Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From core-concepts
This skill should be used when the user asks about zero-knowledge proofs, ZK SNARKs, witness data, prover/verifier roles, constraint systems, proof generation, proof verification, privacy boundaries, or how Midnight uses ZK cryptography for transaction privacy and data protection.
npx claudepluginhub devrelaicom/midnight-expert --plugin core-conceptsHow this skill is triggered — by the user, by Claude, or both
Slash command
/core-concepts:zero-knowledgeThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Zero-knowledge proofs let you prove knowledge of a secret without revealing it. In Midnight, ZK proofs validate that transactions follow contract rules without exposing private data.
This skill should be used when the user asks about Midnight's privacy model, the disclose() function and disclosure rules, how to fix disclosure compiler errors, privacy-by-default design, witness protection program, commitment schemes (persistentCommit, transientCommit), nullifier patterns for double-spend prevention, MerkleTree membership proofs for anonymous authentication, unlinkable actions via round-based keys, selective disclosure, commit-reveal schemes, shielded vs transparent state design, what is visible on-chain, safe stdlib routines (transientCommit hiding witness data), or debugging "potential witness-value disclosure must be declared" errors.
This skill should be used when understanding privacy-preserving design patterns, including commitment schemes, nullifier patterns, Merkle tree membership proofs, anonymous authentication, commit-reveal protocols, selective disclosure, domain separation, and privacy boundaries in on-chain data.
Guides building zero-knowledge proof verifiers and privacy patterns on Stellar/Soroban, covering Groth16, BLS12-381, BN254, Poseidon, Noir/RISC Zero integration, and more.
Share bugs, ideas, or general feedback.
Zero-knowledge proofs let you prove knowledge of a secret without revealing it. In Midnight, ZK proofs validate that transactions follow contract rules without exposing private data.
A ZK proof proves: "I know values that satisfy these constraints" without revealing the values.
Midnight application: Prove a transaction is valid (correct inputs, authorized user, rules followed) without exposing private state or user secrets.
Midnight uses ZK SNARKs (Zero-Knowledge Succinct Non-interactive Arguments of Knowledge):
| Property | Meaning |
|---|---|
| Zero-Knowledge | Verifier learns nothing beyond validity |
| Succinct | Proof small and fast to verify, regardless of computation size |
| Non-interactive | No back-and-forth between prover and verifier |
| Argument of Knowledge | Prover must actually know the secret |
Every Midnight transaction contains:
The proof demonstrates: "I know private inputs that, when combined with public data, satisfy the contract's constraints."
Contract logic compiles to circuits - mathematical constraint systems. Here "circuit" refers to an arithmetic circuit — a directed acyclic graph of addition and multiplication gates over a finite field — not an electrical circuit.
Compact Code → Circuit Constraints → ZK Proof
A circuit defines relationships between variables. The proof shows you know variable assignments satisfying all constraints without revealing the assignments.
1. Setup → Universal SRS generated once; per-circuit keys derived from it
2. Witness → Prover assembles private inputs
3. Prove → Generate proof from witness + circuit
4. Verify → Check proof against public inputs (fast)
When a Compact contract executes:
Circuits express computations as gate constraints:
// Conceptual: proving x * y = z without revealing x, y
gate constraint: a * b = c
public input: c = 42
witness (private): a = 6, b = 7
pragma language_version 0.22;
import CompactStandardLibrary;
export ledger target: Field;
// Witness declaration (implementation provided in TypeScript)
witness get_guess(): Field;
witness get_other_factor(): Field;
// This Compact circuit...
export circuit guess(): [] {
const g = get_guess();
const other_factor = get_other_factor();
const product = g * other_factor;
assert(product == target, "Product does not match target");
}
// ...compiles to constraints that prove:
// 1. guess * other_factor equals target
// 2. Without revealing guess or other_factor values
| Scenario | What's Proven | What's Hidden |
|---|---|---|
| Age verification | Age >= 18 | Exact birthdate |
| Balance check | Balance >= amount | Actual balance |
| Membership | In authorized set | Which member |
| Vote validity | Eligible voter, hasn't voted | Voter identity |
Prove you know the preimage of a public hash without revealing it:
pragma language_version 0.22;
import CompactStandardLibrary;
export ledger target_hash: Bytes<32>;
witness get_secret(): Bytes<32>;
// Prove knowledge of a hash preimage without revealing it
export circuit proveKnowledge(): [] {
const secret = get_secret();
// Constraint: Hash(secret) must equal public target
assert(persistentHash<Bytes<32>>(secret) == target_hash, "Hash does not match target");
// Verifier learns: "prover knows a valid preimage"
// Verifier does NOT learn: the actual secret value
}
Private inputs the prover knows. Never revealed, used only to generate proof. In Compact, witnesses are declared with witness name(): Type; and implemented in TypeScript.
Values visible to everyone. Proof verified against these.
Checking a proof is fast (milliseconds) regardless of original computation complexity.
Computationally infeasible to create valid proof without knowing witness.
Marks the boundary between private (witness-tainted) and public data in Compact. Required when witness-derived values flow to public context (ledger writes, assert conditions, circuit returns). Commitment functions (persistentCommit) clear witness taint; hash functions (persistentHash) do not. See core-concepts:smart-contracts for full syntax reference.
| Operation | Cost |
|---|---|
| Circuit compilation | One-time, expensive |
| Proof generation | Seconds for typical contracts, depending on circuit complexity |
| Proof verification | Milliseconds |
| Proof size | Small (less than a kilobyte) |
For detailed technical information:
references/snark-internals.md - PLONK proving system, polynomial commitments, universal setupreferences/circuit-construction.md - How Compact compiles to circuitsWorking patterns:
examples/circuit-patterns.compact - Common proof patterns