[Article] Canton: The Most Institutional Blockchain, The Most Controversial Blockchain

Brand Home FP Research FP Validated FP Institution

[Article] Canton: The Most Institutional Blockchain, The Most Controversial Blockchain | FP RESEARCH

Key Takeaways

Canton has demonstrated material institutional traction, with major institutions such as DTCC, JPMorgan, Goldman Sachs, Franklin Templeton, and SBI joining the ecosystem and Broadridge's DLR processing large-scale repo transactions. These results, however, are difficult to make sense of through the conventional crypto lens. A structure in which not all transactions are public and only approved validators participate in consensus is fueling debate over whether Canton is a real blockchain and whether it is doing real tokenization.
Canton is not a more private version of Ethereum or Solana. It is a separate design that sits between the transparency of public chains and the silos of private chains. Rather than publishing all transactions and having all validators verify a shared global state, Canton allows only relevant parties to see their portion of a contract while the Global Synchronizer coordinates ordering, confirmation, and commit. Canton's differentiator is selective disclosure and synchronization across institutional workflows, not open verification.
The institutional crypto market is not converging on a single path. The demand to capture onchain liquidity as a buy-side channel for asset managers' financial products and the demand to streamline institutional workflows such as repo, collateral management, and settlement are different in nature. The two cannot be satisfied by the same infrastructure.
Canton's product-market fit lies in the latter: high-value, repetitive workflows with restricted participants where privacy and settlement certainty are priorities. Its core metrics are closer to throughput, settlement speed, failure rate reduction, and operational cost savings than to onchain AUM. At the same time, the large pool of onchain capital accumulated on public chains forms a liquidity moat that Canton cannot easily overcome in the short term.

1. Introduction: Why Canton's Success Makes Crypto Uncomfortable

Since the institutional market began opening in earnest, the crypto market has been undergoing an identity crisis. The fact that institutions ultimately chose a path of selective disclosure and controlled consensus, rather than permissionless open verification, threatens some of crypto's oldest convictions. Canton stands at the center of this shift as one of the most controversial institutional blockchains. The question of whether Canton is even a real blockchain has resurfaced, and it overlaps with this uneasy transformation.

Canton has delivered meaningful results. Broadridge, Canton's flagship use case, has processed roughly $8 trillion in monthly repo volume. DTCC, JPMorgan, Goldman Sachs, Franklin Templeton, and SBI have joined the Canton ecosystem. Canton Coin (CC) maintains a market cap of approximately $6 billion as of May 2026.

The problem is that these results are difficult to make sense of through the conventional crypto lens. Canton does not operate like Ethereum or Solana, where all transactions are public and all validators verify the same global state. Canton's contracts are disclosed only to relevant parties, and the Global Synchronizer coordinates only message ordering and inter-institutional synchronization states, not transaction content. Canton verifies transactions and synchronizes ledger state in a fundamentally different way from existing public blockchains.

The resulting debate boils down to two questions:

First, must a public blockchain allow anyone to verify and participate, or can it accommodate the access controls required by institutional finance?

Second, does tokenization mean assets move independently and freely on open markets, or is it sufficient to synchronize existing financial rights and ledgers more quickly and securely?

Put more directly: how far can we accept a blockchain where permissionless participation and open verification are limited, and tokenization where assets cannot be freely transferred? This question extends beyond an assessment of Canton alone. It touches on which blockchain properties survive and which are sacrificed when institutional finance moves onchain, and how that reshapes the market.

So is Canton merely a transitional solution, with institutional finance eventually adopting public chain conventions? Or will blockchain converge toward selective disclosure tailored to institutional needs, as Canton proposes? Canton's answer leans toward the latter. By examining the two debates surrounding Canton, this article surveys the expanding paths of institutional onchain adoption and Canton's position within them.

2. Canton Snapshot: A Wall Street Blockchain Ten Years in the Making

Understanding the debates around Canton requires first grasping how it differs from a typical blockchain. Canton is a blockchain designed to connect financial institutions' ledgers, contracts, collateral, and settlement through an onchain framework. Unlike Ethereum or Solana, it does not publish all transactions for all validators to verify against a shared global state. This difference is the source of both Canton's alignment with institutional finance and the criticism directed at it.

2.1 Origins and Vision

Through a crypto-native lens, Canton looks like a sudden arrival. In reality, Digital Asset, the company behind Canton, has spent nearly a decade building and accumulating institutional deployment experience.

Since Digital Asset's founding in 2014, the company has focused on developing Daml, a smart contract language for encoding financial contracts, and the Canton protocol for institutional distributed ledger infrastructure. During this period, Daml was piloted in Goldman Sachs bond issuance and settlement and the Australian Securities Exchange (ASX) clearing system.

In May 2023, more than 30 financial institutions and technology firms, including Goldman Sachs, Deutsche Börse, Microsoft, Moody's, and Paxos, participated in the official launch of Canton Network. The Global Synchronizer mainnet went live in June 2024, followed by the Canton Coin launch in July 2024.

Canton then emerged as a leading candidate for institutional infrastructure. From a certain point onward, institutional adoption accelerated rapidly across tokenization pilots, foundation governance participation, fund platform expansion, treasury tokenization, and deposit token issuance:

Euroclear Tokenization Pilot (Oct 2024): Euroclear and Digital Asset completed a tokenization pilot covering UK gilts, Eurobonds, and gold.
Global Synchronizer Foundation Expansion (Mar 2025): Goldman Sachs, HKFMI, and Moody's Ratings joined the Global Synchronizer Foundation.
Franklin Templeton BENJI Expansion (Nov 2025): Franklin Templeton expanded its tokenized treasury fund BENJI to Canton.
DTCC U.S. Treasury Tokenization Partnership (Dec 2025): DTCC announced a partnership to tokenize DTC-custodied U.S. Treasuries on Canton.
JPMD Native Issuance (Jan 2026): JPMorgan announced native issuance of its deposit token JPMD on Canton.

Institutional adoption was driven by Canton's clear problem definition. Financial institutions cannot disclose positions, counterparty information, or liquidity flows. Regulators demand clear accountability structures and enforceable controls. Full public chain transparency does not fit all institutional financial operations. Yet private chains are not the answer either. If each institution builds its own permissioned chain, it regains control but recreates silos. Connectivity breaks down, composability weakens, and atomic settlement with shared liquidity becomes impractical.

Canton aimed to split the difference. It brings in public chain connectivity and composability while retaining the privacy, permissioning structures, and compliance that institutional finance requires. In Canton's framing, a "privacy network" is not one where everyone sees everything. It is one where only those who need to see something can see it, while still arriving at the same transaction outcome.

2.2 Canton Network Architecture

Canton's design reflects this vision directly. Canton is closer to a network that connects each institution's private contract store through a shared synchronization layer than to a single monolithic chain. Instead of all nodes sharing the same data, each participant stores and verifies only contracts relevant to it. The Global Synchronizer coordinates message ordering, confirmations, and commits across different participant nodes and applications.

Four components are involved in this process:

Daml: A smart contract language that defines asset rights, obligations, approvals, transfer conditions, and visibility at the contract level
Participant Nodes: Execution and verification nodes operated by financial institutions or applications
Global Synchronizer: A shared synchronization layer that coordinates message ordering, confirmation responses, and commit decisions across different participant nodes and applications
Super Validators: Institutional nodes that operate the Global Synchronizer infrastructure

2.2.1 Daml: A Smart Contract Language for Encoding Rights and Obligations

Daml is a smart contract language designed for encoding financial contracts. Where Solidity assumes a public chain's open state and general-purpose execution environment, Daml is built to explicitly express party relationships, authority structures, approval conditions, and data visibility in financial contracts.

A Daml contract consists roughly of the following elements:

Template: Defines the base format of an asset or contract. Bonds, fund shares, deposit tokens, and collateral agreements can each be a template.
Signatory: The party responsible for creating and modifying the contract. Issuers, custodians, borrowers, and lenders fall here.
Observer: A party that can view contract content but has no execution authority. Regulators, transfer agents, and auditors can be designated as observers.
Controller: A party authorized to execute specific actions. For example, a holder can execute a transfer, while an issuer can execute a freeze or redemption.
Choice: An action that changes contract state. Transfers, redemptions, collateral pledges, liquidations, approvals, and rejections are expressed as choices.

The key point is that Daml does not model assets the way Ethereum does, recording all holders' balances in a single token contract's address-to-balance mapping. Instead, it creates an independent contract for each asset unit. Each contract contains not only the holding amount but also who the issuer is, who the current holder is, who can view the contract, and who can execute actions such as transfers, redemptions, or freezes.

State management also differs from Ethereum's account model. Ethereum accumulates and updates balances at a single address. Canton follows a UTXO model. When an asset is transferred, the existing contract is consumed, and a new contract reflecting the new holder and conditions is created.

Canton's token standard, CIP-56, also operates on this structure. It standardizes basic functions such as transfers, approvals, and balance queries, making its role similar to ERC-20. However, only parties designated as signatories and observers on the contract can view balances and transfer histories. Other participants cannot see them.

This structure is a more natural fit for institutional finance. Offchain financial contracts also involve issuers, custodians, intermediaries, investors, and regulators, each accessing information within their required scope. Daml embeds this at the contract level. In a tokenized fund, for example, investor eligibility, transfer agent record-keeping authority, and issuer legal liability are all specified in the contract logic.

2.2.2 Participant Nodes: Per-Institution Private Contract Stores

Participant nodes are nodes operated by financial institutions or applications. Suppose Bank A and Bank B are exchanging tokenized treasuries for deposit tokens. The participant node actions proceed as follows:

Bank A's Participant Node: Checks whether Bank A has the authority to transfer the treasury under the Daml contract.
Bank B's Participant Node: Verifies whether it has the authority to pay the deposit token and whether the incoming asset conditions match.
Issuer/Transfer Agent Participant Node: Confirms that the treasury transfer satisfies issuance conditions, investor eligibility, and transfer restrictions.
Each Participant Node: Verifies the transaction view it received, then sends a confirmation response to the Global Synchronizer.
Global Synchronizer Approval: Each participant node commits only the contract state it can see to its local ledger.

In this process, participant nodes do not verify all transactions on behalf of the entire network. Each institution executes and verifies contract fragments within its authority locally, then reflects results in its own ledger according to the common ordering and final verdict assigned by the Global Synchronizer. In effect, participant nodes serve as each institution's private execution engine and local verifier within Canton.

2.2.3 Global Synchronizer: The Shared Synchronization Layer

Even with each participant node verifying its own contract fragment locally, this alone does not complete an inter-institutional transaction. If Bank A and Bank B each look only at their own ledger, it is difficult to confirm whether transactions were processed in the same order, whether double-spending occurred, or whether collateral and cash legs settled together. The Global Synchronizer is Canton's synchronization layer for solving this problem.

The transaction flow proceeds roughly as follows:

Transaction Command Submission: An application sends a transaction command to a participant node.
Daml Interpretation: The submitter's participant node calculates, based on the Daml contract, which contracts are consumed, which are newly created, and which parties' approval and observation rights are needed.
Transaction View Splitting: The full transaction is split into per-party transaction views. Each participant node receives only the contract fragment it needs to know. The full transaction is not disclosed to the entire network.
Encrypted Message Delivery: Each transaction view is contained in an encrypted message for its recipient. Participants unrelated to the transaction cannot see this content.
Message Ordering: The sequencer does not read message content. It determines the order in which related messages will be delivered. The key point is ensuring all relevant participants process transactions against the same ordering.
Confirmation Collection: Each participant node verifies its received transaction view and sends an approve or reject response. The mediator aggregates these responses and decides whether to approve, reject, or time-out the transaction.
Local Commit: Once a final approval verdict is issued, each participant node reflects only the contract state it can see in its local ledger. Not all details go into a single public ledger. Each participant updates state within its own authority scope.

What the Global Synchronizer does in this process is not verify all transactions. Even without knowing all transaction content, it coordinates so that relevant parties reach the same ordering and final outcome. To do this, the Global Synchronizer uses 2/3 BFT consensus for message ordering and transaction confirmation.

The Global Synchronizer is therefore different from Ethereum's global state machine. Ethereum has all validators verify transaction validity and state transition consistency against the same state. Canton has each participant verify only its own transaction fragment, with the Global Synchronizer providing common ordering and final verdicts to synchronize transaction outcomes.

2.2.4 Super Validators, Canton Coin (CC)

Source: Canton

Super Validators are institutional nodes that serve as the operating entities of the Global Synchronizer. They participate in ordering, transaction confirmation, and governance changes through BFT consensus, reducing single-operator risk.

However, super validators should not be understood the same way as Ethereum validators. Ethereum validators verify all transactions and state transitions. Canton's super validators do not see private transaction content. The business logic of private application transactions is verified by the stakeholder nodes participating in those transactions. Super validators are closer to infrastructure operators ensuring the Global Synchronizer stably coordinates message ordering and final verdicts.

They perform three specific roles:

Synchronization Infrastructure Operation: Maintaining the infrastructure needed for the Global Synchronizer's sequencing, mediation, and network operations.
BFT Consensus Participation: Participating in BFT consensus so that message ordering and confirmation procedures are not controlled by a single operator.
Governance Participation: Participating in major governance decisions including Global Synchronizer parameter changes, network operating policies, and upgrades.

Canton Coin (CC) is a native token that operates economically on the Global Synchronizer. Canton describes the CC token logic as a burn-and-mint equilibrium.

When a user processes a transaction through the Global Synchronizer, fees are denominated in dollars and settled in CC. The CC paid is not distributed directly to super validators or application providers. It is burned. Conversely, new CC is minted and distributed to super validators who operated Global Synchronizer infrastructure, application providers who generated transaction flow, and validators who onboarded users and generated traffic. In short, usage creates CC burns, and network operation and application contribution create CC minting rights.

In the early phase, minting rewards precede usage to incentivize infrastructure and application expansion. Over time, the goal is for growing Global Synchronizer usage to increase burn demand, bringing minting rewards into equilibrium with actual network usage.

2.2.5 Architecture Summary

Canton's basic structure is as follows. Daml represents asset rights and authorities as contract objects. Participant nodes verify only the transaction fragments relevant to them. The Global Synchronizer, operated by super validators, coordinates message ordering without disclosing all transaction content. CC provides the economic layer for operating and rewarding this infrastructure.

Canton clearly has the basic elements of a blockchain. Smart contracts, a node network, consensus, a native token, and a fee structure all exist. Yet it differs significantly from conventional public chain conventions. Not all transactions are public. Only approved validators participate in consensus. Not all validators verify the same global state. Assets are closer to Daml contract units containing issuer authority, observer designations, transfer conditions, and regulatory requirements than to bearer assets freely transferable between addresses. This is where the debate around Canton begins.

3. Two Debates Surrounding Canton

The debate around Canton, centered on where its strengths and criticisms converge, distills into two questions: First, is Canton a public blockchain? Second, is Canton doing real tokenization?

The blockchain question concerns verification structure, permissionless participation, global state, and the validator set. The tokenization debate stems from questions about legal rights, marketability, and transferability of assets.

3.1 Debate 1: Is Canton a Public Chain?

Canton defines itself as a public blockchain. But if not everyone can participate as a validator, not all transactions are public, and not all nodes verify the same global state, can it be called a public blockchain?

Canton's answer leans toward "yes." With the caveat that it is not a public blockchain in the Ethereum or Solana sense. The claim is not that Canton is Ethereum made more private, but that it is a separate design sitting between public chain transparency and private chain silos. The points of contention are worth examining one by one.

3.1.1 Permissionless Validators vs. Institutional Distributed Operation

The most direct challenge Canton faces concerns its super validator structure. On Ethereum or Solana, anyone who meets the requirements can join the validator set. The default premise for public chain validator sets is permissionless participation: anyone can become a validator without approval from a specific institution. Transaction verification and state transitions must be maintained by an open participant set, independent of any particular operator's approval, to secure censorship resistance and neutrality.

Canton's Global Synchronizer, by contrast, is operated by approved super validators. A single entity controls who can become a validator. This is precisely the point where Canton draws fire. Canton does not claim to operate a permissionless validator set in the Ethereum sense. Nor does it dodge the criticism that Global Synchronizer participation is not fully permissionless.

Canton's response starts by shifting the comparison target. The comparison is not Ethereum, but single-vendor private SaaS or a central system controlled by a specific central securities depository. By this standard, the Global Synchronizer is not a single operator but runs on 2/3 BFT consensus across multiple super validators. The intent is to reduce single-operator risk while maintaining the accountability and privacy required by regulated finance.

In sum, the decentralization Canton pursues is not decentralization backed by permissionless validators. It is closer to distributed operation centered on recognized institutions. It is more distributed than single-operator systems, but does not provide the same kind of censorship resistance as a public chain. Canton's security model is based not on a neutral validator set but on consensus among institutional operators with clear accountability.

3.1.2 Global State vs. Selective Disclosure

The second point of contention is the absence of global state. On Ethereum, when a token is issued, the entire network shares the token's state. Anyone can verify against the same ledger how much any address holds, what state any contract is in, and which state transitions are valid.

Canton operates differently. Only parties involved in a transaction verify the relevant contract fragment. The Global Synchronizer functions not as a global state ledger housing all assets and transaction content, but as a synchronization layer coordinating message ordering and final verdicts. In other words, Canton does not have a single global state shared identically by all validators, as Ethereum does.

This is where the criticism emerges that Canton is less a blockchain than a coordination network for private ledgers. That it is closer to a workflow protocol where each institution sees different transaction fragments and synchronizes only the result.

Source: X(@ShaulKfir)

Canton does not outright deny this. Selective disclosure is an intentional design choice. Financial institutions cannot disclose sensitive client information. If all transactions were exposed in a public mempool and block explorer, institutions would have to accept information leakage and front-running risk.

The argument is that a public chain's broadcast-everything model may suit censorship-resistant assets, but is not realistic for institutional finance. Instead, Canton provides Proof of Stakeholder, where actual stakeholders verify only the contracts relevant to them. This allows confidentiality toward uninvolved participants while ensuring contract condition and final commit consistency between actual transaction parties.

3.1.3 Single-Block Atomicity vs. Procedural Atomicity

The challenge to atomic settlement follows a similar thread. One of blockchain's biggest value propositions for institutional finance is DvP (Delivery versus Payment), where securities and cash are exchanged simultaneously, and PvP (Payment versus Payment), where payments in different currencies settle simultaneously. These prevent settlement failures where only one leg settles and reduce counterparty risk.

That Canton implements DvP and PvP is difficult to dispute. This is, in fact, a market area where it has found successful PMF(product market-fit). Canton has already built DLR (Distributed Ledger Repo), synchronizing repo transactions on Daml contracts and a shared ledger, and is providing atomic settlement in large-scale repo trading.

The issue is that Canton's atomicity is implemented differently from public chain single-state-machine atomicity. On Ethereum, a single transaction executes within a single global state. All state changes succeed together or revert together. Canton has each participant verify only the transaction view disclosed to it, with the Global Synchronizer coordinating message ordering, confirmation responses, and final verdicts.

This is why Canton's atomicity is characterized as "synthetic atomicity" or "procedural atomicity." The two legs do not execute simultaneously within a single state machine. Atomicity holds only when multiple participant nodes' confirmations and the synchronizer's commit procedure align. Canton can deliver the result of collateral and cash legs committing or failing together, but that result is produced procedurally through participant verification and synchronizer coordination, not verified within a single block as on Ethereum.

Canton's counterargument is clear. What matters in institutional finance is not public chain single-block atomicity per se, but the guarantee that actual settlement risk does not occur. In repo trading, the critical concern is preventing situations where collateral moves but cash does not arrive, or cash is paid but collateral is not transferred. Canton's position is that guaranteeing this settlement outcome does not require all state changes to execute simultaneously within a single block. If relevant stakeholders each verify transaction conditions and the Global Synchronizer coordinates the final commit so that both legs settle or fail together, that is sufficient.

For example, even if an asset tokenization app, a cash ledger, and a trading platform each operate on independent synchronizers, when buyer and seller route through the Global Synchronizer at the point of DvP, the state changes across all three apps settle as a single transaction. Each participant node verifies only the transaction fragment for which it is a stakeholder. The synchronizer handles ordering and routing of encrypted messages without decrypting the transaction content itself. Even without the entire network verifying all transaction content, if the stakeholders in a transaction verify the portions disclosed to them and the synchronizer coordinates the final commit, the result of "settling together or not settling at all" can be guaranteed.

3.2 Debate 2: Is Canton Doing Real Tokenization?

The other point of contention, separate from whether Canton is a public blockchain, is whether assets on Canton can be considered genuinely tokenized assets. Comparing BUIDL on a public chain with Canton's repo transactions makes the two models' different premises about tokenization clearer.

3.2.1 Transferable Token vs. Programmable Rights Record

The difference between "tokenization" as understood by tokenized assets like BUIDL (BlackRock), ACRED (Apollo), USTB (Superstate), and BENJI (Franklin Templeton), and the "tokenization" Canton envisions, shows up in the basic unit used to represent an asset and the resulting transferability.

Source: Etherscan

BUIDL on Ethereum is represented as an ERC-20 standard token contract. Assets are recorded as per-address balances. Issuance and holding status are verifiable on Ethereum. Even with KYC or transfer restrictions attached for compliance, the base format is a "token" object on a public state. This structure allows assets to connect with Ethereum's liquidity, collateralization, and DeFi composability.

This is possible because tokenization approaches like Securitize use blockchain as the official book of record. Securitize Transfer Agent, an SEC-registered transfer agent, manages the legal record of ownership based on onchain records. In effect, the ownership records that custodians or transfer agents previously managed in offchain databases have moved onto blockchain. The token is the security. The onchain balance is the official ledger.

Canton's assets are not represented as per-address balances. Tokenization on Canton does not convert a base asset into an independent token on a public chain. Instead, the asset is immobilized within existing custodial infrastructure, a tokenized representation is created on top of it, and ownership and rights transfers are processed through Daml contract logic.

If Ethereum layers compliance on top of a public token, Canton represents rights, authorities, and transfer procedures themselves as contract objects and synchronizes them within inter-institutional workflows. This difference raises the question of whether Canton's RWA qualifies as genuine tokenization. Assets are processed on a blockchain basis, but the output is closer to a programmable record of institutional finance's rights relationships and fund flows than to a bearer asset on a public chain.

3.2.2 Broadridge DLR: Repo Settlement Onchain

Looking at how DLR actually handles repo transactions, a model closer to rights-based tokenization, makes this difference more concrete. Repo is a market where banks and institutions borrow and lend short-term funds against treasury collateral. Here, the treasuries themselves do not necessarily need to be represented as freely transferable security tokens on a public chain. What DLR processes is the entire repo lifecycle, from collateral delivery, cash payment, collateral valuation, and rights transfer to maturity buyback, executed atomically within a single workflow.

When a repo transaction is executed on DLR, the procedure roughly proceeds as follows:

Collateral Immobilization: Treasuries provided as collateral are immobilized in an existing custodian account. The treasuries do not move onchain or become tradable tokens on a public chain.
Tokenized Representation Creation: A tokenized representation is created on the ledger based on the securities immobilized in the custodian account. What is actually transferred going forward is not the underlying security itself but the ownership representation of that security.
Offchain Cash Settlement: The cash leg does not exist onchain. Cash is settled offchain through existing payment rails. DLR implements DvP by executing the collateral representation's ownership transfer at the point when cash payment is confirmed.
Reverse Processing at Maturity: When the borrower repays cash and interest, the collateral representation is returned to the original owner and the collateral immobilized in the custodian account is released (un-immobilized).

Throughout this entire process, the repo's legal terms, collateral details, repo rate, transaction duration, and repayment amounts are all encoded in a Daml smart contract. Relevant participant nodes verify whether contract conditions are met based on transaction views disclosed to them, and the Global Synchronizer coordinates transaction ordering and final commit decisions.

This structure allows DLR to resolve settlement failures and execution delays in the existing repo market. As of April 2023, U.S. Treasury settlement failures averaged about $40 billion per day over the prior twelve months, with penalties running into millions of dollars daily. DLR integrates this into a single ledger-based workflow, delivering 25-50bp premium savings on a broker-dealer basis, elimination of overdraft fees related to settlement failures, and about 25% reduction in average clearing costs.

DLR also enables 4-6 hour intraday repo. Banks face intraday funding shortfalls on scales of hours or even minutes, but traditional market structures make it difficult to execute and settle repos that short. By processing even these short-duration collateral and cash flows programmably, DLR reduces settlement costs and collateral inefficiency in the repo market.

4. The Institutional Crypto Market Will Not Follow One Path, and Chain Adoption Will Not Settle on One Model

Whether Canton qualifies as a public chain or is doing real tokenization were useful questions for understanding Canton from multiple angles, but they are not questions worth lingering on. What matters more than definitional debates is observing which blockchain structures the market is actually adopting, what institutional finance needs from onchain infrastructure, and where the institutional crypto market is heading.

4.1 Two Paths for How Institutional Finance Uses Blockchain

To compare how Canton and public chains like Ethereum and Solana will divide institutional adoption, the first premise is that institutional demand does not bundle into one category.

In crypto, the narrative of "institutions are coming" tends to be treated as a single event. But the purposes for which institutional finance uses blockchain are clearly diversified. Broadly, they fall into two categories. One is the demand to access onchain liquidity already formed on public chains. The shared onchain liquidity serves as a buy-side channel for financial products issued by asset managers. The other is the demand to streamline existing financial workflows such as inter-institutional settlement, collateral management, and rights transfers.

4.1.1 Tapping Onchain Buy-Side Demand

Public chains already host hundreds of billions of dollars in stablecoin liquidity, treasuries, exchange idle funds, market maker inventories, lending protocol collateral, and delta-neutral/carry trade capital. Much of this capital seeks dollar-denominated yield, short-term treasury returns, and stable cash-equivalent assets usable as collateral.

Asset managers' tokenized treasuries, money market funds, and credit products are the new yield assets this onchain capital is looking for. For asset managers, public chains serve as both an infrastructure medium for asset representation and a new buy-side channel for accessing onchain capital's deployment demand. The following specific paths are already operating:

Private Credit Distribution: Figure and Maple tokenize corporate loans and consumer credit, connecting traditionally buy-side-constrained private credit markets to DeFi protocols as new distribution channels.
Reserve Incorporation: BUIDL, USTB, and BENJI are incorporated into the reserves of stablecoin protocols like Ethena, Frax, and Usual, becoming base assets that constitute stablecoin stability, redemption liquidity, and reserve yield.
DeFi Collateralization and Yield Splitting: Yield-bearing assets like USD.ai and thBILL are split into principal and yield on Pendle. USTB (Superstate) is deposited as collateral on Aave Horizon to borrow stablecoins like USDC and GHO. Tokenized assets are recomposed as base assets for collateral, yield, and leverage strategies.

4.1.2 The Path of Streamlining Institutional Workflows

Inter-institutional settlement and collateral management are an entirely different demand. The U.S. repo market's average daily exposure alone is about $12.6 trillion. What matters in this market is not pulling in external liquidity. It is atomically settling collateral and cash legs, precisely confirming rights transfers in securities lending between transaction parties, and processing intraday liquidity management at multi-hour intervals.

JPMorgan's deposit token JPMD is a representative case of this demand. JPMD's primary role is in wholesale finance: multinational corporate cross-border treasury management, inter-institutional settlement, and tokenized repo settlement. It is closer to an institutional payment rail for faster connection of bank accounts, collateral, cash legs, and corporate treasury flows.

Corporate Treasury Management: German infrastructure company Siemens (revenue approximately EUR 78 billion) reports that adopting Kinexys cut its U.S. bank accounts by 50% and saved $20 million annually. The result of 24/7 fund pooling that eliminated idle capital and buffer deposits across global entities. Ant International, BlackRock, and Mastercard participate through the same path.
Tokenized Repo Settlement: Processing repo transactions using tokenized treasury collateral and deposit tokens for short-term funding. Cumulative volume of $430 billion processed. Settlement shortened from T+1 to same-day. Goldman Sachs and BNY Mellon are primary client institutions.
Cross-Border B2B Payments: JPMD is used for dollar settlement with Coinbase and B2C2. The purpose is to eliminate business-hour constraints and intermediary bank fees inherent in SWIFT-based cross-border remittances.

4.2 Canton's PMF: Repetitive, High-Value, Private, Settlement-Critical

Given that institutional onchain adoption is not a single path, the premise that it should converge on a single blockchain model is not valid. Canton and public chains are not dividing the same market in different ways. They are responding to different institutional demands.

This also sharpens the framework for evaluating Canton. The approach to avoid is building a checklist based on Ethereum's criteria and treating every mismatch as a flaw. Canton is not an attempt to make Ethereum or Solana more private. It is infrastructure for reducing the costs and risks created by institutional finance's legacy plumbing: repo, CSDs, custodian banks, payment rails, and reconciliation.

Canton also recognized early that institutional finance agreed on blockchain-based efficiency gains but could not accept a model where all transaction information is public. By addressing this through selective disclosure, authority-based access, and inter-institutional synchronization, Canton found its market fit.

Canton's market fit is therefore clear. It lies in repetitive, high-value, participant-restricted institutional workflows where privacy and settlement certainty are priorities. Repo is the representative case. Repo participants are restricted to large banks and market infrastructure. Transaction volumes are large. Operational risk is expensive.

Canton's institutional adoption is expanding on precisely this fit. Broadridge DLR processes roughly $339 billion in daily repo volume, moving approximately 3% of the U.S. repo market onchain. DTCC has also announced a partnership to tokenize DTC-custodied U.S. Treasuries on Canton. Given that DTCC's custodied assets exceed $100 trillion, realization would significantly expand the range of institutional assets Canton can access.

Going forward, Canton's core metrics are closer to throughput, settlement speed, failure rate reduction, and operational cost savings. Assets do not need to reside on-chain for extended periods or circulate independently as onchain securities. Atomic processing at the point of transaction, accurately reflected in each institution's ledger, is sufficient.

This contrasts with public chain tokenized assets, which use onchain AUM, DeFi protocol TVL, and holder count as core metrics while expanding the buy side. Public chains' openness-driven strengths are also difficult for Canton to replicate. Nearly every major asset manager's tokenized assets are already issued on Ethereum. The large pool of onchain capital accumulated on public chains forms a liquidity moat that Canton cannot easily overcome in the short term.

5. Closing: The Race for Institutional Crypto, and Canton's Position

The debate around Canton looks like a dispute over technical definitions. In reality, it is closer to a contest over who leads the institutional crypto market. The public chain camp sees Canton as having given up too much. The Canton camp counters that public chains oversimplify real-world finance.

What is harder to deny is that Canton aligns well with a new competitive category in the blockchain market. For a long time, competition among blockchains centered on TPS, low fees, and ecosystem app expansion. Then chains like Hyperliquid, with clear product demand and revenue, began commanding higher valuations. As the institutional market gains momentum, another competitive category is emerging clearly: whether a chain can deliver the privacy, authority structures, and atomic settlement that institutional finance requires. Canton identified this demand early and has shown meaningful results through actual institutional adoption.

Even so, the market's final form is unlikely to converge entirely on one side. As institutional finance's onchain demands are diversified, infrastructure will diversify alongside them. Within this landscape, the demand for repetitive, high-value, selectively disclosed, and controlled consensus structures exists strongly, and Canton is positioned as a core player with significant further growth ahead.

Canton: The Most Institutional Blockchain, The Most Controversial Blockchain

Researcher

Related Projects