Noir

Noir is a domain-specific, Rust-inspired programming language designed for creating and verifying zero-knowledge proofs (ZKPs). It abstracts away the complex underlying cryptography, allowing developers to write privacy-preserving logic—known as circuits—using familiar programming constructs like functions, variables, and loops. Noir compiles this high-level code into an intermediate representation that can be proven by different ZK proving systems, such as Barretenberg, making it a versatile and backend-agnostic tool for the ZK ecosystem.

The language's architecture is built around the concept of an oracle, which allows a Noir program to securely request and use external data during proof generation without compromising the proof's integrity. This enables complex real-world applications where private computations must interact with public blockchain state or off-chain data feeds. Noir programs are typically structured into a main function that defines the public and private inputs, the core computational logic, and the constraints that must be satisfied for a valid proof.

A primary use case for Noir is building zkSNARK-based applications on blockchains like Aztec Network, where it is the native smart contract language. Developers use it to create private DeFi transactions, confidential voting systems, and identity attestations. By proving the correctness of a computation without revealing the inputs (e.g., account balances or vote choices), Noir enables a new paradigm of scalable and private on-chain activity.

Noir's toolchain includes nargo, the Noir package manager and command-line tool, which handles project creation, compilation, proof generation (nargo prove), and verification (nargo verify). This integrated development environment, combined with its readable syntax and growing standard library, significantly lowers the barrier to entry for developers entering the zero-knowledge cryptography space, shifting focus from cryptographic implementation to application logic.

The language is actively developed by Aztec Labs and the wider open-source community, with ongoing work to expand its feature set, improve performance, and increase the number of supported proving backends. As a key component of the ZK stack, Noir's evolution is central to realizing scalable, programmable privacy in Web3, making advanced cryptographic techniques accessible to a broader range of software engineers.

The term Noir is derived from the French word for 'black,' a deliberate choice that evokes the concept of a black box. In cryptography and computer science, a black box describes a system where internal workings are hidden, yet its outputs can be verified—a perfect analogy for a zero-knowledge proof (ZKP). Noir, as a language, allows developers to construct these cryptographic 'black boxes' where the privacy of the input data (the prover's secret) is preserved.

This naming aligns with a tradition in cryptography of using evocative, often dark-themed terminology—such as dark pools in finance or blacklist in security—to conceptually separate public, verifiable outputs from private, hidden inputs. The language's creation by Aztec Network further connects to this theme, as the Aztec protocol was initially focused on providing privacy (or 'darkness') for Ethereum transactions. Thus, Noir linguistically codifies its primary function: to shroud sensitive logic in cryptographic opacity while producing a verifiably correct proof.

The origin of Noir is intrinsically linked to the limitations of existing general-purpose ZKP frameworks. While languages like Circom or libraries such as libsnark offered powerful toolkits, they often required deep cryptographic expertise. Noir was created to abstract this complexity, providing a Rust-inspired syntax that feels familiar to mainstream software developers. Its development was driven by the need to make zk-SNARK and zk-STARK development more accessible, secure, and less error-prone by leveraging a higher-level, intuitive language that compiles down to intermediate representations like ACIR (Aztec's Intermediate Representation).

As a domain-specific language (DSL), Noir's design philosophy emphasizes developer experience and auditability. By choosing a name that immediately conveys its purpose, the creators signaled a shift from niche cryptographic engineering toward a more integrated, pragmatic toolchain for building zk-rollups, private smart contracts, and any application requiring verifiable computation. Its etymology, therefore, is not merely stylistic but a foundational statement about bringing privacy-preserving proofs out of theoretical obscurity and into practical, deployable code.

Noir operates as a high-level language that compiles down to an intermediate representation called ACIR (Abstract Circuit Intermediate Representation). This architecture separates the program's logical constraints from the underlying proof system (e.g., Barretenberg, Gnark). Developers write business logic in Noir's Rust-like syntax, which the compiler transforms into a rank-1 constraint system (R1CS), the mathematical format required for generating zk-SNARKs or zk-STARKs. This decoupling allows the same Noir program to be proven by different backend proving systems, enhancing flexibility and future-proofing.

The development workflow involves three core components: the Noir language for writing circuits, the Noir Proof System (Nargo) toolchain for compiling and proving, and a backend prover to execute the cryptographic heavy lifting. A developer defines private and public inputs, writes assertions about their relationships, and uses Nargo to generate a proof. The resulting proof can be verified by anyone with the correct verification key, confirming the statement's truth without revealing the secret inputs. This makes Noir ideal for applications like private transactions, identity attestations, and verifiable computation off-chain.

A key innovation is Noir's oracle system, which allows circuits to securely request external data during proof generation. Oracles enable proofs about real-world states—such as blockchain history or API responses—by allowing the prover to feed authenticated data into the circuit. Furthermore, Noir supports recursive proofs, where one proof can verify other proofs, enabling scalable zk-rollup constructions. Its standard library provides pre-built cryptographic primitives like hashes and signatures, accelerating development without requiring deep expertise in elliptic curve cryptography.

A Noir code example typically begins with a fn main() function, which serves as the program's entry point and defines the public inputs, private inputs, and the constraints that constitute the zero-knowledge circuit. For instance, a simple program proving knowledge of a preimage for a hash would declare a public output pub hash and a private input priv preimage, then use a function like std::hash::sha256 to assert the relationship between them with a constraint: assert(std::hash::sha256(preimage) == hash);. This constraint is the core logical statement the prover must satisfy.

The language's syntax is intentionally similar to Rust, providing developers with familiar constructs like functions, mutable variables with let mut, and loops. Noir programs do not execute in a traditional sense; instead, they are compiled into an intermediate representation and then into a proving system-specific format (e.g., for Barretenberg). This process creates the arithmetic circuit that defines the computational statement. Key standard library modules, accessible via use dep::std, provide cryptographic primitives for hashing, signature verification, and field operations essential for building complex business logic privately.

Beyond simple assertions, Noir supports more advanced patterns essential for real-world applications. This includes handling structured data like arrays and structs, implementing conditional logic, and performing operations within a finite field. A common advanced example is a Merkle tree membership proof, where the private input is a secret leaf and a merkle path, and the public input is the root. The code would recursively compute hash pairs up the path and constrain the final result to equal the public root, proving membership without revealing the leaf.

Developing with Noir involves a specific toolchain: the nargo package manager. A typical workflow uses nargo prove to generate a proof from a witness (valid private inputs) and nargo verify to check it against the proving key. Code is organized within a Nargo.toml project file. This ecosystem emphasizes deterministic execution; any non-deterministic operation or external call must be simulated via an oracle, which is an external function that provides data to the circuit during proof generation without being part of the constrained logic itself.

The primary use case for Noir is creating zkSNARKs and zkSTARKs for blockchain applications, particularly within the Aztec Network ecosystem for private smart contracts. However, its agnostic backend design allows it to target different proving systems. This flexibility, combined with its developer-friendly syntax, aims to abstract away the complex cryptography, enabling more engineers to write privacy-preserving applications where the proof validates execution correctness while keeping the inputs confidential.