Noir

Field	Details
Category	Zero-knowledge programming language, SNARK DSL, privacy tooling
Status	Open source; current docs show `v1.0.0-beta.20`, with dev docs also available
Primary audience	ZK application developers, protocol engineers, Solidity verifier authors, privacy app teams
Key capability	Write zero-knowledge programs in a high-level Rust-like language and compile them to ACIR for proving backends
Main tooling	`nargo` package manager/compiler, Noir language server, NoirJS, Barretenberg backend
Primary outputs	ACIR artifacts, witnesses, tests, circuit information, Solidity verifiers through compatible backends

English

Overview

Noir is an open-source domain-specific language for writing zero-knowledge programs without requiring developers to manually design cryptographic circuits. It uses a familiar Rust-like syntax, but its programs compile into constraints that can be proven and verified by SNARK proving systems.

The core design is backend agnosticism. Noir compiles source code into ACIR, the Abstract Circuit Intermediate Representation. A proving backend, most commonly Aztec's Barretenberg, then turns that representation plus a witness into a proof and verifier artifacts. This separates application logic from the proving system, making Noir useful for browser apps, mobile apps, backend services, and smart-contract verification flows.

Noir is especially useful when the application needs to prove that a statement is true while keeping some inputs private: ownership checks, credential predicates, game-state validation, private authorization, nullifier-based membership, compliance proofs, and on-chain verification of off-chain computation.

Why it matters

Developer-accessible ZK: Noir lets developers express constraints as programs instead of hand-building arithmetic circuits.
Backend flexibility: ACIR allows Noir programs to target compatible proving systems rather than binding the language to one backend.
Full-stack paths: Noir can be used with JavaScript tooling, generated Solidity verifiers, and backend proving workflows.
Private-by-default inputs: Function inputs are private unless explicitly marked pub, which encourages privacy-aware program design.
Reusable libraries: Noir packages can depend on other Noir libraries, supporting reusable primitives and project composition.
Testing before proving: nargo test, nargo check, and nargo execute make circuit development feel closer to normal software development.

Architecture/Concepts

Concept	Meaning
Noir program	Source code, usually in `src/main.nr`, that defines the statement to prove.
Constraint	A condition that must be satisfied for a proof to be valid, such as `assert(x != y)`.
Private input	A value known to the prover but not revealed to the verifier; Noir inputs are private by default.
Public input	A value visible to the verifier, marked with `pub` in the function signature.
Witness	Concrete assignment of private and public values used to execute the circuit and generate a proof.
ACIR	Abstract Circuit Intermediate Representation, Noir's backend-neutral circuit representation.
Nargo	Noir's CLI and package manager for creating, checking, formatting, compiling, executing, testing, and documenting projects.
Proving backend	Tooling that consumes ACIR and witnesses to generate proofs, verify proofs, inspect circuit size, and often export verifier contracts.
Barretenberg	The common proving backend used with Noir and the default path in much of the ecosystem.
Solidity verifier	A smart contract that can verify Noir proofs on-chain when generated by a compatible backend.

Typical flow:

Step	Artifact or action
1	Create a Noir package with `nargo new` or `nargo init`.
2	Define the circuit in `src/main.nr` and configure metadata/dependencies in `Nargo.toml`.
3	Run `nargo check` to type-check and generate input files such as `Prover.toml`.
4	Fill public/private input values and run `nargo execute` to compile if needed and generate a witness.
5	Send compiled ACIR artifacts and witness data to a backend such as Barretenberg for proof generation.
6	Verify locally, in JavaScript, in a backend service, or on-chain through a generated Solidity verifier.

Practical usage

Install Nargo with noirup:

curl -L https://raw.githubusercontent.com/noir-lang/noirup/refs/heads/main/install | bash
noirup

Create and run a minimal project:

nargo new hello_world
cd hello_world
nargo check
nargo execute

A minimal Noir program can keep x private while exposing y publicly:

fn main(x: Field, y: pub Field) {
    assert(x != y);
}

Common nargo commands:

Command	Use
`nargo new <path>`	Create a Noir project in a new directory.
`nargo init`	Create a Noir project in the current directory.
`nargo check`	Check a package and dependencies; useful before proving.
`nargo fmt`	Format Noir files in a package or workspace.
`nargo compile`	Compile the program and secret execution trace into ACIR format.
`nargo execute`	Execute a circuit, calculate its return value, and generate a witness.
`nargo test`	Run Noir tests.
`nargo fuzz`	Run fuzzing harnesses.
`nargo info`	Show circuit/function information, useful for size and optimization work.
`nargo lsp`	Start the Noir language server for editor integration.
`nargo doc`	Build package or workspace documentation.

Practical guidance:

Treat Noir code as security-sensitive constraint code: every condition that must be proven needs an explicit constraint.
Keep public inputs minimal and intentional; public values become verifier-visible.
Use nargo check, nargo test, and negative test cases before generating proofs.
Inspect circuit size early with backend tools or nargo info; small code changes can alter proof cost.
Pin Noir/Nargo and backend versions in CI because Noir is still in beta and docs may differ between dev and latest release versions.
Avoid disabling underconstrained or Brillig constraint checks for production code; the Nargo reference warns these checks protect correctness.
For on-chain use, include gas, verifier contract size, trusted setup or backend assumptions, and proof verification UX in the design.

Learning checklist

Explain what a zero-knowledge program proves and which inputs remain hidden.
Distinguish private inputs from pub inputs in Noir function signatures.
Create a project with nargo new, edit src/main.nr, and understand Nargo.toml.
Run nargo check, fill Prover.toml, and generate a witness with nargo execute.
Describe how Noir source code becomes ACIR and then a backend-specific proof.
Use nargo test for circuit behavior and add tests for invalid witnesses.
Understand why underconstrained circuits are dangerous.
Generate or consume verifier artifacts through a backend such as Barretenberg.
Know when to use NoirJS, a backend proving service, or an on-chain verifier.
Pin toolchain versions and review release notes before depending on beta behavior.

繁體中文

概覽

Noir 是開源的零知識程式設計 DSL，目標是讓開發者不用手寫密碼學電路，也能撰寫可產生與驗證證明的程式。它採用接近 Rust 的語法，但程式會被編譯成可由 SNARK proving system 使用的約束。

Noir 的核心設計是 proving backend agnostic。Noir 會先把原始碼編譯成 ACIR，也就是 Abstract Circuit Intermediate Representation；接著由 proving backend，例如常見的 Aztec Barretenberg，將 ACIR 與 witness 轉成 proof 與 verifier artifacts。這種分層讓應用邏輯不必直接綁死在單一 proving system 上，適合瀏覽器、手機 App、後端服務與智慧合約驗證流程。

當應用需要證明某個敘述為真、但不揭露部分輸入時，Noir 特別有價值。常見情境包括所有權檢查、憑證條件、遊戲狀態驗證、私密授權、以 nullifier 為基礎的會員資格、合規證明，以及把鏈下計算結果拿到鏈上驗證。

為什麼重要

降低 ZK 開發門檻： Noir 讓開發者用程式描述約束，而不是直接手刻 arithmetic circuit。
後端彈性： ACIR 讓 Noir 程式可對接相容的 proving system，不把語言綁定在單一後端。
全端整合路徑： Noir 可搭配 JavaScript tooling、Solidity verifier 與後端 proving workflow。
輸入預設私密： Function input 預設是 private，只有明確標記 pub 才會成為 public input。
可重用函式庫： Noir package 可依賴其他 Noir library，便於重用 primitives 與組合專案。
先測試再證明： nargo test、nargo check、nargo execute 讓 circuit 開發更接近一般軟體開發流程。

架構/概念

概念	說明
Noir program	通常位於 `src/main.nr` 的原始碼，用來定義要被證明的敘述。
Constraint	proof 必須滿足的條件，例如 `assert(x != y)`。
Private input	prover 知道但不揭露給 verifier 的值；Noir input 預設為 private。
Public input	verifier 可見的值，在 function signature 中以 `pub` 標記。
Witness	執行 circuit 並產生 proof 時使用的 public/private 具體數值配置。
ACIR	Abstract Circuit Intermediate Representation，Noir 的後端中立 circuit representation。
Nargo	Noir 的 CLI 與 package manager，可建立、檢查、格式化、編譯、執行、測試與產生文件。
Proving backend	消耗 ACIR 與 witness 來產生 proof、驗證 proof、檢查 circuit size，並常可匯出 verifier contract 的工具。
Barretenberg	Noir 生態常用的 proving backend，也是官方文件中最常見的路徑。
Solidity verifier	由相容 backend 產生、可在鏈上驗證 Noir proof 的智慧合約。

典型流程：

步驟	產物或行動
1	使用 `nargo new` 或 `nargo init` 建立 Noir package。
2	在 `src/main.nr` 定義 circuit，並在 `Nargo.toml` 設定 metadata 與 dependencies。
3	執行 `nargo check` 進行 type check，並產生 `Prover.toml` 等輸入檔。
4	填入 public/private input，執行 `nargo execute`，必要時會編譯並產生 witness。
5	將編譯後 ACIR artifacts 與 witness 交給 Barretenberg 等 backend 產生 proof。
6	在本機、JavaScript、後端服務，或透過產生的 Solidity verifier 在鏈上驗證。

實務使用

用 noirup 安裝 Nargo：

curl -L https://raw.githubusercontent.com/noir-lang/noirup/refs/heads/main/install | bash
noirup

建立並執行最小專案：

nargo new hello_world
cd hello_world
nargo check
nargo execute

最小 Noir 程式可以讓 x 保持 private，同時將 y 公開給 verifier：

fn main(x: Field, y: pub Field) {
    assert(x != y);
}

常用 nargo 指令：

指令	用途
`nargo new <path>`	在新目錄建立 Noir project。
`nargo init`	在目前目錄建立 Noir project。
`nargo check`	檢查 package 與 dependencies，適合在 proving 前使用。
`nargo fmt`	格式化 package 或 workspace 中的 Noir 檔案。
`nargo compile`	將 program 與 secret execution trace 編譯成 ACIR 格式。
`nargo execute`	執行 circuit、計算 return value，並產生 witness。
`nargo test`	執行 Noir tests。
`nargo fuzz`	執行 fuzzing harnesses。
`nargo info`	顯示 circuit/function 資訊，常用於 size 與最佳化分析。
`nargo lsp`	啟動 Noir language server，供編輯器整合。
`nargo doc`	建立 package 或 workspace 文件。

實務建議：

把 Noir code 視為安全敏感的 constraint code：所有必須被證明的條件都需要明確約束。
Public input 應盡量少且有意識地設計；public value 對 verifier 可見。
產生 proof 前先使用 nargo check、nargo test 與負向測試案例。
早期就用 backend 工具或 nargo info 檢查 circuit size；小幅程式變動也可能影響 proving cost。
在 CI 中鎖定 Noir/Nargo 與 backend 版本，因為 Noir 仍是 beta，dev docs 與 latest release docs 可能不同。
生產程式不要關閉 underconstrained 或 Brillig constraint checks；Nargo reference 明確警告這些檢查會影響 correctness。
若要上鏈驗證，設計時需納入 gas、verifier contract size、trusted setup 或 backend 假設，以及 proof verification UX。

學習檢核表

能說明 zero-knowledge program 證明什麼，以及哪些輸入會保持隱藏。
能區分 Noir function signature 中的 private input 與 pub input。
能用 nargo new 建立專案、編輯 src/main.nr，並理解 Nargo.toml。
能執行 nargo check、填寫 Prover.toml，並用 nargo execute 產生 witness。
能描述 Noir 原始碼如何變成 ACIR，再交由 backend 產生 proof。
能用 nargo test 測試 circuit 行為，並加入 invalid witness 的測試。
理解 underconstrained circuit 為什麼危險。
能透過 Barretenberg 等 backend 產生或使用 verifier artifacts。
知道何時該使用 NoirJS、後端 proving service，或鏈上 verifier。
在依賴 beta 行為前，能鎖定工具鏈版本並檢查 release notes。