Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From core-concepts
This skill should be used when the user asks about zero-knowledge proofs, ZK SNARKs, witness data, prover/verifier roles, constraint systems, proof generation, proof verification, privacy boundaries, or how Midnight uses ZK cryptography for transaction privacy and data protection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/core-concepts:zero-knowledgeThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Zero-knowledge proofs let you prove knowledge of a secret without revealing it. In Midnight, ZK proofs validate that transactions follow contract rules without exposing private data.
Zero-knowledge proofs let you prove knowledge of a secret without revealing it. In Midnight, ZK proofs validate that transactions follow contract rules without exposing private data.
A ZK proof proves: "I know values that satisfy these constraints" without revealing the values.
Midnight application: Prove a transaction is valid (correct inputs, authorized user, rules followed) without exposing private state or user secrets.
Midnight uses ZK SNARKs (Zero-Knowledge Succinct Non-interactive Arguments of Knowledge):
| Property | Meaning |
|---|---|
| Zero-Knowledge | Verifier learns nothing beyond validity |
| Succinct | Proof small and fast to verify, regardless of computation size |
| Non-interactive | No back-and-forth between prover and verifier |
| Argument of Knowledge | Prover must actually know the secret |
Every Midnight transaction contains:
The proof demonstrates: "I know private inputs that, when combined with public data, satisfy the contract's constraints."
Contract logic compiles to circuits - mathematical constraint systems. Here "circuit" refers to an arithmetic circuit — a directed acyclic graph of addition and multiplication gates over a finite field — not an electrical circuit.
Compact Code → Circuit Constraints → ZK Proof
A circuit defines relationships between variables. The proof shows you know variable assignments satisfying all constraints without revealing the assignments.
1. Setup → Universal SRS generated once; per-circuit keys derived from it
2. Witness → Prover assembles private inputs
3. Prove → Generate proof from witness + circuit
4. Verify → Check proof against public inputs (fast)
When a Compact contract executes:
Circuits express computations as gate constraints:
// Conceptual: proving x * y = z without revealing x, y
gate constraint: a * b = c
public input: c = 42
witness (private): a = 6, b = 7
pragma language_version 0.22;
import CompactStandardLibrary;
export ledger target: Field;
// Witness declaration (implementation provided in TypeScript)
witness get_guess(): Field;
witness get_other_factor(): Field;
// This Compact circuit...
export circuit guess(): [] {
const g = get_guess();
const other_factor = get_other_factor();
const product = g * other_factor;
assert(product == target, "Product does not match target");
}
// ...compiles to constraints that prove:
// 1. guess * other_factor equals target
// 2. Without revealing guess or other_factor values
| Scenario | What's Proven | What's Hidden |
|---|---|---|
| Age verification | Age >= 18 | Exact birthdate |
| Balance check | Balance >= amount | Actual balance |
| Membership | In authorized set | Which member |
| Vote validity | Eligible voter, hasn't voted | Voter identity |
Prove you know the preimage of a public hash without revealing it:
pragma language_version 0.22;
import CompactStandardLibrary;
export ledger target_hash: Bytes<32>;
witness get_secret(): Bytes<32>;
// Prove knowledge of a hash preimage without revealing it
export circuit proveKnowledge(): [] {
const secret = get_secret();
// Constraint: Hash(secret) must equal public target
assert(persistentHash<Bytes<32>>(secret) == target_hash, "Hash does not match target");
// Verifier learns: "prover knows a valid preimage"
// Verifier does NOT learn: the actual secret value
}
Private inputs the prover knows. Never revealed, used only to generate proof. In Compact, witnesses are declared with witness name(): Type; and implemented in TypeScript.
Values visible to everyone. Proof verified against these.
Checking a proof is fast (milliseconds) regardless of original computation complexity.
Computationally infeasible to create valid proof without knowing witness.
Marks the boundary between private (witness-tainted) and public data in Compact. Required when witness-derived values flow to public context (ledger writes, assert conditions, circuit returns). Commitment functions (persistentCommit) clear witness taint; hash functions (persistentHash) do not. See core-concepts:smart-contracts for full syntax reference.
| Operation | Cost |
|---|---|
| Circuit compilation | One-time, expensive |
| Proof generation | Seconds for typical contracts, depending on circuit complexity |
| Proof verification | Milliseconds |
| Proof size | Small (less than a kilobyte) |
For detailed technical information:
references/snark-internals.md - PLONK proving system, polynomial commitments, universal setupreferences/circuit-construction.md - How Compact compiles to circuitsWorking patterns:
examples/circuit-patterns.compact - Common proof patternsnpx claudepluginhub devrelaicom/midnight-expert --plugin core-conceptsThis skill should be used when the user asks about Midnight's privacy model, the disclose() function and disclosure rules, how to fix disclosure compiler errors, privacy-by-default design, witness protection program, commitment schemes (persistentCommit, transientCommit), nullifier patterns for double-spend prevention, MerkleTree membership proofs for anonymous authentication, unlinkable actions via round-based keys, selective disclosure, commit-reveal schemes, shielded vs transparent state design, what is visible on-chain, safe stdlib routines (transientCommit hiding witness data), or debugging "potential witness-value disclosure must be declared" errors.
This skill should be used when understanding privacy-preserving design patterns, including commitment schemes, nullifier patterns, Merkle tree membership proofs, anonymous authentication, commit-reveal protocols, selective disclosure, domain separation, and privacy boundaries in on-chain data.
Guides building zero-knowledge proof verifiers and privacy patterns on Stellar/Soroban, covering Groth16, BLS12-381, BN254, Poseidon, Noir/RISC Zero integration, and more.