A Private State Tree is a cryptographic data structure, often a Merkle tree or Verkle tree, that stores and manages the private state of user accounts within a privacy-preserving smart contract platform. Unlike the public state tree visible to all network participants, this separate, encrypted tree contains data like token balances and contract variables that are only accessible to the account owner and authorized parties. This architecture is fundamental to privacy-focused Layer 2 solutions and zk-rollups, allowing for confidential transactions and computations while leveraging the underlying blockchain's security for settlement.
LABS
Glossary
Private State Tree
A Private State Tree is a cryptographic accumulator, such as a Merkle or Verkle tree, that commits to private user states while keeping the individual state data encrypted or hidden.
Chainscore © 2026
definition
CRYPTOGRAPHY
What is a Private State Tree?
A cryptographic data structure enabling private smart contract execution on public blockchains.
The core mechanism relies on zero-knowledge proofs (ZKPs), particularly zk-SNARKs or zk-STARKs. When a user performs a private transaction, they generate a proof that validates the state transition—such as a valid spend or contract execution—without revealing the inputs or the new state itself. The public blockchain only verifies this proof and updates a cryptographic commitment (the root hash) of the Private State Tree. This ensures data availability and consensus for the state's integrity without exposing its contents, a principle central to zk-rollup designs like Aztec and Zcash.
Managing this private state introduces unique challenges, primarily around key management and state synchronization. Users must securely store the private keys needed to decrypt their portion of the tree and generate validity proofs. Furthermore, to interact with the network, users must maintain an up-to-date, local copy of the relevant parts of the Private State Tree, a process that can involve downloading commitments or nullifiers to prevent double-spends. This contrasts with the seamless state access in fully transparent networks like Ethereum mainnet.
The primary use cases for Private State Trees are in confidential DeFi, private voting mechanisms, and enterprise applications requiring transaction secrecy. For example, a decentralized exchange built on this technology could hide trading amounts and wallet balances, while still proving solvency and valid trade execution. This enables financial privacy without resorting to fully opaque, centralized systems, aligning with the decentralized ethos while addressing regulatory concerns through selective disclosure via viewing keys.
It is crucial to distinguish a Private State Tree from related concepts. It is not a mixer, which obfuscates transaction trails on a public ledger, but a fundamental component for private stateful computation. It also differs from fully homomorphic encryption (FHE), which allows computation on encrypted data, as the Private State Tree model typically requires data to be decrypted locally by the user before generating a zero-knowledge proof of the computation's correctness.
how-it-works
MECHANISM
How a Private State Tree Works
A technical breakdown of the cryptographic data structure that enables private smart contracts by separating confidential state from public blockchain data.
A Private State Tree (PST) is a cryptographic data structure, often a Merkle or Verkle tree, that stores the confidential state of user accounts and smart contracts separately from a blockchain's public state. This separation is the core mechanism for privacy in networks like Aztec, allowing transactions to privately update balances and contract variables. The tree's root is periodically committed to the public ledger, providing a cryptographic commitment to the entire private state without revealing its contents. Users can generate zero-knowledge proofs to demonstrate they possess valid state transitions, enabling the network to verify updates to the private state tree's root without learning the underlying data.
The system relies on note-based accounting, where assets or state variables are represented as encrypted 'notes' stored in the PST. Each note is owned by a user and can only be decrypted with their private key. To execute a private transaction—such as a transfer—a user consumes existing notes and creates new ones, destroying the old state and creating the new. This process, along with the updated Merkle proofs for the notes' inclusion and exclusion, is proven valid within a zero-knowledge proof (e.g., a zk-SNARK). The proof is then submitted to the network, which only sees the proof and the new root of the PST, not the notes' values or owners.
Maintaining the PST requires a network of nodes, often called providers or piscina nodes, that store the encrypted data and help users construct proofs. Users interact with these nodes to fetch their encrypted notes and the necessary Merkle proofs for the current state. Crucially, these nodes cannot decrypt the data without the user's keys. This architecture creates a split between data availability (handled by these private nodes) and data validity (ensured by the zero-knowledge proofs and the public blockchain). It enables scalable privacy, as the heavy data storage is off-chain, while the integrity of the entire system is secured on-chain.
From a user's perspective, interacting with a PST feels like using a private blockchain embedded within a public one. A wallet generates proofs locally for transactions, shielding details from even the sequencer or block producer. This model supports complex private smart contracts (private dApps) where contract logic is executed client-side, and only validity proofs are published. The trade-offs include reliance on an external data availability layer for the encrypted state and the computational cost of generating zero-knowledge proofs, though ongoing advancements in proof systems and hardware acceleration continue to improve efficiency.
key-features
ARCHITECTURE
Key Features of Private State Trees
Private State Trees (PSTs) are a cryptographic data structure enabling selective privacy on public blockchains. They allow users to manage private assets and data while leveraging the underlying chain's security.
01
Zero-Knowledge Proofs (ZKPs)
The core cryptographic primitive enabling privacy. ZK-SNARKs or ZK-STARKs allow a user to prove the validity of a state transition (e.g., a private transaction) without revealing the underlying inputs, amounts, or addresses. This provides computational integrity and data confidentiality.
02
Commitment Scheme
Private state is represented by cryptographic commitments (e.g., Pedersen or Poseidon hashes) stored on-chain. A commitment is a one-way function that hides the data but binds the user to it. The Merkle tree root of all commitments serves as the single, public anchor point for the private state.
03
Nullifier Mechanism
Prevents double-spending of private assets. When a private note is spent, a unique nullifier is generated and published on-chain. This acts as a public flag that the input commitment has been consumed. The network rejects any future transaction attempting to use the same nullifier.
04
Decoupled Execution & Verification
Execution (Proving): Transactions are constructed and proven off-chain in a user's wallet, generating a ZK proof. Verification: Only the small proof and public outputs (nullifiers, new commitments) are broadcast. The network verifies the proof's validity in constant time, enabling scalability.
05
Viewing Keys & Selective Disclosure
Users can grant auditability without sacrificing default privacy. A viewing key allows designated parties (e.g., auditors, tax authorities) to decrypt and view transaction history for specific accounts. This enables compliance while maintaining user sovereignty over data sharing.
06
Underlying Consensus & Data Availability
PSTs rely on the base layer's consensus (e.g., Ethereum's L1) for finality and security. The public data (roots, nullifiers, proofs) must be available on-chain. This design ensures the private system inherits the censorship-resistance and liveness guarantees of the public ledger.
examples
PRIVATE STATE TREE
Examples & Implementations
The Private State Tree is a core cryptographic primitive enabling private smart contracts. These examples illustrate its practical applications and the protocols implementing it.
03
Private Asset Transfers
The most direct application, hiding the sender, recipient, and amount of a token transfer.
- A user's balance is represented by one or more private notes (UTXOs) in the tree.
- To send funds, the user consumes existing notes (creating nullifiers) and creates new notes for the recipient.
- The zk-SNARK proof demonstrates the user knew the notes, the sum is conserved, and nullifiers are correctly generated, all without revealing any note details.
04
Private DeFi Interactions
Using the Private State Tree to interact with public DeFi protocols while shielding user activity.
- A user can privately deposit into a rollup bridge contract (public state).
- The bridge then interacts with a public DEX or lending pool on L1.
- The user's ultimate withdrawal back to a private note hides their link to the public interaction, achieving transaction graph privacy.
05
State Transition Logic
The core computational model defining how the tree is updated. A private function must specify:
- Input Notes: The private state commitments being spent.
- Output Notes: The new commitments being created.
- Nullifiers: The unique identifiers for spent notes.
- Public Data: Any data to be emitted to the public Ethereum calldata. The zk-SNARK proves this logic was followed correctly for the proposed tree root update.
06
L2 Rollup Architecture
How the Private State Tree fits into a ZK-Rollup system.
- Sequencer: Aggregates private transactions, builds the proof, and proposes a new root.
- Prover: Generates the validity proof for the batch of state transitions.
- Verifier Contract: On L1, checks the proof and updates the canonical root hash of the Private State Tree.
- Data Availability: Encrypted note data is made available for users to sync their state.
visual-explainer
CONCEPTUAL OVERVIEW
Visualizing a Private State Tree
An exploration of the data structure that enables private transactions and state management in blockchain systems like Aztec and Aleo.
A Private State Tree is a cryptographic data structure, typically a Merkle tree or similar accumulator, that stores and proves the state of private accounts or assets within a privacy-focused blockchain or layer-2 network. Unlike a public blockchain's transparent state tree, the leaves of a private state tree contain encrypted commitments or nullifiers that represent private data, such as token balances or smart contract state, which are only decryptable and provable by the asset's owner. This structure allows the network to validate state transitions—like a private transfer—without revealing the underlying transaction details, balancing privacy with cryptographic verifiability.
Visualizing this tree helps clarify its role in privacy protocols. Imagine a Merkle tree where each leaf is a hashed commitment to a private note (e.g., commitment = hash(amount, owner_public_key, secret_nonce)). The tree's root is a succinct cryptographic fingerprint of all current private states, published on-chain. To spend a private asset, a user must prove, via a zero-knowledge proof (ZKP), that a valid commitment exists as a leaf in this tree without revealing which one, and then provide a nullifier to mark it as spent. This process updates the tree root, maintaining a consistent, verifiable history of private state changes visible to all, but interpretable only by involved parties.
The practical implementation involves constant evolution. As users create new private notes (new leaves) and spend old ones (generating nullifiers), the Private State Tree must be updated. Protocols often use an append-only tree managed by a sequencer or prover, with old roots preserved to allow users to generate proofs against historical states. Key challenges include efficient proof generation for deep trees and managing the state growth, often addressed with techniques like incremental Merkle trees or Verkle trees. This structure is fundamental to zk-rollups with privacy features, enabling scalable, confidential decentralized applications (dApps) that operate with the same finality guarantees as their underlying chain.
ecosystem-usage
PRIVATE STATE TREE
Ecosystem Usage
The Private State Tree is a core cryptographic primitive enabling private smart contracts by managing off-chain, encrypted state data. It allows applications to maintain user-specific data that is hidden from the public blockchain and other users.
01
Private Smart Contracts
Enables the execution of confidential smart contracts where contract logic and user-specific state are hidden. This is foundational for:
- Private DeFi: Lending, trading, and yield strategies where positions are not publicly visible.
- Private NFTs & DAOs: Membership and voting rights that preserve participant anonymity.
- Enterprise Applications: Business logic and sensitive commercial terms executed on-chain without public disclosure.
02
User-Controlled Data
Empowers users with sovereign control over their private data. The tree structure allows each user to manage their own encrypted state branch, enabling:
- Selective Disclosure: Users can cryptographically prove specific facts (e.g., credit score, KYC status) without revealing underlying data.
- Data Portability: Private state can be migrated or used across different applications within the same ecosystem.
- Revocable Access: Users can grant and revoke application access to specific slices of their private state.
03
Scalability & Efficiency
Moves the bulk of state storage and computation off-chain, addressing scalability bottlenecks. Key mechanisms include:
- State Compression: Only cryptographic commitments (hashes) of the private state are stored on-chain.
- Efficient Proofs: Applications use zero-knowledge proofs (ZKPs) or similar to prove valid state transitions without revealing data.
- Reduced On-Chain Footprint: Minimizes gas costs and blockchain bloat by keeping detailed data off the public ledger.
04
Interoperability Bridge
Acts as a secure conduit for private data to interact with public blockchain infrastructure. This enables hybrid applications that combine public liquidity with private logic.
- Connects to Public DEXs: A private trading strategy can execute swaps on a public AMM like Uniswap without revealing its intent.
- Oracle Integration: Can privately consume price feeds or other external data to trigger confidential actions.
- Cross-Chain Privacy: Serves as a component in architectures aiming for private state across multiple blockchain networks.
05
Regulatory Compliance
Provides a technical framework for building compliant decentralized applications by enabling auditability without full transparency.
- Regulator Views: Authorized entities (e.g., auditors, tax authorities) can be granted special access keys to view specific private state for compliance checks.
- Transaction Privacy: Allows users to satisfy Travel Rule or other reporting requirements by sharing data selectively with VASPs, not the entire network.
- Proof of Compliance: Applications can generate ZK proofs that transactions adhere to rules (e.g., sanctions list checks) without revealing user identities.
security-considerations
PRIVATE STATE TREE
Security & Privacy Considerations
A Private State Tree is a cryptographic data structure that enables selective privacy for user state within a public blockchain, balancing transparency with confidentiality.
01
Core Cryptographic Mechanism
A Private State Tree uses zero-knowledge proofs (ZKPs) and commitment schemes to manage private data. User state is stored off-chain in a private wallet or enclave, while only a cryptographic commitment (e.g., a hash) is posted on-chain. This allows users to prove the validity of state transitions (like a balance update) without revealing the underlying data.
02
Privacy vs. Auditability Trade-off
While private state is hidden from the public, selective disclosure mechanisms allow users to prove specific facts to counterparties or auditors. This creates a spectrum:
- Full Privacy: State is known only to the user.
- Regulatory Compliance: Proofs can be shared with authorized entities.
- Public Proof: A user can prove a claim (e.g., 'I have >X tokens') without revealing the exact amount.
03
Nullifier & Double-Spend Prevention
To prevent double-spending of private assets, the system uses nullifiers. When a private note or token is spent, a unique nullifier for that note is published on-chain. The blockchain maintains a set of all used nullifiers, making any attempt to spend the same note again publicly detectable and rejectable, even though the asset's origin and destination remain private.
04
Implementation Example: zkRollups
zkRollups like zkSync and Aztec implement private state trees for scalable, private transactions. They batch thousands of transfers into a single ZK proof submitted to L1. Users hold private notes representing their balance, and the rollup's state tree is a Merkle tree of these note commitments. Only the root of this tree is stored on Ethereum.
05
Key Security Assumptions
The security of a private state tree depends on several critical assumptions:
- Cryptographic Security: The underlying ZKP system and hash function must be secure.
- Data Availability: Users must reliably store their private data off-chain; loss means permanent loss of funds.
- Trusted Setup: Some systems require a one-time trusted ceremony, introducing a potential risk if compromised.
06
Comparison with Public State
Contrasts with a traditional Merkle Patricia Trie used by Ethereum for public state.
| Aspect | Public State Tree | Private State Tree |
|---|---|---|
| Data Visibility | Fully transparent | Encrypted/committed only |
| Proof Type | Merkle proof | Zero-knowledge proof |
| On-chain Footprint | Stores all state data | Stores only commitments & nullifiers |
| Use Case | General smart contracts | Private payments, confidential DeFi |
PRIVATE STATE TREE
Frequently Asked Questions (FAQ)
Essential questions and answers about Private State Trees, a core cryptographic data structure enabling private smart contracts on blockchains.
A Private State Tree is a cryptographic data structure, typically a Merkle tree or a variant like a Sparse Merkle Tree (SMT), that stores the private state of user accounts in privacy-focused blockchain systems like Aztec or Zcash. Unlike a public blockchain's state tree, its contents (e.g., account balances, note commitments) are encrypted or represented by commitments, making the actual data observable only to users with the correct viewing keys. The tree's root is published on-chain, allowing the network to verify state transitions without revealing underlying details.
Key components include:
- Commitments: Hashed representations of private data (e.g., a note).
- Nullifiers: Unique identifiers that 'spend' a commitment, preventing double-spends.
- Root: The cryptographic hash of the entire tree's state, anchored on-chain.
ARCHITECTURAL OVERVIEW
Private vs. Public State Tree Comparison
A technical comparison of state tree implementations for private and public data within a blockchain system.
| Feature | Public State Tree | Private State Tree |
|---|---|---|
Data Visibility | Globally readable and verifiable | Only accessible to authorized parties |
State Root | Published to the public blockchain | Published as a private commitment (e.g., nullifier) |
Proof System | Standard Merkle-Patricia proofs | Zero-knowledge proofs (zk-SNARKs/zk-STARKs) |
Consensus Dependency | Validated by network consensus | Validity proven cryptographically off-chain |
Storage Location | On-chain, replicated by all nodes | Off-chain, managed by users or committees |
State Transition | Executed and validated publicly | Executed privately, proof is validated publicly |
Gas/Compute Cost | High (on-chain execution) | Low (off-chain execution, on-chain verification) |
Use Case Example | Native token balances, contract code | Private transactions, confidential identities |
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall