Introduction
Identity is a core challenge in Web3. Every application from DeFi to content platforms needs to answer: who is this user, and can we trust their claims?
Today, developers face a tough trade-off:
- Centralized identity systems (KYC providers, OAuth) are convenient but create data silos, privacy risks, and single points of failure.
- On-chain identity is transparent but exposes sensitive user data to the public turning decentralization into surveillance.
Neither approach balances privacy + compliance effectively.
This is where Midnight comes in a privacy-focused blockchain that allows users to prove facts about themselves without revealing the underlying data.
Core Concepts: DIDs & Verifiable Credentials
Decentralized Identifiers (DIDs)
A DID is a self-owned digital identity.
No central authority controls it.
- Generated from a cryptographic key pair
- Linked to a DID Document (public keys, authentication methods)
- Fully controlled by the user
Think of it as a self-sovereign identity layer.
Verifiable Credentials (VCs)
A Verifiable Credential is a signed digital claim:
“User X is over 18”
“User Y is an accredited investor”
Each credential includes:
- Issuer (who signed it)
- Holder (who owns it)
- Proof (cryptographic signature)
Importantly, credentials are:
- Stored off-chain
- Controlled by the user
The Trust Model
Every interaction involves three roles:
- Issuer → creates credentials (e.g., KYC provider)
- Holder → owns and controls them (user)
- Verifier → checks claims (app/platform)
The key innovation:
The holder only reveals what’s necessary, not everything.
Why Midnight?
1. Selective Disclosure
Using zero-knowledge proofs (ZKPs), users can prove statements like:
- “I’m over 18” → without showing birthdate
- “I meet net worth requirements” → without revealing finances
2. Privacy + Compliance
Midnight introduces viewing keys, enabling:
- Regulators to audit when needed
- Users to keep data private by default
3. Compact Smart Contracts
Midnight’s Compact language simplifies privacy logic:
- Define rules (e.g., age ≥ 18)
- ZK system handles cryptography
No deep cryptography expertise required.
How the System Works
1. DID Creation
Users generate:
- A private/public key pair
- A DID derived from the public key
Only a hash of the DID document is stored on-chain—never the actual data.
2. Credential Issuance
- Issuer creates a credential (off-chain)
- A cryptographic commitment (hash) is stored on-chain
Result: No sensitive data is exposed.
3. Verification with ZK Proofs
Instead of sharing raw data, users generate proofs that confirm:
- A condition is true
- Without revealing the underlying data
Real-World Use Cases
Age Verification
Prove you’re 18+
→ without revealing your birthdate
Accredited Investor Checks
Prove net worth ≥ threshold
→ without exposing financial details
KYC/AML Compliance
Prove:
- You’re not from a sanctioned country
- Your ID is valid
- Your identity is unique
→ without sharing passport or personal info
Key Innovation: Selective Disclosure
This system flips identity on its head:
Traditional Systems | Midnight Approach |
|---|---|
Share all data | Share only proofs |
Centralized storage | User-controlled |
Privacy risks | Privacy by default |
Compliance vs privacy | Both achieved |
Developer Stack
A Midnight identity app includes:
- Compact smart contracts → on-chain logic
- TypeScript utilities → DID + credential handling
- Proof server (Docker) → generates ZK proofs
What You Can Build
This pattern unlocks powerful applications:
- DeFi access control (KYC without data exposure)
- Healthcare verification (insurance without records)
- Digital voting (eligibility without identity leaks)
- Professional credentials (licenses without full profiles)
Final Thoughts
By combining:
- DIDs (self-sovereign identity)
- Verifiable Credentials (trusted claims)
- Zero-knowledge proofs (privacy layer)
Midnight enables a new paradigm:
Identity systems that are decentralized, private, and compliant at the same time.
This isn’t just an improvement.
It’s a fundamental shift in how digital identity works in Web3.
Technical Setup Summary
To build the system, you combine on-chain privacy logic with off-chain application code.
1. Prerequisites
You need the following environment:
- Midnight Compact Compiler (v0.30.0+) → compiles privacy smart contracts
- Midnight SDK (v4.0+) → interacts with the blockchain
- Node.js (v22+) → runs your TypeScript backend
- Docker → runs the zero-knowledge proof server
2. Project Initialization
Start by scaffolding a Midnight app:
npx @midnight-ntwrk/create-mn-app ./my-did-tutorial
cd my-did-tutorial
Install required dependencies:
"dependencies": {
"@midnight-ntwrk/compact-js": "2.5.0",
"@midnight-ntwrk/compact-runtime": "0.15.0",
"@midnight-ntwrk/midnight-js-http-client-proof-provider": "4.0.2"
}
3. Architecture Overview
Your app has two main layers:
On-chain (Compact Smart Contracts)
- DID registry (stores hashed DID documents)
- Credential ledger (stores credential commitments)
- Verification circuits (ZK logic for proofs)
Off-chain (TypeScript / JavaScript)
- DID generation & management
- Credential creation & storage
- Proof generation & submission
4. DID Creation & Registration
- Generate a key pair (Ed25519)
- Derive a DID from the public key
- Create a DID Document
only a hash (commitment) of the DID document is stored on-chain
Private keys stay on the user’s device
5. Smart Contract Deployment
You write Compact contracts for:
- registerDID → stores DID commitment
- updateDocument → updates DID records
- issueCredential → registers credential commitments
- revokeCredential → invalidates credentials
Then compile to generate:
- ZK circuits
- Contract bindings
npm run compile:verifier
6. Zero-Knowledge Proof Server
Run the local proof engine using Docker:
docker run -p 6300:6300 midnightntwrk/proof-server:8.0.3 midnight-proof-server -v
This handles:
- Proof generation
- Cryptographic computations
7. Credential Flow
Issuance:
- Credential created off-chain
- Commitment (hash + salt) stored on-chain
Verification:
- User generates ZK proof
- Verifier checks proof against on-chain commitment
8. Running Use Cases
Execute scripts to test flows:
npx tsx scripts/prove-age.ts
npx tsx scripts/prove-investor.ts
npx tsx scripts/prove-kyc.ts
Each script:
- Takes private input (e.g., DOB, net worth)
- Generates a ZK proof
- Verifies without revealing data
Key Takeaway
The setup separates concerns:
- Blockchain → stores commitments & rules
- User device → stores sensitive data
- ZK proofs → bridge trust without exposure
Result: privacy-first identity with verifiable compliance
Soyez le premier à partager vos pensées !