TL;DR:
- COTI launched Private ERC20, an ERC20-compatible token standard that encrypts balances, transfers and approvals at the protocol level.
- It uses Garbled Circuits and an MPC precompiler to ensure only the token holder can decrypt their own balance.
- The standard was audited by Sayfer and is already available on the COTI network.
COTI launched Private ERC20, a token standard that integrates privacy at the protocol level without breaking compatibility with the original ERC20 standard. The network confirmed that the contract is already deployed on mainnet, is open source and available on GitHub alongside its complete technical documentation.
ERC20 is the standard that underpins most of the value circulating in Web3. Stablecoins, DeFi protocols and smart contracts of all kinds operate on top of it. However, it was never designed to protect privacy: balances, transfer amounts and approvals are all broadcast publicly on-chain. Private ERC20 resolves that problem directly at the protocol layer, requiring no specialized tools or custom integrations.
COTI Introduces Encryption Nobody Else Can Read
The standard’s core mechanism is built on COTI’s Garbled Circuits technology and a multi-party computation precompiler. Each user receives their own personal encryption key. Only that person can decrypt their balance. Validators and any external observer only access ciphertext. The totalSupply() field returns zero on-chain, while the actual figure is tracked internally through an encrypted version of the same field.
The design preserves native uint256 precision without reduced-width modes or scaling adjustments. It supports mint and burn operations, includes role-based access control through a dedicated MINTER_ROLE, and inherits reentrancy protections from OpenZeppelin libraries. Teams can also toggle between encrypted and public modes, allowing them to start with a familiar integration and increase privacy incrementally.
Possible use cases enabled by the new standard include private stablecoins, confidential payments, DeFi without exposure of positions to MEV bots, and tokenized real-world assets with selective disclosure for regulatory compliance.
Audit and Future Projects
The contract was independently audited by Sayfer, a native Web3 cybersecurity consultancy with over one hundred clients, including MetaMask, 1inch, Polkadot and StarkWare. All findings were addressed before the launch took place.
The next step announced by the team is the Privacy Portal, an application that will allow end users to convert public tokens into private ones in just a few clicks, with the ability to hold, send and receive them directly on-chain.
