143
Jun 4
The map is open source and open to contributions.
If your privacy work belongs in this knowledge base, open a PR.
Links in the reply below.
1
2
136
May 29
Public petition signer lists expose signers to retaliation. In high-stakes contexts, knowing who signed can be dangerous.
New IPTF writeup: Resilient Civic Participation. Prove a petition reached quorum without ever publishing who signed.
Third and final post in our resilience series.
2
1
22
3,501
May 29
Two mechanisms carry the design.
Forward-secure ratchet: each signer advances a local key state that cannot regress. Seed material is overwritten after each slot. A compromised device cannot produce prior signatures.
Proofs are batched and published as EIP-4844 blobs.
1
3
178
May 29
A two-week dispute window lets anyone challenge invalid records via KZG openings.
What lands on-chain: petition outcome and vote tally per eligibility group. No signer identity. No queryable roster. Eligibility uses anonymous group membership proofs, matching the same interface of our resilient identity proof of concept.
Writeup: iptf.ethereum.org/resilient-…
3
141
May 14
New writeup: Resilient Disbursement Rails.
Aid organizations' beneficiary databases are an operational security risk. IPTF's PoC shows how to run a disbursement program where no participant, at any step, holds a complete list of recipients.
3
4
25
5,456
May 14
Each recipient's smartcard holds a private key that never leaves the device. To claim, the card signs a one-time voucher offline. A relay takes the signed voucher, generates a ZK proof, and submits it through a mesh network. The contract pays to a new address per claim.
Result: enrollment, claim, and cash-out are unlinkable by design.
1
5
296
May 14
Stack: @NoirLang circuits, Solidity/Foundry contracts, smartcards (@Keycard_).
Transport: Briar (BLE) / Meshtastic (LoRa) / Reticulum. On-chain: aggregates and nullifiers only.
Writeup: iptf.ethereum.org/resilient-…
Code: github.com/ethereum/iptf-poc…
1
13
3,422
May 13
This kind of thing helps a lot with legibility of privacy on chain for enterprises
Kudos to @EntEthAlliance for making it happen!
Happy for IPTF to have played a small part in making this happen
📣 The EEA Privacy Working Group is releasing its first report: "State of Privacy on Ethereum for Enterprise".
7 EEA member organizations and 1 comprehensive map of enterprise privacy on Ethereum.
More on what this means 🧵⬇️
3
10
536
Apr 22
Current on-chain identity breaks when the issuer does. Sanctioned, shut down, or turned adversarial; already-verified users lose the ability to prove their credentials.
This is the first post in our three-part resilience series on identity, payments, and coordination. We published a PoC that removes the issuer from the verification path entirely.
1
4
14
3,800
Apr 22
Enrollment is one-time.
A threshold MPC network issues a vOPRF tag; an on-chain Merkle root is the trust anchor. The issuer then exits the path entirely.
Three sybil resistance layers:
- vOPRF: one leaf per credential
- 0.1 ETH refundable stake
- Web-of-trust vouching
1
4
354
Apr 22
Circuits in Noir/UltraHonk, contracts in Solidity, client in Rust. Selective disclosure supports GDPR data minimization. Onchain events satisfy audit requirements without revealing holder identity.
Full writeup: iptf.ethereum.org/resilient-…
6
252
Apr 14
IPTF map v0.3.0 shipped.
71 commits. 162 files changed.
New PSI patterns, composable spend and delegation primitives from EIP-8182, a post-quantum threat domain, 15 new institutional use cases, and the CROPS framework across all patterns.
Here's what landed.
1
3
15
1,260
Apr 14
v0.3.0 introduces a post-quantum threat domain mapping which Ethereum primitives break under Shor's algorithm (ECDSA, BLS, ECDH, Groth16, PLONK/KZG) and what Grover's weakens. Quantum exposure notes added to 16 affected patterns.
Includes: ZK Proof Systems comparison (pairing-based SNARKs vs hash-based STARKs, quantum safety) and Native Account Abstraction from EIP-8141, protocol-level, replacing hardcoded ECDSA with user-defined validation.
github.com/ethereum/iptf-map…
1
3
145
Apr 14
Also in v0.3.0: 15 new use cases across supply chain, bonds, FX, stocks, and payment corridors. Every pattern carries a CROPS evaluation (Censorship Resistance, Open source, Privacy and Security).
Full release: github.com/ethereum/iptf-map…
Browse all patterns: github.com/ethereum/iptf-map…
3
99