Why Compact?
This note explains why Compact exists, the problem it solves, why traditional approaches fail, and what design choices make it different.
Intuition First
Before Compact, writing privacy-preserving smart contracts required either:
- Writing raw ZK circuits, Cryptographically correct but inaccessible to most developers.
- Using traditional smart contracts, Accessible but with no privacy at all.
Compact sits between these extremes. It makes privacy-preserving computation accessible to TypeScript developers by handling the circuit generation automatically. You write code that looks familiar; the compiler produces the cryptographic machinery.
The tradeoff is bounded computation. Compact intentionally cannot express Turing-complete programs. In exchange, every valid program compiles to a circuit.
The Three Approaches
| Approach | Privacy | Accessibility | Complexity |
|---|---|---|---|
| Raw ZK circuits | Full | Requires cryptographic expertise | Extremely high |
| Traditional smart contracts (Solidity) | None | Accessible to developers | Low |
| Compact | Full | TypeScript-like syntax | Medium |
Compact doesn’t add privacy to existing contracts. It builds privacy into the model from the start, at the language level.
The Privacy Model
Traditional smart contracts have one world: public state that everyone can see. Midnight has two.
| World | Location | Visibility | Contents |
|---|---|---|---|
| Public | On-chain | Everyone | Proofs, contract code, public data |
| Private | Local storage | Only the owner | Sensitive data, secrets |
Computations happen locally on private data. A ZK proof of correctness is submitted on-chain. Validators verify the proof without seeing the inputs.
The key insight: Privacy doesn’t mean “hiding everything.” It means proving you have the right to do something without revealing what that something is. A ZK proof says: “I ran this computation correctly” without revealing the inputs to that computation.
Why Not Just Use Traditional Contracts?
Traditional contracts make everything public by default. This is fine for many use cases, but breaks down when:
- Regulated data, Healthcare (HIPAA), finance (SOX), identity (KYC). Public exposure isn’t optional.
- Competitive data, Bid amounts, inventory levels, proprietary information.
- Personal data, Balances, transaction history, credit scores.
You could encrypt data on-chain, but then no one can verify computation on it. Traditional ZK approach is to write circuits from scratch, extremely difficult to get right and audit.
Compact makes the ZK approach accessible.
Type Safety at the Language Level
| Language | Type Safety | What it means |
|---|---|---|
| JavaScript | None | Any value, any type, runtime errors |
| Solidity | Loosely typed | Implicit conversions, overflow allowed |
| TypeScript | Optional | Opt-in with tsconfig, can be bypassed |
| Compact | Strong, enforced | Compiler rejects any program that doesn’t type-check |
Strong type safety matters in Compact because the type system tracks data flow for privacy enforcement. If types were loose, the compiler couldn’t track where private data travels.
Verifiability vs. Privacy
| You want | Traditional contracts | Raw ZK circuits | Compact | |———|—————––|—————–|—————|––––| | Everything verifiable | Yes | Yes | Yes | | Full privacy | No | Yes | Yes | | Accessible syntax | Yes | No | Yes |
Compact gives you both verifiability and privacy without requiring cryptographic expertise. You don’t write a single circuit by hand.
Selective Disclosure
Compact supports selective disclosure, users choose exactly what to reveal and to whom. This enables regulated use cases:
- Healthcare: Prove you meet age requirements without revealing your birthday.
- Finance: Prove your balance exceeds a threshold without revealing the balance.
- Identity: Prove citizenship without revealing your nationality or full address.
This isn’t a feature bolted on. It’s baked into the model via disclose(), a compile-time boundary that marks intentional disclosure.
When to Choose Compact
Use Compact when you need:
- Privacy-preserving logic on a public blockchain
- To prove correctness without revealing inputs
- TypeScript-like development without learning ZK circuit design
- Selective disclosure for regulated data
When Not to Choose Compact
Compact is not the right tool when:
| Scenario | Why not Compact | Alternative |
|---|---|---|
| No privacy requirements | Traditional contracts are simpler | Solidity |
| Turing-complete computation needed | Compact is intentionally bounded | Raw circuits |
| Dynamically-sized data structures | All sizes must be compile-time constants | Design around bounded structures |
| Complex cryptography needed | Compact generates standard circuits | Write custom circuits |
The Core Tradeoff
Compact trades:
| What you give up | What you get |
|---|---|
| Turing-completeness | Automatic ZK circuit compilation |
| Dynamic typing | Strong type safety enforced at compile time |
| Implicit privacy | Privacy model that works at the language level |
This tradeoff is explicit and intentional. If you need full Turing-completeness, you don’t need Compact. But if you need privacy-preserving smart contracts and don’t want to write circuits by hand, Compact is purpose-built for exactly this.
Comparison Layer
| Feature | Solidity | Raw ZK (Circom) | Compact |
|---|---|---|---|
| Language | Solidity | Circom/DSL | TypeScript-like |
| Privacy model | None | Full | Full |
| Type safety | Loose | Manual | Enforced |
| Learning curve | Low | Very high | Medium |
| Compilation | EVM bytecode | Circuit | ZK circuits + TS |
| State model | On-chain only | Custom | Public + private |
Quick Recap
- Compact bridges the gap between inaccessible raw ZK and privacy-free traditional contracts.
- Midnight has two worlds: public (on-chain) and private (local). Only the proof goes on-chain.
- Selective disclosure lets users reveal exactly what they choose, to whom they choose.
- Compact trades Turing-completeness for automatic ZK circuit generation and strong type safety.
- If you don’t need privacy, traditional contracts are simpler. If you need full control, raw circuits exist.
- The type system is strict by design, it tracks data flow for privacy enforcement.
Cross-Links
- Next: Setting Up the Compiler, Install the toolchain
- See also: Ledger State, How the two-world model works
- See also: Explicit Disclosure, How selective disclosure works