Iter-H ships three different privacy approaches because they solve different problems. Quick tour.
ERC-5564 stealth addresses (EVM)
You publish a "meta-address" — a string containing your spending and viewing public keys. Anyone can use that meta-address to compute a one-time stealth address only you can find. Your sender does ECDH math with your viewing pubkey and announces the result via an on-chain Announcer contract; you scan announcements with your viewing private key to find payments addressed to you.
Strengths: - Cheap. Just an extra log on Ethereum (or L2s). - Standard. EIP-5564 is finalised; multiple wallets implement it. - Permissionless. No new chain, no rollup operator, no third-party bridge.
Weaknesses:
- Amounts are visible. Anyone watching the chain sees that 0.5 ETH was sent to address 0xab…cd; they just don't know it belongs to you.
- Scanning cost. Every announcement requires you to check whether it's yours. The view-tag optimisation cuts this 256×, but it's still O(N) in announcements.
- Sender-pays. The sender funds the gas, including the Announcer log. Marginal cost ≈ €0.05 on L2s, €5+ on mainnet.
Use it for: Receiving payments without linking them to your published wallet graph. Letting clients pay you without revealing your treasury address.
Aztec zk-rollup
You deposit ETH or DAI from L1 to the Aztec rollup. Inside the rollup, your balance lives as encrypted UTXO-style "notes". You can transfer privately between Aztec accounts (no L1 trace), and eventually unshield back to L1.
Strengths: - Amounts hidden. Inside the rollup, transfers are zk-shielded — the validator network sees only commitment hashes. - Mature math. Aztec Connect has been audited multiple times; the SNARK circuit has formal proofs. - Composable. Once shielded, you can interact with DeFi protocols Aztec supports while staying private.
Weaknesses: - Deposit + withdraw are visible on L1. An observer sees you put 0.5 ETH in and (eventually) take 0.5 ETH out. - Withdrawal latency. Aztec batches withdrawals every 2-3 hours. - Rollup-operator trust. The rollup sequencer can censor transactions; it cannot steal funds (zk proofs prevent that), but it can refuse to include yours.
Use it for: Holding funds privately for periods; making private transfers within the Aztec ecosystem.
Penumbra (Cosmos privacy chain)
Penumbra is a privacy-by-default Cosmos chain. Every transaction is shielded — even the validator network sees only encrypted note commitments. You hold a "full viewing key" that decrypts your own transactions; nobody else can see them.
Strengths: - Privacy by default. No "shield/unshield" step — every tx is private. - IBC-shielded transfers. Bridge in/out of Penumbra while preserving privacy. - Decaf377 curve. Modern primitive; fewer historical attack surfaces.
Weaknesses: - New chain. Penumbra is younger than Aztec or stealth addresses; less battle tested. - Requires the pclientd sidecar. The wallet doesn't run native Penumbra crypto; it talks to an external client process. - Smaller ecosystem. Fewer counterparties to send to in 2026.
Use it for: End-to-end private value transfer when both sides have Penumbra wallets. Specific Tier-3 threat models.
Picking the right one
| Goal | Use |
|---|---|
| Receive payments without exposing wallet graph | Stealth |
| Hold funds privately for weeks/months on Ethereum | Aztec |
| Make private p2p transfers within Ethereum DeFi | Aztec |
| Maximum-privacy single-purpose payments | Penumbra |
| Sending to a friend who also uses Penumbra | Penumbra |
| Multi-hop privacy (combine layers) | All three, with care |
The wallet's privacy.301 course (The Spectre) goes deep on each of these. For now, you have enough to know which tool you're reaching for.
Next: OpSec — your wallet's privacy is only as good as your habits.