Midnight's proving system switched from Pluto Eris to BLS
Kachina employs non-interactive zero-knowledge proofs to allow users to prove valid state transitions without revealing private data.
This transition has been completed. Midnight now uses BLS12-381 as its proving system.
Midnight leverages the Kachina protocol for privacy-preserving smart contracts using Universal Composition (UC) model to enable secure, decentralized computations with zero-knowledge proofs, splitting contracts state into public (on-chain) and private (off-chain) components for scalable privacy.
Midnight currently uses ZK-SNARKs based on the Kachina framework with the BLS12-381 curve for its proving system, ensuring privacy-preserving smart contracts. As part of the Testnet upgrade on April 28, 2025, Midnight switched from Pluto-Eris to BLS12-381 to improve efficiency and security, leveraging BLS12-381's pairing-based properties to enhance performance in transactions.
Why Midnight switched to BLS
| Pluto-Eris | BLS12-381 | |
|---|---|---|
| Trusted Setup | Needs ceremony | Existing |
| Cryptography | Non-standard | Standard |
| Transaction time | Slower | Faster |
| Transaction size | 6 kb / proof | 5 kb / proof |
| Tx verification time | 12 ms / proof | 6 ms / proof |
| Architectural complexity | High | Low |
| Maintainability | Hard | Feasible |
| Cost of recursive step | Smaller circuits / higher CPU cost | Larger circuits / lower CPU cost |
Moving away from trusted setup ceremony
One of the most compelling reasons to adopt BLS12-381 is its use of an existing, standardized trusted setup. Pluto-Eris, by contrast, requires a bespoke ceremony. With BLS12-381, we leverage a pre-established setup that has already been widely vetted and accepted in the cryptographic community.
Embracing standardized cryptography
Pluto-Eris relies on non-standard cryptography, which, while innovative, poses risks in terms of interoperability and long-term support. BLS12-381, however, is built on standard cryptographic primitives that are well-understood, extensively tested, and broadly adopted. Standardization reduces the likelihood of vulnerabilities and ensures compatibility with other systems, making BLS12-381 a more future-proof choice.
Boosting transaction performance
Performance is a critical factor in any cryptographic system, and BLS12-381 outshines Pluto Eris across several key metrics. Transactions on BLS12-381 are faster, with verification times slashed from 12 milliseconds per proof in Pluto Eris to just 6 milliseconds. Additionally, transaction sizes are more compact, dropping from 6 kilobytes per proof to 5 kilobytes, allowing for more efficient use of bandwidth and storage. These improvements translate to a smoother, more scalable user experience across the Midnight platform.
Simplifying architecture and maintenance
Architectural complexity is another area where BLS12-381 has a clear edge. Pluto Eris is burdened by a high level of complexity, making it harder to maintain.
Balancing cost and efficiency in recursion
Recursive proofs are a cornerstone of advanced cryptographic applications, and the two systems handle them differently. Pluto Eris delivers smaller circuits but at a higher CPU cost, which can strain computational resources as usage scales. BLS12-381 flips this tradeoff, opting for larger circuits with a lower CPU cost.
In short, BLS12-381 offers a compelling blend of performance, simplicity, and reliability than Pluto Eris.
💥 Impact on developers
The transition to BLS12-381 occurred on April 28, 2025, as part of the Testnet upgrade. This change was not backward compatible, requiring developers to adopt BLS-compatible components. These components include:
- midnight.js
- wallet
- examples
- proof-server
Existing Compact code remained functional but required recompilation and redeployment to align with the BLS12-381 standard. The transition to BLS12-381 paved the way for a significantly more performant developer experience with faster transactions.
👉 For support, join the Midnight Discord!