Midnight vs Aztec vs Aleo vs Mina vs Zcash vs Starknet: A Developer Comparison

Onlyonealexia — Sun, 10 May 2026 00:38:31 +0000

In May 2023, Tampa General Hospital had 2.1 million patient records leaked in a data breach. The settlement cost $6.8 million. In July 2025, AMEOS Group, one of Europe's largest healthcare providers, disclosed an attack that hit patients and employees across multiple countries. These aren't edge cases. They happen because sensitive data gets stored in centralized systems with a single point of failure, and when that point fails, everything is posed at once.

Blockchain was supposed to fix the centralization problem. And it does, partly. But it introduced a different one: by default, everything on a public chain is visible to everyone. Your transaction history, your balances, your counterparties. That's not an improvement for healthcare records, private business dealings, or anything that shouldn't be a matter of public record. Attackers can cross-reference blockchain data with external datasets to infer identities or reconstruct activity histories. The transparency that makes blockchains trustworthy is the same thing that makes them unsuitable for most real-world sensitive data without a privacy layer on top.

This is why I care about privacy chains. Not as a philosophical stance, but as a practical one. Without privacy, financial institutions cannot safely use public ledgers for core workflows. Without accountability, regulators cannot sign off. The chains in this comparison are all trying to solve some version of that tension. They're doing it in very different ways, with very different developer experiences.

Six chains. What each one gives you as someone writing code, and where each one makes that harder. I'm going to be straight about all of them.

Before getting into each chain, here's the honest one-liner for each:

Midnight is a TypeScript-like language with selective disclosure as the core design choice, on a hybrid state model, mainnet since March 2026.
Aztec is a Rust-like Noir language, private smart contracts on Ethereum as an L2, Alpha launched March 2026 with a critical vulnerability being patched in July.
Aleo is a Rust/JS-inspired language called Leo, record-based state model, L1 since September 2024.
Mina lets you write zkApps in TypeScript using the o1js library, the entire blockchain is 22KB because of recursive SNARKs, approachable but tight on state.
Starknet uses Cairo, a Rust-like language, ZK-native at the execution layer but transparent by default with privacy available at the app layer.
Zcash has no smart contract language, private payments only, still the most cryptographically battle-tested in this list.

Midnight

Midnight is the chain most directly aimed at the real-world problems above. Its core concept is selective disclosure: you decide what your application reveals, to whom, and when. That's different from "everything is private by default." It's also different from "everything is public." It's programmable privacy.

Language: Compact

Compact is a domain-specific language that looks like TypeScript. If you've used TypeScript you'll read it without much trouble. A basic example:

pragma language_version 0.22;
import CompactStandardLibrary;

export ledger count: Counter;

export circuit increment(): [] {
  count.increment(1);
}

The compiler turns your Compact code into ZK circuits. You don't write circuits by hand. The mental model is: write logic, the compiler handles the cryptography.

What makes Compact interesting from a privacy standpoint is how it handles information flow at the type level. Values from witness functions are your off-chain private state. The compiler treats them as private by default. If you try to use one in a context that would expose it without explicitly wrapping it in disclose(), the compiler rejects your code. Not the runtime. The compiler.

witness secretValue(): Uint<64>;

export circuit useSecret(): [] {
  const val = disclose(secretValue()); // must acknowledge this explicitly
  // val is now available in circuit logic
}

That forces you to be deliberate about what leaves the private sphere. Coming from Cairo or Solidity it takes adjustment. But it's a better model than discovering at runtime that you leaked something.

The language is bounded and statically typed. No dynamic dispatch, no unbounded loops. That sounds restrictive. It's what makes automatic circuit generation possible, because the prover has to know circuit size at compile time.

State

This is the part that confused me when I first dug in, so it's worth slowing down on.
Midnight runs a dual ledger. Two separate state systems that interact inside the same transaction.
The first is the public ledger. UTXO-based, transparent. NIGHT tokens (the native asset) and DUST (the gas token) live here, along with anything else you want anyone to be able to verify directly. The second is the private ledger. Shielded state, encrypted at rest, accessible only through ZK proofs. Your contract decides which fields go where.

The protocol that makes the two layers actually work together is Zswap. Zswap is Midnight's atomic swap mechanism for shielded assets. It's built on the commitment-and-nullifier model from Zcash but extended past simple value transfer to support arbitrary state transitions.

Tokens come in four combinations:

	Ledger-native	Contract-managed
Shielded	Native private UTXO	Private ERC-20 equivalent
Unshielded	NIGHT token	Transparent ERC-20 equivalent

A contract-managed shielded token hides balances, sender, and receiver. That combination is what makes things like confidential payroll or private voting tractable, two cases where on-chain transparency causes real problems.

Privacy

Think about a healthcare application where patients need to prove they have a condition without revealing their full medical history, or a DeFi protocol where a user needs to prove they pass KYC without exposing which documents they submitted. Midnight's selective disclosure model handles both. You can prove "this wallet is above threshold" without revealing the balance. Prove "this user passed KYC" without revealing transaction history. One contract can have public ledger state anyone can read and private witness-based state only the involved parties know about.

The most viable privacy solutions focus on shipping pragmatic privacy that helps individuals and businesses move on-chain while maintaining regulatory accountability. That's exactly what selective disclosure is designed for.

Real issue right now: shielded operations are failing on Preprod with HTTP 400 from the proof server as of April 2026. Multiple teams hit this. The fix is to develop against the local undeployed network. It works locally. Preprod is the broken part.

Aztec

Aztec is where I'd point an Ethereum developer who wants private smart contracts.

Language: Noir

Noir looks like Rust but it's backend-agnostic: write the logic, and the proving system is swappable. Over 600 projects use Noir, many of them not on Aztec specifically. The knowledge transfers across chains.

In Aztec, functions are annotated as private or public:

#[private]
fn transfer(amount: Field, recipient: AztecAddress) {
    // runs on user's device, proof goes on-chain
    Token::at(storage.address).transfer(context, recipient, amount);
}

#[public]
fn update_supply(amount: Field) {
    // runs on Aztec's AVM, visible to the network
    storage.total_supply.write(storage.total_supply.read() + amount);
}

Private functions run through the Private Execution Environment on the user's machine. Only the proof gets submitted. Public functions run on the Aztec Virtual Machine like a normal smart contract.

State

Private state is encrypted notes in a UTXO-like tree. A note is a commitment on-chain, content off-chain and encrypted. To spend it, you reveal a nullifier, which marks it used without revealing which note it was.

Public state is account-based like Ethereum. One contract can have both. That combination makes things like confidential voting practical: individual votes are private notes, the running tally is a public value anyone can check.

Block times are currently measured in minutes. The team is targeting 3-4 seconds by end of 2026 through parallel proving. More urgently, on March 17, 2026, they found a critical vulnerability in the proving system that could allow fund theft. They disclosed it publicly, which I respect. The patch is coming in July. The Alpha Network is explicitly experimental. I wouldn't put real money on it right now.

Aleo

Aleo has been on mainnet since September 2024. Longest of the smart contract chains here. Tooling is more mature because of it.

Language: Leo

Leo looks like Rust and JavaScript had a child. Readable if you've touched either.

program token.aleo {
    record Token {
        owner: address,
        amount: u64,
    }

    transition mint(amount: u64) -> Token {
        return Token {
            owner: self.caller,
            amount: amount,
        };
    }

    transition transfer(token: Token, receiver: address, amount: u64) -> (Token, Token) {
        let remainder: u64 = token.amount - amount;
        let sent: Token = Token { owner: receiver, amount: amount };
        let change: Token = Token { owner: token.owner, amount: remainder };
        return (sent, change);
    }
}

The record type is the core abstraction. A record is owned by an address and encrypted with that address's view key. The view key holder can read it. Everyone else sees a commitment.

State

Aleo's record model extends Zcash's UTXO model to carry arbitrary data, not just token values. This comes from the ZEXE research paper (2018). When you consume a record you consume it entirely and create new ones. That's why transfer returns two tokens: one for the receiver, one as change back to the sender.

The parallel execution benefit is real. Records are owned objects, not shared state. Independent transactions touching different records don't conflict.

One thing to know upfront: Aleo dropped function privacy. The original ZEXE paper aimed to hide which function was being called. Aleo decided the performance cost was too high. So anyone can see you called transfer even if they can't see the inputs or outputs.

Global shared state is awkward in this model. If multiple users need to update the same piece of state, you're pushing against the grain. Solvable, but it takes more design work than an account-based chain.

Mina

Mina is technically unusual. The entire blockchain is about 22KB. Every state transition folds into a recursive SNARK so nodes verify the current proof rather than replaying history.

Language: o1js

o1js is not a separate language. It's a TypeScript library. You write zkApps in regular TypeScript files using constrained types from o1js.

import { SmartContract, state, State, method, Field } from 'o1js';

class Counter extends SmartContract {
  @state(Field) count = State<Field>();

  @method async increment() {
    const current = this.count.getAndRequireEquals();
    this.count.set(current.add(1));
  }
}

If you already know TypeScript, the learning curve is mostly about constrained types and the off-chain execution model. That's the lowest barrier to entry of any chain here for web developers.

State

zkApps execute off-chain. The user runs the computation on their machine, generates a proof, and submits the proof. The network verifies the proof without re-running the computation. Computation is cheap. State storage is the constraint.

Each contract gets 8 fields of 256 bits each. Hard limit for on-chain state. If you need more, you store off-chain and keep a hash on-chain. Mina's Protokit framework gives you application chains if that's too limiting.

The 8-field ceiling trips people up. Proof generation in the browser takes a few minutes for non-trivial circuits. The Mesa upgrade in February 2026 halved slot time to 90 seconds and temporarily capped zkApp transactions at 12 per block after high-load testing revealed memory issues. Real constraints right now.

Starknet

Starknet belongs in this comparison with an important caveat upfront, it is not a privacy chain by default. It uses STARKs for validity proofs, meaning it proves computations were done correctly. It does not hide those computations from the network. Privacy on Starknet lives at the application layer, not the protocol layer.

That distinction matters for how you think about building on it.

Language: Cairo

Cairo is a Rust-inspired, Turing-complete language that compiles to STARK-provable execution traces. It's the most mature ZK-native smart contract language in production. If you've used Rust the syntax is familiar.

#[starknet::contract]
mod Token {
    use starknet::ContractAddress;

    #[storage]
    struct Storage {
        balances: LegacyMap<ContractAddress, u256>,
        total_supply: u256,
    }

    #[external(v0)]
    fn transfer(
        ref self: ContractState,
        recipient: ContractAddress,
        amount: u256
    ) {
        let caller = starknet::get_caller_address();
        let caller_balance = self.balances.read(caller);
        assert(caller_balance >= amount, 'insufficient balance');
        self.balances.write(caller, caller_balance - amount);
        self.balances.write(recipient, self.balances.read(recipient) + amount);
    }
}

That's a standard transparent token. Balance and transfer are visible to anyone. Nothing private by default.

State

Starknet uses account-based state similar to Ethereum. Every account is a smart contract natively (account abstraction is built in). Transactions get proven with STARKs before settlement to Ethereum.

The S-two prover replaced the older Stone prover in late 2025. Built on Circle STARKs and the M31 field, it outperforms competing ZK VMs by up to 28x and supports client-side proving on everyday devices. That performance is what makes app-layer privacy practical on Starknet.

Privacy: opt-in at the app layer

Starknet treats ZK proofs as a core design principle. Whether you are a Noir or Cairo developer, you can verify proofs efficiently on Starknet. The chain is transparent by default, but because proof verification is cheap, you can build privacy protocols on top that would be prohibitively expensive elsewhere.

The main active options in 2026: Tongo provides an SDK for confidential ERC-20 transfers with encrypted balances and amounts. STRK20 is a privacy framework that allows projects to issue tokens with encrypted transaction details and balances, with selective transparency for validators and optional auditability for compliance. Garaga SDK lets you verify Noir and Groth16 proofs on Starknet without writing Cairo.

Starknet ranked first in developer activity among Ethereum L2s in April 2026. StarkWare cut staff the same month to focus on efficiency, which is worth watching.

The honest framing: Starknet is the right pick if you want a high-performance ZK-native execution environment and you're willing to handle privacy at the app layer. It's not the right pick if you want privacy in the base layer from day one.

Zcash

Zcash doesn't have a smart contract language. It belongs here because the note commitment and nullifier model that Aztec and Aleo both build on came from here, and because for pure private payments it's still the strongest option.

What you actually get

Zcash lets you send value where sender, receiver, and amount are all hidden. Groth16 underlies Sapling, Halo2 underlies the newer Orchard protocol. Nullifiers mark notes as spent without revealing which note.

Shielded transaction adoption hit 59.3% in February 2026, driven mainly by Zodl wallet defaulting to the shielded pool. Zcash Shielded Assets (ZSA) is planned for the NU7 upgrade and would extend privacy to user-defined tokens.

There is no developer language. You can't add custom logic. The moment you need anything beyond "move this amount privately," you need one of the other chains. Zcash restructured into five independent organizations in Q1 2026, which changes how development decisions get made going forward.

The comparison

	Midnight	Aztec	Aleo	Mina	Starknet	Zcash
Language	Compact (TS-like)	Noir (Rust-like)	Leo (Rust/JS)	o1js (TypeScript)	Cairo (Rust-like)	None
State model	Dual ledger (UTXO + account)	Notes + public account	Record model	Off-chain + 8 fields	Account-based	Notes only
Privacy	Selective disclosure	Strong private default	Input/output/user	Optional via off-chain	App layer only	Shielded pool
Smart contracts	Yes	Yes	Yes	Yes	Yes	No
Mainnet	March 2026	Alpha, critical vuln	September 2024	Live, Mesa Feb 2026	Live	Live
Base	Cardano partner chain	Ethereum L2	L1	L1	Ethereum L2	L1

Which one to pick

The choice really depends on the privacy problem you're solving, not just the chain's features.

If you're building something that handles sensitive personal or financial data and needs to prove facts to third parties without revealing everything, Midnight's selective disclosure model is the most direct fit. Healthcare credential verification, regulated DeFi, KYC without data exposure — these map cleanly onto what Midnight is designed to do.

If you're an Ethereum developer who wants private smart contracts and can work with Alpha software, Aztec is where to go. Noir's cross-chain ecosystem is the strongest here. Don't ship real money until the July patch lands.

If you want a production-ready L1 with a record model and don't need function privacy, Aleo has the longest mainnet track record of the smart contract chains here.

If you're a TypeScript developer who wants the gentlest on-ramp into ZK, Mina's o1js is where to start. Plan carefully around the 8-field state limit.

If you want the most mature ZK execution environment and are comfortable wiring up privacy at the application layer yourself, Starknet has the strongest tooling and highest developer activity. Just go in knowing that the base layer is transparent.

If the application is strictly private payments with no custom logic, Zcash is the most battle-tested answer.

Privacy focuses on controlling access to personal information and actions, allowing selective sharing while maintaining transparency where needed. The right chain is the one that implements that balance the way your specific application needs it. That's a design question, not a ranking.

#MidnightforDevs

DEV Community: Onlyonealexia

Midnight vs Aztec vs Aleo vs Mina vs Zcash vs Starknet: A Developer Comparison

Midnight

Language: Compact

State

Privacy

Aztec

Language: Noir

State

Aleo

Language: Leo

State

Mina

Language: o1js

State

Starknet

Language: Cairo

State

Privacy: opt-in at the app layer

Zcash

What you actually get

The comparison

Which one to pick