Deep Dive: Midnight's ZK-SNARK Architecture and the Kachina Protocol — How Selective Disclosure Actually Works

Deep Dive: Midnight’s ZK-SNARK Architecture and the Kachina Protocol

As someone who has spent the better part of a decade studying zero-knowledge proof systems, I want to break down what Midnight is actually doing under the hood — because the marketing around “privacy blockchain” often obscures the genuinely interesting cryptographic engineering happening beneath the surface.

The Kachina Protocol: Bridging Public and Private State

At the heart of Midnight lies the Kachina protocol, a framework that elegantly decouples consensus from privacy. Here is the core insight: rather than trying to make the entire blockchain private (the Monero/Zcash approach), Midnight maintains a dual-state architecture — a public ledger that ensures global agreement and immutability, and a private layer that handles confidential execution and state transitions.

When a user initiates a private transaction, the computation happens off-chain. The Kachina protocol processes the private state transition locally, then generates a zero-knowledge proof attesting that the transition was valid. Only this proof — not the underlying data — gets submitted to the public ledger. The validators can verify that everything checks out without ever seeing what the transaction actually contained.

This is not a new concept in abstract, but the implementation details matter enormously. Midnight uses recursive zk-SNARKs built on the BLS12-381 elliptic curve. In 2025, they completed a major migration to this curve, which cut verification times from ~12ms down to ~6ms and significantly reduced proof sizes. For a network targeting 1,000+ TPS with sub-second finality, these optimizations are not academic — they are the difference between a usable system and a theoretical curiosity.

Selective Disclosure: The “Rational Privacy” Model

What sets Midnight apart from legacy privacy solutions is the concept of selective disclosure. In traditional privacy coins, the model is binary: data is either hidden or it is not. Midnight introduces a programmable middle ground.

Consider a concrete example: A tokenized real estate fund needs to verify that its investors have passed KYC/AML checks. On Midnight, the fund can require a zero-knowledge proof that an investor holds a valid KYC credential issued by an approved authority — without learning the investor’s name, nationality, or any other personal details. The investor proves they are compliant without surrendering their privacy.

This extends to more complex scenarios. An investor could grant a viewing key to their tax accountant, allowing the accountant to compute tax obligations from transaction history without accessing the full wallet. A regulator could receive an audit key that verifies transaction legitimacy without exposing counterparty identities.

Compact (Minokawa): The Developer Experience

The smart contract language, now called Minokawa (formerly Compact), is a TypeScript-based DSL that abstracts away the complexity of writing ZK circuits. This is arguably one of the most important design decisions Midnight has made. Historically, building ZK applications required deep expertise in constraint systems and circuit design. Minokawa lets developers define privacy rules using familiar TypeScript syntax while the compiler handles the circuit generation.

The language enforces a clean separation between the data layer and the application layer. Developers specify which fields are public, which are private, and under what conditions private data can be selectively disclosed. The toolchain then compiles this into the appropriate ZK circuits automatically.

Critical Assessment

Now, let me put on my skeptic’s hat. A few concerns:

1. The BLS12-381 curve is well-studied, but the recursive proof composition adds complexity. Each layer of recursion is a potential attack surface. The formal verification story for these recursive circuits is still maturing.

2. Trusted setup: zk-SNARKs traditionally require a trusted setup ceremony. Midnight has not been entirely transparent about how they handle this. If they are using a universal reference string (like PLONK or Marlin), that is one risk profile. If it is circuit-specific, that is another.

3. The federated node model at launch is a pragmatic compromise, but it means the privacy guarantees are initially dependent on trusting Google Cloud, Blockdaemon, and Shielded Technologies to operate honestly. The roadmap promises decentralization, but we have seen that movie before.

4. Compiler correctness: The Minokawa compiler translating TypeScript-like code into ZK circuits is a critical trust boundary. A compiler bug that leaks private state would be catastrophic. I would like to see more about their formal verification and auditing strategy.

That said, the overall architecture is sound and represents a meaningful advance over both first-generation privacy coins and current DeFi privacy solutions. The selective disclosure model is exactly what institutional adoption requires, and the cryptographic primitives are well-chosen.

I am cautiously optimistic, but as always in cryptography, the devil is in the implementation details. I will be watching the audit reports very closely when mainnet launches at the end of March.

What are your thoughts on the ZK architecture? Are there aspects of the cryptographic design that concern you?

Great writeup, Sophia. As someone who has been deep in Ethereum’s rollup ecosystem, I want to push back a bit on the framing here.

The Kachina protocol is technically interesting, but let us be honest about what the federated node model means in practice. At launch, you are trusting Google Cloud, Blockdaemon, and Shielded Technologies to run the network honestly. That is three entities. Three. For a privacy blockchain. The entire value proposition of privacy on a blockchain is that you do not need to trust intermediaries, and here we are launching with exactly that dependency.

Compare this to Aztec on Ethereum, which is building a permissionless proving network from day one. Yes, it is harder. Yes, it takes longer. But when you are building a privacy layer, the trust assumptions are the whole ballgame. A privacy system where three corporations can collude to deanonymize users is not a privacy system — it is a privacy theater system with better marketing.

On the cryptographic side, I share your concerns about the recursive SNARK composition. The BLS12-381 curve is solid, but recursive proofs are notoriously difficult to implement correctly. The attack surface expands multiplicatively with each recursion level. I would want to see not just standard smart contract audits, but formal verification of the circuit logic and the recursion stack. Has Midnight published anything about their verification methodology?

One thing I will credit them on: the Minokawa language is a genuinely good idea. Lowering the barrier for ZK development is critical for ecosystem growth. But the compiler becomes a single point of failure. If the compiler incorrectly translates a privacy constraint, every contract compiled with that version could be leaking data. This is not a hypothetical — we have seen analogous bugs in Solidity that led to hundreds of millions in losses.

I remain skeptical that the Cardano ecosystem can deliver on the decentralization timeline they have promised. IOG has a track record of ambitious roadmaps and extended timelines. Show me the permissionless prover network, then we can talk about Midnight as a serious privacy solution.

Brian, I hear the decentralization maximalism, and I respect it, but I think you are applying the wrong framework here. Let me offer a more pragmatic take.

Every major blockchain launched with some form of centralization. Ethereum launched with a foundation-controlled network. Cosmos chains launch with a limited validator set. Even Bitcoin’s early days had miners concentrated among a handful of operators. The question is not whether a network starts federated — the question is whether the architecture supports progressive decentralization and whether the team has credible incentives to follow through.

Midnight’s phased approach — start federated with Google Cloud, Blockdaemon, and Shielded Technologies, then expand the operator set, then move to permissionless proving — is actually the same playbook that most successful L2s have followed. Optimism started with a single sequencer. Arbitrum started with a single sequencer. Both are on credible paths to decentralization. I do not see people calling them “privacy theater” equivalents.

The 6ms verification time on BLS12-381 is genuinely impressive. For context, that is faster than most L2 fraud proof windows and competitive with the best zk-rollup verification times on Ethereum. If they can sustain 1,000+ TPS with sub-second finality while maintaining those privacy guarantees, they will have built something that the market actually needs.

On the Minokawa compiler concern — you are both right that this is a critical trust boundary. But this is a solved problem in the sense that the industry knows how to approach it: extensive fuzzing, formal verification of critical paths, bug bounty programs, and staged rollouts. The TypeScript-based approach also means that the developer tooling ecosystem (linters, type checkers, test frameworks) can catch many classes of bugs before they ever reach the ZK compilation stage.

What I care about most is whether this actually ships and performs as advertised. The testnet data from 2025 showed promising throughput numbers. Mainnet at end of March will be the real test. If the numbers hold, the federated vs. decentralized debate becomes secondary to the question of market adoption.

Really appreciate this thread — as a full-stack DeFi dev, I want to zoom in on the Minokawa developer experience because that is where the rubber meets the road for adoption.

I have been poking around the Midnight developer docs and testnet tooling over the past few weeks. The TypeScript-based DSL approach is a smart move. The vast majority of web3 developers come from a JavaScript/TypeScript background, so the learning curve is dramatically lower than, say, writing Circom circuits or learning Noir for Aztec. You can define your privacy constraints in something that looks and feels like TypeScript, and the compiler handles the ZK circuit generation behind the scenes.

That said, the abstraction is both the strength and the weakness. When things work, it is magical — you write what looks like normal TypeScript and get privacy guarantees for free. When things break, debugging ZK circuits through a compiler abstraction layer is a nightmare. The error messages are often cryptographic jargon that does not map cleanly back to your TypeScript source code. This is an area where the tooling needs significant improvement before mainnet.

The separation of public and private state in the language is well-designed. You explicitly annotate which variables are public and which are private, and the type system enforces that you cannot accidentally leak private state into public outputs. This is a meaningful safety improvement over hand-written ZK circuits where such leaks are a common class of vulnerability.

For anyone thinking about building on Midnight, my practical recommendation: start with the testnet now. The documentation is decent (not great, but decent), and the example contracts give you a good feel for the programming model. The learning curve from TypeScript to Minokawa is about 2-3 weeks for a competent developer, which is honestly pretty reasonable for a ZK-enabled platform.

Brian’s point about compiler correctness is valid, but I think it is manageable. The Midnight team has been running a bug bounty program on the testnet compiler, and the TypeScript foundation means existing static analysis tools can catch many issues before compilation. Not perfect, but a pragmatic approach.