Canton's Sub-Transaction Privacy: How It Actually Works

Every institutional blockchain faces the same contradiction: banks need shared infrastructure to settle trades efficiently, but they cannot share their books with competitors. Public blockchains like Ethereum broadcast every transaction to every node. Private chains silo data but kill interoperability. Canton Network resolved this with sub-transaction privacy — a model where each party in a transaction sees only the specific parts that involve them, and nothing else. It is not an add-on or a privacy layer. It is how the protocol works at every level, from smart contract execution to consensus.

Canton currently processes $350 billion+ in daily on-chain asset movement across 800+ connected institutions. That volume runs through a network where Goldman Sachs cannot see JPMorgan's positions, DTCC cannot see Euroclear's settlement queues, and no synchronizer operator can decrypt any transaction data.

The Core Mechanism: Need-to-Know Data Sharing

In a traditional blockchain, every validator receives a full copy of every transaction. Canton inverts this. There is no single global ledger that all participants replicate. Instead, Canton maintains a virtual shared ledger — a conceptual construct that emerges from each participant's local sub-ledger containing only the data relevant to them.

Consider a Delivery-vs-Payment (DvP) transaction where Bank A buys securities from Bank B, with cash settled through Custodian C. On a public blockchain, all three parties see the full transaction. On Canton, the transaction is decomposed into sub-transactions:

• Bank A sees the cash transfer it sends and the securities it receives.
• Bank B sees the securities it delivers and the cash it receives.
• Custodian C sees the cash movement it facilitates — but not the securities leg or its terms.

Each party receives an encrypted projection of only the parts where they are a stakeholder. The data physically never reaches nodes that should not have it. This is not a permissions layer applied on top of a shared ledger.

Daml: Privacy Enforced at the Language Level

Canton's privacy model is inseparable from Daml, the smart contract language developed by Digital Asset. Unlike Solidity, where privacy is an afterthought bolted on with ZK circuits or off-chain computation, Daml builds visibility rules directly into contract templates through three explicit roles:

• Signatories: Parties who must authorize contract creation and are bound by its terms. They always see the contract.
• Observers: Parties entitled to see the contract but who did not authorize it. They validate changes independently.
• Controllers: Parties authorized to exercise specific choices on a contract.

When a Daml contract is created or exercised, the Canton runtime automatically computes which parties should receive which sub-transactions based on these role definitions. If a command lacks required authorization, the ledger rejects it deterministically at transaction interpretation time. The privacy boundary is enforced by the execution engine itself.

A developer writing a Daml contract for tokenized Treasury repo cannot accidentally expose settlement terms to non-parties. Visibility follows from the contract's stakeholder definitions, and the runtime will not transmit data to any node whose users are not stakeholders. For institutions under fiduciary obligations, this compile-time privacy guarantee is materially different from the runtime-configurable access controls offered by Hyperledger Fabric or R3 Corda.

How Consensus Works Without a Shared Ledger

The Global Synchronizer — operated by 45+ Super Validators including Goldman Sachs, DTCC, Visa, and Nasdaq — provides ordering, conflict detection, and finality without decrypting transaction data. It uses a 2/3 majority Byzantine Fault Tolerant (BFT) consensus protocol where synchronizer nodes handle sealed, encrypted packages. Canton's documentation describes the synchronizer as operating like "a post office dealing with sealed envelopes which it cannot open."

Transaction confirmation follows a two-phase process. The submitting party sends encrypted confirmation requests to every signatory, each containing only that signatory's sub-transaction. Each signatory decrypts their portion, validates it against Daml contract logic, and returns a signed confirmation. Only when all required signatories confirm does the transaction commit. This "proof-of-stakeholder" consensus means only parties involved in a specific transaction validate it — not the entire network.

Why Not Zero-Knowledge Proofs?

The core problem with ZKPs for institutional finance is silent failure. When a ZKP system is exploited, the exploit is invisible. There is no mechanism to detect after the fact whether a breach occurred. In institutional finance, where every record must be auditable and every position reconstructable, this is a liability.

Canton achieves privacy through data minimization, not cryptographic obfuscation. Each party's compliance team retains full visibility into their own transactions. Regulators can be granted observer status on specific contracts for real-time supervision. The model creates asymmetric visibility: compliance sees everything, competitors see nothing, regulators get exactly what they need. Canton also supports GDPR compliance natively — data distributed only to stakeholders can be deleted when no longer needed.

Performance: Privacy as a Throughput Advantage

Canton's privacy model improves throughput rather than degrading it. Because only stakeholders validate their sub-transactions, computational load is distributed across relevant nodes rather than broadcast to the entire network. Canton has no theoretical upper bound on transactions per second — throughput scales horizontally as the network adds participants.

Canton maintains 700,000+ daily transactions with the protocol recording over 3.5 million Canton Coin-related events in a single day. The network grew from ~200 to 600 nodes between July and December 2025. For horizontal scaling, synchronizers, sequencers, and mediators can each run on separate compute servers. This modular architecture processes $8 trillion in monthly RWA volume with sub-second settlement finality.

What This Means for the $4 Trillion TVL on Canton

Canton's ~$4 trillion in tokenized RWA TVL exists because of sub-transaction privacy, not in spite of it. Broadridge's DLR platform processes over $280 billion in daily repo transactions on Canton — volume impossible on any architecture requiring full-network data replication. The first cross-border intraday repurchase agreement using tokenized U.K. government bonds was completed on Canton because the privacy model allowed each jurisdiction's regulatory requirements to be satisfied independently.