Skip to main content

Documentation Index

Fetch the complete documentation index at: https://cantonfoundation-issue-409-bottom-header-height.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Canton’s architecture enables use cases that are not feasible on public blockchains. This page explores key patterns and concrete examples.

Delivery vs. Payment (DvP)

The canonical example of Canton’s capabilities is atomic delivery vs. payment across different assets and parties.

The Scenario

Alice wants to buy a tokenized asset from Bob, paying with a tokenized cash instrument settled on a private payment synchronizer. The settlement should be:
  • Atomic: Either both legs complete, or neither does
  • Private: Observers shouldn’t see the counterparties or the price

On Traditional Blockchains

This is problematic:
  • If done in two transactions: risk of one completing without the other
  • If done atomically: all parties (and observers) see all legs of the trade
  • Anyone watching can see the price and terms

On Canton

The entire exchange happens in a single atomic transaction with sub-transaction privacy:
PartySeesDoesn’t See
AliceBoth legs (she is the buyer)N/A
BobBoth legs (he is the seller)N/A
Third partyNothingEverything about this trade
This example assumes the cash and asset legs both settle on synchronizers where the trade participants are the only stakeholders — for instance, a private payment synchronizer for the cash leg and a private securities synchronizer for the asset leg. Trades that involve assets settled on the Global Synchronizer behave differently: Canton Coin transfers, topology transactions, and network governance transactions are visible to the Super Validators that operate the Global Synchronizer, so they are not private in the same sense. Private synchronizers preserve the full sub-transaction privacy model.

Why This Matters

  • Regulatory compliance: Each party sees only their entitled information
  • Atomic settlement: No settlement risk — both legs or neither
  • Privacy: Trading relationships and prices protected
  • Audit trail: Entitled auditors can be added as observers

Tokenized Securities

Issue and trade securities with regulatory compliance built in.

Requirements

  • Issuer controls who can hold the security
  • Regulator has audit visibility
  • Trades are private between buyer and seller
  • Corporate actions affect all holders (but holdings remain private)

Canton Design

template Security
  with
    issuer : Party
    holder : Party
    regulator : Party
    cusip : Text
    quantity : Decimal
    approvedHolders : [Party]  -- Issuer maintains list of eligible holders
  where
    signatory issuer
    observer holder, regulator  -- Regulator sees all holdings

    choice Transfer : ContractId Security
      with
        newHolder : Party
      controller holder, issuer  -- Issuer approval required for compliance
      do
        assert (newHolder `elem` approvedHolders)
        create this with holder = newHolder
The regulator observes all holdings (for compliance) without that data being public. The issuer must approve all transfers, ensuring only eligible parties can hold the security. Trades remain private between counterparties while still being auditable.

Cross-Border Payments

Move value across jurisdictions while respecting data sovereignty requirements.

The Challenge

  • Sender’s bank is in Country A with data localization requirements
  • Receiver’s bank is in Country B with different requirements
  • Correspondent banking requires coordination
  • Neither country’s regulator should see the other’s customer data

Canton Solution

Each jurisdiction’s data stays with validators in that jurisdiction:
  • Sender’s details stay in Country A
  • Receiver’s details stay in Country B
  • Settlement is atomic across the synchronizer
  • Each regulator sees only their jurisdiction’s data

Syndicated Loan Management

Multiple banks participate in a loan without seeing each other’s positions or terms.

The Scenario

In syndicated loans:
  • Multiple banks hold portions of the same loan
  • Each bank’s position is confidential
  • The agent bank coordinates payments
  • Borrower interacts with the group as a whole
On public systems, all participants would see all positions, defeating confidentiality.

Canton Solution

Each bank sees:
  • Their own position and terms
  • Payments flowing to/from them
  • Agent coordination for their portion
Each bank doesn’t see:
  • Other banks’ positions
  • Other banks’ terms
  • Total syndicate size (unless explicitly shared)

Supply Chain Finance

Track goods and payments across multiple parties without exposing commercial relationships.

The Scenario

A manufacturer ships to a distributor, who ships to a retailer. Financing is provided at each step.

Privacy Requirements

  • Manufacturer shouldn’t see retailer’s purchase price
  • Retailer shouldn’t see manufacturing cost
  • Each financier sees only their debtor’s portion
  • Logistics providers see shipping info, not financial terms

Canton Approach

Canton’s privacy works at the contract level—observers see entire contracts, not individual fields. To give different parties access to different information, you design separate contracts for each audience: 
-- Shipping details: visible to logistics provider
template ShipmentTracking
  with
    shipper : Party
    receiver : Party
    logisticsProvider : Party
    goods : GoodsDescription
    trackingId : Text
  where
    signatory shipper, receiver
    observer logisticsProvider
    -- Logistics provider sees goods and routing, not financial terms

-- Financing terms: visible to financier
template ShipmentFinancing
  with
    shipper : Party
    receiver : Party
    financier : Party
    terms : FinancingTerms
    shipmentRef : Text  -- Reference to link related contracts
  where
    signatory shipper, receiver
    observer financier
    -- Financier sees payment terms, not goods details or other legs' pricing
A single atomic transaction can create both contracts. The logistics provider and financier each see only their relevant contract, while the shipper and receiver (as signatories on both) see everything. Downstream participants in the supply chain never see upstream pricing, because those contracts have different stakeholders. This pattern—separating data by audience into distinct contracts—is how Canton achieves fine-grained privacy while maintaining atomicity.

When Canton Fits

Canton is ideal when you need:
RequirementCanton Provides
Multi-party coordinationNative multi-party contracts with explicit authorization
Confidential executionSub-transaction privacy by design
Regulatory complianceSelective disclosure to authorized parties
Atomic settlementAll-or-nothing execution across parties
Audit trailsObserver roles for entitled auditors

When Canton May Not Fit

Consider alternatives if you need:
RequirementConsideration
Fully public applicationsTransparency is a feature, not a limitation (e.g., public governance, open auctions)
EVM compatibilityCanton does not natively interoperate with Ethereum smart contracts
Anonymous participationCanton parties have identity; truly anonymous systems need different approaches
Simple single-party appsBlockchain overhead may not be justified

Next Steps

Core Concepts

Understand parties, validators, and synchronizers.

Start Building

Begin your development journey.