In the context of zero-knowledge proofs (ZKPs) and zk-SNARKs, a private input or witness is the secret information known only to the prover. It serves as the evidence for a computational statement. For example, to prove you know the password to an account without revealing it, the password is your private witness. The proof system cryptographically processes this witness, along with the public statement, to generate a succinct proof that can be verified without exposing the underlying secret data. This separation between public parameters and private evidence is fundamental to privacy-preserving protocols.
LABS
Glossary
Private Input (Witness)
Private Input, often called a Witness, is the secret data known only to the prover in a zero-knowledge proof, which satisfies the constraints of the circuit but is not revealed to the verifier.
Chainscore © 2026
definition
CRYPTOGRAPHY
What is Private Input (Witness)?
A private input, often called a witness, is the confidential data a user provides to a zero-knowledge proof (ZKP) system to prove a statement is true without revealing the data itself.
The technical role of the witness is defined by an arithmetic circuit or a set of constraints. When you create a ZKP, you are essentially demonstrating that you possess a witness that satisfies all these constraints. In a blockchain transaction, a witness could be a private spending key, a secret balance, or the pre-image of a hash. Systems like Zcash and various Layer 2 rollups (e.g., zk-Rollups) rely on witnesses to validate transactions while keeping user data confidential on-chain. The security of the entire system depends on the witness remaining truly private and unforgeable.
Managing witnesses involves significant computational overhead and security considerations. Generating a proof requires the prover to perform complex computations over the witness data, which can be resource-intensive. Furthermore, the system must be designed so that the witness cannot be deduced from the resulting proof—a property known as zero-knowledge. In practice, applications use specialized toolchains (like Circom or Noir) to define circuits and handle witness generation. The elegance of the concept is that it allows for trustless verification of state transitions or asset ownership, forming the backbone of scalable and private blockchain applications.
etymology
PRIVATE INPUT
Etymology: Witness
Tracing the cryptographic and legal origins of the term 'witness' in zero-knowledge proofs and blockchain protocols.
In cryptographic protocols, a witness is the private input or secret data that satisfies a given computational statement, serving as the 'proof' that a prover knows something without revealing the thing itself. The term originates from complexity theory, where it describes a solution that verifies a statement is in an NP (nondeterministic polynomial time) language. For example, in the statement 'I know the prime factors of this large number,' the prime factors themselves are the witness. This concept is foundational to zero-knowledge proofs (ZKPs), where the prover convinces a verifier of a claim's truth using the witness, while the witness remains entirely confidential.
The legal analogy is direct and intentional: a witness in a courtroom provides testimony (proof) to establish a fact, but their full knowledge and experience remain private. In systems like zk-SNARKs, the witness is the set of private variables that, when processed through a circuit or constraint system, generate a valid proof. It is the secret 'key' that makes the public statement true. The security of the entire protocol hinges on the witness's confidentiality; if exposed, it would compromise the prover's secret and nullify the system's privacy guarantees. This makes witness generation and handling a critical, often computationally intensive, step in ZKP applications.
In blockchain contexts, the witness is crucial for scaling and privacy solutions. For ZK-rollups, the witness includes all the private state changes from off-chain transactions, which are cryptographically summarized into a succinct proof posted on-chain. The evolution of the term also reflects a shift from pure theory to applied engineering, with frameworks like Circom and libsnark providing languages specifically for 'writing' circuits that define how a witness is structured and validated. Understanding the witness is key to grasping the mechanics of trustless verification, where one party can cryptographically confirm the integrity of another's computation without accessing the underlying private data.
key-features
ZK-PROOF FUNDAMENTALS
Key Features of a Private Input (Witness)
A private input, or witness, is the confidential data a prover uses to generate a zero-knowledge proof, enabling verification without revealing the underlying information.
01
Core Definition & Role
A private input is the secret data known only to the prover, which is used as an input to a constraint system or circuit to generate a zero-knowledge proof (ZKP). It is the 'witness' to a statement's truth. For example, to prove you know the preimage of a hash H(x) without revealing x, the value x is the private input. The proof demonstrates correct computation using x while keeping it hidden.
02
Separation from Public Inputs
In ZK systems, inputs are strictly partitioned. Public inputs are known to both prover and verifier (e.g., a blockchain state root or a public key). Private inputs are kept secret. This separation is formalized in the Rank-1 Constraint System (R1CS) or arithmetic circuit, where the proof attests that there exists some private input satisfying all constraints with the given public input.
03
Mathematical Representation
In ZK-SNARKs and ZK-STARKs, the private input is often represented as a vector w (the witness). The statement being proven is that for a public input vector x, there exists a w such that a specific Boolean or arithmetic circuit C(x, w) = 0. The proof cryptographically commits to w without disclosing its components, allowing the verifier to check the relation using the proof and x alone.
04
Applications & Examples
- Private Transactions: The sender, receiver, and amount are private inputs to a ZK circuit, while the updated Merkle root is public.
- Identity Proofs: Your birth date or ID number is a private input to prove you are over 18.
- Gaming: A secret move or strategy is a private input to prove a game state transition is valid.
- ZK-Rollups: The new state root is computed from private user transactions (witnesses) and published as a public input.
05
Security & Trust Assumptions
The security of the private input relies on the zero-knowledge property of the proof system, which guarantees the proof reveals nothing beyond the truth of the statement. However, the prover must ensure the private input is never reused in a way that compromises it (e.g., in a different context) and that the initial trusted setup (for some SNARKs) was performed correctly to prevent parameter forgery.
06
Related Technical Concepts
- Arithmetic Circuit: The computational model where private inputs are wired.
- ZK-VM (Zero-Knowledge Virtual Machine): A system that executes arbitrary programs where the execution trace is the private witness.
- Witness Encryption: A cryptographic primitive that allows encryption of a message that can only be decrypted by someone who knows a specific witness.
- zkEVM: An Ethereum Virtual Machine compatible ZK-rollup where the private input is the batch of L2 transactions.
how-it-works
ZERO-KNOWLEDGE PROOF MECHANICS
How Private Input (Witness) Works in a ZKP
An explanation of the private data, known as the witness, that is kept secret while proving a statement's truth in a zero-knowledge proof system.
In a zero-knowledge proof (ZKP), the private input, also called the witness, is the secret data known only to the prover that satisfies the constraints of the statement being proven. This data is the essential, confidential ingredient that allows the prover to generate a proof without revealing the data itself. For example, to prove you know the pre-image of a hash without revealing it, the pre-image is your private witness. The ZKP protocol cryptographically processes this witness to produce a proof that is verifiable using only public parameters and the statement's public inputs.
The witness is processed within an arithmetic circuit or a similar constraint system that encodes the rules of the statement. The prover uses the witness values to generate a proof, often involving complex polynomial commitments and evaluations. Critically, the proof reveals that a valid witness exists, but leaks zero knowledge about the witness's actual value. This separation between private witness and public proof is the core of ZK privacy. The security relies on cryptographic assumptions that make it computationally infeasible to derive the witness from the proof.
In practical applications, the witness can represent various forms of confidential data: a secret key for authentication, the details of a private transaction amount, the solution to a puzzle, or personal identity attributes. Systems like zk-SNARKs and zk-STARKs have different methods for witness handling, but the fundamental principle remains. The prover's software compiles the secret data and the public statement into the witness format required by the specific proof system's backend prover algorithm.
For developers, working with witnesses involves careful circuit design to ensure all operations on the private data are correctly constrained, preventing the prover from cheating. Tools like Circom or ZoKrates require the developer to define these constraints explicitly. The witness is then generated by providing the private inputs to this circuit. Any error in constraint design can create security vulnerabilities, allowing a prover to generate a valid proof with an incorrect or fabricated witness, breaking the system's soundness.
visual-explainer
ZK-PROOF FUNDAMENTALS
Visual Explainer: The Role of the Witness
A deep dive into the private input, or witness, which is the secret data that a prover uses to generate a zero-knowledge proof, enabling verification without revealing the underlying information.
In the context of zero-knowledge proofs (ZKPs), a private input, commonly called a witness, is the confidential data known only to the prover that satisfies the constraints of a computational statement. The prover uses this witness to generate a proof that convinces a verifier a statement is true—such as "I know the secret key for this public address" or "this transaction is valid"—without disclosing the witness itself. This separation of public statement and private proof is the core mechanism enabling privacy and scalability in blockchain applications like zk-Rollups and private transactions.
The witness acts as the solution to a set of equations or logical rules defined by an arithmetic circuit or R1CS (Rank-1 Constraint System). For example, in a transaction, the witness would include the sender's private key, the transaction amount, and the recipient's address. The proving algorithm cryptographically processes this witness alongside the public inputs to produce a succinct proof. The security guarantee is that it is computationally infeasible to create a valid proof without possessing a valid witness that satisfies all the circuit's constraints.
Managing the witness is a critical operational concern. It must be handled securely by the prover's client software, as its exposure would compromise the secret it protects. In systems like zkEVMs, the witness is generated by executing the smart contract or transaction locally in a special mode that records the execution trace. This trace, the witness, is then fed into a proving system (e.g., Groth16, PLONK) to generate the final proof submitted to the blockchain for cheap and fast verification by anyone.
examples
ZK-PROOF COMPONENTS
Examples of Private Inputs (Witnesses)
A private input, or witness, is the secret data a user provides to a zero-knowledge proof system to generate a valid proof without revealing the data itself. These examples illustrate common types of sensitive information protected by ZK cryptography.
01
Account Balance
A user can prove their account balance exceeds a certain threshold (e.g., for a loan) without disclosing the exact amount. The witness is the precise, secret account balance, while the public statement is the inequality (balance > X).
02
Transaction Details
In a confidential transaction, the sender, receiver, and amount can be kept private. The witness contains the real recipient's address and transfer amount, while the proof validates the transaction's correctness against the public ledger state.
03
Identity Credentials
A user proves they are over 18 or a citizen of a country without revealing their birth date or passport number. The witness is the actual credential data, and the ZK proof cryptographically verifies it satisfies the public policy requirement.
04
Game State or Solution
A player can prove they have solved a puzzle or possess a winning game state without revealing the solution, enabling fair verification. The secret move sequence or game state is the private witness input to the proof.
05
Medical or Financial Records
A patient can prove a lab result is within a healthy range for an insurance application without exposing the full medical report. The sensitive record data serves as the witness, with the proof attesting to a specific, anonymized claim.
06
Voting Selection
In a private voting system, a voter proves their ballot was correctly formed and counted without revealing who they voted for. Their actual vote choice is the private input, ensuring both ballot integrity and voter privacy.
ecosystem-usage
PRIVATE INPUT (WITNESS)
Ecosystem Usage: Protocols & Chains
A private input, or witness, is the confidential data a user provides to a zero-knowledge proof system to prove a statement is true without revealing the data itself. This section explores how major protocols and chains implement and utilize this fundamental cryptographic primitive.
security-considerations
PRIVATE INPUT (WITNESS)
Security & Privacy Considerations
A private input or witness is the secret data a prover uses to generate a zero-knowledge proof, kept hidden from the verifier. This section explores the security models and privacy guarantees surrounding this critical component.
01
Core Definition & Role
A private input (or witness) is the confidential data known only to the prover in a zero-knowledge proof system. It is the secret ingredient used to satisfy a public computational statement (the relation) without revealing the data itself. The proof demonstrates knowledge of a valid witness, providing privacy and selective disclosure.
- Example: In proving you are over 18, your birthdate is the private witness; the proof only reveals the statement 'age > 18' is true.
02
Trusted Setup & Toxic Waste
For many zk-SNARK constructions, a trusted setup ceremony generates public parameters. A critical security requirement is the secure destruction of the toxic waste—random numbers used during setup. If compromised, an attacker could forge proofs.
- Perils: Leaked toxic waste allows creation of false proofs from valid public inputs.
- Mitigations: Use ceremonies with multiple participants (MPC) or transparent systems like zk-STARKs that require no trusted setup.
03
Data Availability & State Validity
In blockchain scaling (e.g., zk-Rollups), the private witness often includes the new state root. The corresponding public data (transactions) must be published to ensure data availability. If data is withheld, the network cannot reconstruct the state or verify the proof's correctness, breaking state validity.
- Risk: A malicious sequencer could publish a valid proof but withhold data, creating an unverifiable state transition.
04
Privacy Leakage & Correlation
While the witness is private, metadata and system design can leak information. Correlation attacks link proofs across transactions or with public on-chain data to infer the witness.
- Examples: Unique timing, consistent proof amounts, or interacting with a known public address can deanonymize a user.
- Defense: Use mixing, semantic privacy techniques, and ensure the proof system does not inadvertently encode identifying patterns.
05
Prover Malice & Soundness
The cryptographic soundness of a proof system guarantees a prover cannot create a valid proof for a false statement. This security property is mathematically proven under assumptions (e.g., computational hardness).
- Assumptions: Systems rely on problems like elliptic curve discrete log or collision-resistant hashing.
- Audit Imperative: Bugs in circuit design (the program defining the statement) or prover implementation are the most common real-world failure points, allowing invalid state transitions.
06
Verifier Trust & Decentralization
The verifier is the entity checking the proof. In decentralized systems, trust must be minimized.
- On-Chain Verification: Smart contracts act as verifiers, requiring gas-efficient proof verification. Any party can challenge.
- Off-Chain Trust: If verification happens off-chain (e.g., by a committee), the system inherits that group's trust assumptions, moving away from permissionless security.
ZK-PROOF DATA VISIBILITY
Comparison: Private Input vs. Public Input
A comparison of the two primary data types used as inputs to a zero-knowledge proof circuit, distinguished by their visibility on-chain.
| Feature | Private Input (Witness) | Public Input |
|---|---|---|
On-Chain Visibility | ||
Data Proven | Any computation or state | Specific statement or result |
Circuit Dependency | Required for proof generation | Required for proof verification |
Example Use | Secret key, personal data, intermediate state | Final hash, public key, contract address |
Storage Location | Off-chain (prover's local environment) | On-chain (calldata or state) |
Integrity Guarantee | Integrity of computation is proven | Integrity of the proven statement is verified |
Primary Function | Enable proof generation without revealing secrets | Enable public verification of the proof's claim |
PRIVATE INPUTS & WITNESSES
Common Misconceptions
Clarifying the technical reality behind common misunderstandings about private inputs, witnesses, and data privacy in zero-knowledge and other cryptographic systems.
No, a private input is not encrypted data; it is raw, unencrypted data that is kept secret from the public verifier but is required by the prover to generate a valid proof. Encryption transforms data into a ciphertext that requires a key to decrypt, while a private input is used directly in a computation whose output is proven, not the input itself. For example, in a ZK-SNARK proving you are over 18, your birth date is a private input used in the calculation, but the proof only reveals the statement "age > 18" is true, not the date. The data remains on the prover's machine and is never transmitted in any form.
PRIVATE INPUTS & WITNESSES
Frequently Asked Questions (FAQ)
Private inputs, often called witnesses, are the secret data a user provides to a zero-knowledge proof system to generate a valid proof without revealing the underlying information. This section answers common developer questions about their role, security, and implementation.
A private input, or witness, is the secret data known only to the prover that is used as an input to a zero-knowledge proof (ZKP) circuit or program. The witness satisfies the constraints of the circuit's arithmetic relations, proving the prover possesses certain knowledge, but the data itself is never revealed in the final proof or on-chain. For example, in a ZK-SNARK proving you own a wallet with a balance over 10 ETH, your private key and exact balance would be the witness, while the public proof only attests to the statement's truth.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall