A production-grade privacy-preserving Ethereum JSON-RPC gateway using the Penum protocol.
Penum Private RPC prevents blockchain RPC providers from learning:
- Client IP address
- Geographic location
- Direct wallet to network linkage
All traffic is routed through the Penum protocol's encrypted onion network using fixed-size packets.
This project is fully prepared for Ethereum Foundation grant applications with:
- Complete technical specification (TECHNICAL-SPEC.md)
- Detailed grant proposal (GRANT-PROPOSAL.md)
- Comprehensive development roadmap (ROADMAP.md)
- Production-ready implementation
- Extensive documentation and testing
MetaMask → penum-rpc-client → penum-rpc-gateway → RPC Provider
(localhost:8545) (encrypted packets) (Alchemy/Infura)
-
penum-rpc-client - Local RPC endpoint for MetaMask
- Accepts standard Ethereum JSON-RPC requests
- Wraps requests in 1024-byte encrypted Penum packets
- Acts as
http://127.0.0.1:8545
-
penum-rpc-gateway - RPC provider interface
- Decrypts Penum packets
- Forwards JSON-RPC to real provider (Alchemy, Infura, etc.)
- Re-encrypts responses
cd penum-rpc-gateway
cargo run --releasecd penum-rpc-client
cargo run --release- Open MetaMask
- Go to Settings → Networks → Add Network
- Enter:
- Network Name: Ethereum via Penum
- RPC URL:
http://127.0.0.1:8545 - Chain ID: 1 (or your testnet)
- Currency Symbol: ETH
Open http://127.0.0.1:8546 to see the Penum RPC dashboard.
Edit penum-rpc-gateway/config.example.json:
{
"listen_addr": "127.0.0.1",
"listen_port": 9003,
"rpc_provider_url": "https://eth-mainnet.g.alchemy.com/v2/YOUR_API_KEY"
}Replace YOUR_API_KEY with your Alchemy/Infura API key.
Edit penum-rpc-client/config.example.json:
{
"entry_relay": "127.0.0.1:9001",
"middle_relay": "127.0.0.1:9002",
"gateway": "127.0.0.1:9003",
"rpc_port": 8545,
"ui_port": 8546
}For testing, the client connects directly to the gateway (simplified single-hop).
- RPC provider cannot see your IP address
- RPC provider cannot link requests to your wallet
- Relays cannot correlate traffic patterns
- Network observers cannot perform traffic analysis (fixed packet sizes)
- On-chain analysis (all transactions are public on Ethereum)
- End-to-end timing attacks (advanced adversaries)
- Wallet fingerprinting via transaction patterns
eth_calleth_getBalanceeth_blockNumbereth_sendRawTransactioneth_getTransactionReceipt
More methods can be added by updating rpc_server.rs.
All network traffic uses exactly 1024-byte packets to prevent traffic analysis.
New X25519 keypair generated for every connection. Keys are never reused.
- No wallet addresses logged
- No transaction parameters logged
- No IP addresses stored
- Only connection-level errors logged (without packet contents)
On any error, connections close silently with no error details sent back.
# Get latest block number
curl -X POST http://127.0.0.1:8545 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# Get balance
curl -X POST http://127.0.0.1:8545 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_getBalance","params":["0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb","latest"],"id":1}'- Configure MetaMask to use
http://127.0.0.1:8545 - Send a test transaction on testnet
- Verify transaction confirms on Etherscan
- Check RPC provider logs - your IP should NOT appear
- Latency Overhead: ~50-150ms (single-hop testing)
- Throughput: Limited by encryption overhead (~1000 req/s)
- Packet Size: All packets exactly 1024 bytes
cd penum-private-rpc
cargo build --releasecargo test- Not Full Anonymity: Penum provides privacy, not anonymity. Advanced adversaries may correlate traffic.
- Latency: Adds ~100-300ms overhead per request
- Beta Software: Not audited, use at your own risk
- Single-Hop Simplified: Current implementation uses direct client→gateway connection for testing
This is a research prototype. Contributions welcome!
MIT License - See LICENSE file for details
- Penum Protocol - Core protocol specification
- Penum Client - General-purpose Penum client
- Penum Gateway - Penum exit gateway
DISCLAIMER: This software is experimental. Do not use for production workloads without thorough security review.