When you send tokens on most blockchains, everything is visible.
Who sent it.
Who received it.
How much was transferred.
That’s the default.
Midnight doesn’t force that choice on you.
Instead, it gives you two ways to move value on the same chain: unshielded and shielded tokens. The difference between them is simple on the surface, but it changes how you design your entire application.
Two ways to send the same token
Let’s start with the easy one.
Unshielded tokens work the way you’d expect. They’re transparent. When you send them, anyone can see the sender, the receiver, and the amount.
If you’ve used Ethereum or Cardano, this feels familiar. It’s the same model.
Now compare that to shielded tokens.
With shielded tokens, the transaction still exists on-chain, but the details are hidden. No one can see who sent it, who received it, or how much was transferred. Even the token type can be concealed.
The network still verifies that the transaction is valid. It just doesn’t see the data behind it.
That’s the key idea:
You prove something happened without revealing what happened.
Why this isn’t just a feature
This isn’t just “privacy mode.”
These two types of tokens use completely different mechanisms under the hood. And the reason comes from how Midnight handles transactions.
Midnight doesn’t use balances
Midnight uses something called a UTXO model.
If that sounds unfamiliar, think of it like cash.
You don’t have a single “balance” stored somewhere. Instead, you have pieces of value. Like bills in your wallet.
If you want to pay 7 from a 20 bill, you don’t split it. You spend the whole 20 and get change back.
Midnight works the same way.
You consume existing pieces of value (UTXOs) and create new ones:
one for the receiver
one for your change
This structure is what makes privacy possible.
How unshielded tokens behave
With unshielded tokens, everything is visible.
Each UTXO clearly shows:
its value
its owner
its token type
When you send tokens, the network sees the full picture. This is useful when transparency matters.
Think public treasury tracking.
Governance votes.
Anything where visibility is part of the trust model.
How shielded tokens stay private
Shielded tokens work differently.
Instead of storing values directly, they store a commitment. That’s just a cryptographic way of saying: “this value exists, but you can’t see it.”
When you create a shielded token:
the real data is hidden
a hash (commitment) is stored on-chain
Later, when you spend it, you don’t reveal which token you used. Instead, you provide a proof that:
the token exists
you own it
you’re allowed to spend it
At the same time, the system uses something called a nullifier to make sure you don’t spend the same token twice.
The network checks validity.
But it never sees the underlying data.
So when do you use each?
This is where design decisions come in.
If your application needs transparency, use unshielded tokens.
If it needs privacy, use shielded tokens.
Most real applications need both.
A payment system might:
keep transactions private (shielded)
expose summaries or reports (unshielded)
A marketplace might:
hide bids (shielded)
publish final results (unshielded)
Midnight is built for this mix.
You don’t choose between transparency and privacy at the chain level. You choose it at the application level.
What this changes for builders
If you’re building on Midnight, this isn’t just a technical detail.
It affects:
how you model data
how you design user flows
how you think about trust
You’re no longer stuck with “everything is public” or “everything is private.”
You decide what gets revealed.
And more importantly, what doesn’t.
Discussion
Join the conversation
Connect your wallet to share your thoughts and engage with the community
No comments yet
Connect your wallet to be the first to comment!