AgentSkillsCN

privacy-patterns

Next.js 16.1+ App Router模式,包括服务器组件、客户端组件、服务器操作、路由处理器、Turbopack、MCP集成和现代React模式。当构建页面、布局、数据获取或API路由时使用。触发Next.js、App Router、RSC或服务器操作问题。

SKILL.md
--- frontmatter
name: privacy-patterns
description: >-
  Implement privacy-preserving patterns using zero-knowledge proofs on Midnight Network. Use when
  designing private data handling, commitment schemes, nullifiers, or selective disclosure.
  Triggers on privacy, ZK proof, commitment, nullifier, or confidential computing questions.

Privacy Patterns for Midnight

Design and implement privacy-preserving applications using zero-knowledge proofs.

Core Privacy Model

ConceptDescriptionVisibility
PublicLedger stateEveryone
PrivateCircuit inputsOnly prover
WitnessProver-provided dataOnly prover
DisclosedExplicitly revealedEveryone

Reference Files

TopicResource
Zero-Knowledge Basicsreferences/zk-fundamentals.md
Commitment Schemesreferences/commitments.md
Nullifier Patternsreferences/nullifiers.md
Selective Disclosurereferences/selective-disclosure.md

Pattern Overview

1. Commitment Scheme

Hide a value while binding to it:

compact
commitment = persistentCommit(value, randomness);
// Later: prove you know the opening

2. Nullifier Pattern

Prevent double-use without revealing identity:

compact
nullifier = transientHash(secret, commitment);
// Can only be generated once per commitment

3. Selective Disclosure

Prove properties without revealing data:

compact
// Prove over 18 without revealing actual age
disclose(age >= 18);  // Only boolean is public

4. Merkle Membership

Prove membership in a set without revealing position:

compact
// Verify path from leaf to root
assert verifyMerklePath(leaf, proof, root);

Quick Examples

Private Balance Check

compact
// Only reveal if balance is sufficient, not actual amount
export circuit checkFunds(balance: Uint<64>, required: Uint<64>): Boolean {
  return disclose(balance >= required);
}

Anonymous Voting

compact
export circuit vote(voter: Bytes<32>, choice: Boolean): [] {
  // Voter identity disclosed (prevents double voting)
  hasVoted.insert(voter);
  // Choice remains private, only totals change
  if (choice) { yesCount = yesCount + 1; }
}

Commitment-Reveal

compact
witness randomness: Field;

// Phase 1: Commit
export circuit commit(value: Uint<64>): Field {
  return persistentCommit(value, randomness);
}

// Phase 2: Reveal
export circuit reveal(value: Uint<64>, commitment: Field): [] {
  assert persistentCommit(value, randomness) == commitment;
  disclose(value);
}

Privacy Best Practices

  • ✅ Use witness for data that should never appear on-chain
  • ✅ Use persistentCommit (with randomness) to hide values
  • ✅ Use nullifiers to prevent double-actions
  • ✅ Disclose only what's necessary (prefer booleans)
  • ❌ Don't store unhashed sensitive data on ledger
  • ❌ Don't use predictable randomness in commitments
  • ❌ Don't reveal intermediate values unnecessarily

Privacy Levels

text
┌────────────────────────────────────────────────┐
│ Level 0: Fully Public                          │
│ - All data visible on-chain                    │
├────────────────────────────────────────────────┤
│ Level 1: Hidden Values                         │
│ - Commitments on-chain, values private         │
├────────────────────────────────────────────────┤
│ Level 2: Unlinkable Actions                    │
│ - Nullifiers prevent linking actions           │
├────────────────────────────────────────────────┤
│ Level 3: Anonymous Membership                  │
│ - Merkle proofs hide set position              │
└────────────────────────────────────────────────┘

When to Use Each Pattern

PatternUse Case
CommitmentSealed bids, hidden votes before reveal
NullifierPreventing double-spend, one-time tokens
Merkle ProofMembership in allowlist without revealing identity
Selective DisclosureAge verification, credential proofs

Resources