Canton has started a battle

Canton chooses efficiency over freedom, and institutions have also chosen Canton.

Author: Thejaswini M A

Translation: Block unicorn

Preface

What happens when a company shifts from defense to offense, changes its stance, and refines its arguments?

We know this because Microsoft spent years claiming it had no animosity toward Linux. Yet, it began appearing at government procurement meetings, holding security briefings, explaining how open-source software could threaten national infrastructure. Google, for its part, told publishers for a decade it was simply organizing information. Yet it started funding research that found news paywalls were harmful to democracy. The message shifted from "we built something different" to "what they built is dangerous". If you're good enough and have the right connections, you don't even need to win technically. You just need to ensure that the people who ultimately decide the direction of technology trust you more than your competitors.

This is what Canton is doing now. And the crypto industry has been largely excluded from the conversation.

In January this year, I pointed out that Canton chose efficiency over freedom, and institutions chose Canton. The argument then was that Canton and Ethereum were aimed at different audiences, solving different problems. That argument was true at the time. But since then, Canton's direction has changed.

Canton's founders have begun explaining, both in public and behind closed doors to buyers and regulators, that zero-knowledge proofs (ZKP) pose unacceptable risks to mission-critical financial systems. I believe this is a campaign to shape regulatory attitudes, in sync with a fundraising effort that attracted major investors like Goldman Sachs, Citadel, DRW, Circle, Paxos, and Polychain. JPM Coin launched on Canton in January. Visa joined as a super validator in March. On March 27, LayerZero became the first interoperability protocol to run directly on Canton, enabling institutions to route tokenized assets across over 165 public blockchains. The fully diluted valuation of the $CC token is $5 billion.

None of this is the main point. What I want to discuss is how Canton is now trying to shape the range of technologies that banks are allowed to use. So far, only Canton has initiated this conversation.

Arguments Against ZK

Canton's argument is roughly this: vulnerabilities in zero-knowledge proofs may be hard to detect because the underlying data is private. If such a vulnerability spreads quietly—with no audit trail and no accountability—that's enough to constitute a fatal flaw.

They point to a real example. On April 16, 2025, Solana patched a zero-day in its zero-knowledge-based “Confidential Transfers” feature. The bug could have allowed attackers to mint unlimited tokens. It's unclear if the exploit was ever used.

The person making this argument is Canton co-founder and COO Shaul Kfir, who is also a co-author of libsnark, a C++ library for building zk-SNARK proofs. Is he rejecting a technology he doesn’t understand? Unlikely.

His argument is that when a zero-knowledge proof fails, nobody will notice. The data remains private, errors are hidden, and by the time anyone realizes there’s a problem, the damage is done. For regulators whose job is to prove banks aren't laundering money, a system that "trusts math" isn’t satisfactory. They need to see the records.

And in Canton's model, the only entities able to view these records in real time are the super validators—the same institutions that, if their keys are compromised, become a single point of failure.

In Canton's model, the only entities able to view these records in real time are the super validators, whose key leaks can become the sole point of failure.

This argument doesn’t need to be bulletproof to be effective. It just needs to sound plausible to those already skeptical of crypto. For those whose careers were built on paper trails and audit logs, any major crypto vulnerability means the evidence disappears. You don’t need to win a technical argument, but you still need the other side to perceive an alternative as risky.

Where Is the Problem?

ZKsync co-founder Alex Gluchowski responded in public last week. He said that Canton's logic is far too extreme. If a technology has potential vulnerabilities, and those vulnerabilities can have catastrophic consequences, then we should never use it. By this logic, we should have grounded all commercial flights in the 1970s and never made another airplane. Fly-by-wire systems have bugs, engine controllers have bugs, autopilot software has failed and resulted in casualties. We did not stop flying. The airplanes we build have multiple independent systems. So when one fails, another can catch and correct it in time to prevent a crash.

Has Canton answered what happens after an operator key leak? There's currently no backup system or secondary security layer to check work. The trusted operator is the only line of defense. If that defense fails, the damage can spread silently through the network, unmonitored. By Canton’s own standards, this architecture is what should actually concern regulators.

The solution to technical flaws is never to find a 100%-reliable technology but to build systems that anticipate failures and ultimately survive them. Nuclear reactor safety doesn't come from software that never crashes. It’s safe because five independent things have to fail at the same time for a disaster to occur. Pacemakers and commercial aircraft are the same. The engineering principle is redundancy and isolation: multiple independent system layers so that when one fails, another layer mitigates the issue in time. System design should also ensure that when failures do happen, damage is contained to that system and doesn’t spread to everything connected to it.

Gluchowski applied the same test to Canton’s own architecture. Canton’s privacy and integrity model relies on one mechanism only: trusted operators isolating data among participants. There’s no cryptographic verification layer or independent audit. If an operator key is compromised, tampered-with states could spread quietly in an opaque UTXO chain, with no monitoring. By Canton's own logic (single point of failure, devastating consequences), this is the architecture regulators should worry about.

ZK bugs, Solana zero-days—these are real problems. But the answer to unreliable components is not to replace them with another institutionally-branded single point of failure. The right approach is to build multiple independent layers of defense, design constraints that limit attacks, and sustain open, adversarial audits over a decade. The EVM today exists because some of the world’s most sophisticated attackers have stress-tested it adversarially over a decade, forcing through billions in economic value. Every maturity concern Canton raises about ZKPs applies equally to DAML, but there's much less mitigation available.

None of this will end the debate, but it redefines where the debate should focus. One approach to institutional risk management is to argue, in the context of regulation, that it should be the only approach allowed.

Canton’s argument entirely misses the key point. Zero-knowledge technology is not at a fixed risk level; it becomes safer as more people participate in its validation. Its core mechanism is allowing you to prove a statement is true without revealing underlying data. Verifiers check the proof, not the data. The more independent verifiers review a proof system, the harder it becomes to hide bugs or sabotage. In 2025, Nethermind formally verified ZKsync’s on-chain zero-knowledge verifiers using EasyCrypt, completing the first formal proof of its kind in a live ZK system. This shows that open-system, adversarial scrutiny produces much stronger results over time.

Canton’s model is the opposite. Trust is concentrated in a few approved operators. The cumulative effect is not the same. A closed system of approved verifiers can only withstand limited scrutiny. Who is allowed to verify is not a trivial security detail. As verifier networks grow, open ZK systems become harder to compromise. A permissioned trust model’s strength—and vulnerability—depends on its weakest operator. A 2024 systematic review of known attacks found about 96% of recorded circuit-level ZK vulnerabilities were due to under-constrained circuits—exactly what open, adversarial tests are designed to uncover. The bugs Canton highlights are real. It is the open ecosystem that finds and fixes them. Keeping the ecosystem closed doesn’t make bugs go away; it just means fewer people care to look.

Canton Is No Longer Playing by the Old Rules

Looking back, I once said Canton was positioned as a parallel system—that it solved different problems for different users, not competing with Ethereum for the same market.

The LayerZero integration changed this. It allows traditional finance institutions on Canton to route tokenized securities, digital bonds, and stocks across over 165 public blockchains, meeting compliance and confidentiality requirements. Investors can now use stablecoins on public chains to buy tokenized real-world assets developed natively on Canton. Canton’s native tokenization tools can access other ecosystems for secondary market trading.

LayerZero Labs CEO Bryan Pellegrino said: “Canton has built the infrastructure for TradFi, handling more than $350 billion in US Treasury repo transactions every day. LayerZero’s mission is to ensure these assets move across every market and every blockchain globally.”

Canton is stepping into crypto’s liquidity pools, not distancing itself. This creates tension. Canton’s founders are holding closed-door sessions with regulators, arguing ZK proofs are too risky for institutions. Meanwhile, Canton-based assets are entering a public blockchain ecosystem via LayerZero, where ZK proofs are core infrastructure—often for products positioned as institutional alternatives to Canton.

What does this mean in practice? A bank holds tokenized US Treasuries on Canton. Via LayerZero, these treasuries can now be transferred to Ethereum or Arbitrum, where they can be used as collateral on Aave, borrowed and lent on Ondo, or serve as base assets for DeFi lending protocols. The instrument retains institutional compliance via Canton, and gains crypto-native liquidity. Ondo Finance has done something similar using LayerZero—its tokenized treasury product USDY operates on four blockchains, has $700 million TVL, and can be used as DeFi collateral. Now, Canton can directly access the same ecosystem. Banks get yield and composability. DeFi gets institutional collateral. Canton can argue to regulators that ZK proofs are too risky, all while its assets move freely on blockchains that depend on those very proofs—including those that are positioned as institutional alternatives to Canton.

If the goal is regulatory capture, then taking advantage of crypto infrastructure while telling regulators crypto’s basic privacy technology is a systemic threat becomes a coherent, not contradictory, strategy. You can do this because the ZK camp hasn’t yet organized a counter-lobby of similar scale.

As of last week, the most visible contribution from the ZK camp to regulatory discussion was Gluchowski’s post. It was indeed an excellent post. Canton has lawyers in these meetings, Goldman’s connections. For a decade, they’ve built trust with regulators, and regulator approval decides what a systemically important bank is allowed to deploy.

What's at Stake for Ethereum?

This is not an abstract concern for ETH holders or anyone watching the institutional tokenization movement.

If Canton wins the regulatory argument—meaning if zero-knowledge proofs are classified as too risky, obscure, or novel to fit into regulations for systemically important institutions—Ethereum’s path to institutional settlement closes before it’s ever truly open. The $100 trillion tokenization opportunity Larry Fink mentioned in his annual letter keeps using permissioned settlements. Ethereum can settle DeFi. That's important, but it doesn’t become the world’s financial settlement layer.

If the ZK camp wins—if zkSync’s Prividium and emerging institutional-grade ZK infrastructure earn regulatory approval as quickly as or before Canton’s model—the landscape shifts dramatically. Blockchains that safeguard DeFi will start safeguarding institutional tokenization. Ethereum’s position in the financial system is elevated. Assets that looked likely to be marginalized at the institutional layer become foundational at the institutional layer.

Visa just joined Canton as a super validator. DTCC is moving towards production deployment. Broadridge already settles hundreds of billions in daily volume on the Canton platform. Test participants include Goldman Sachs, BNP Paribas, Tradeweb, and Citadel Securities. The institutional settlement flywheel is running—and running long enough to create real momentum.

In January, I said Canton’s goal was not to replace Ethereum. That’s still true. Its aim is both sharper and more effective than replacing Ethereum. Its goal is to ensure Ethereum never has a chance to compete in the same market—not by building the “best” tech, but by securing certification first. By securing approval before the regulator steps into the technology, and by using that approval to set the criteria for all future tech assessments.

Crypto has always competed on visible metrics—TVL, fees, user count, volume, and token price. Canton has never tried to compete on these metrics. It’s built on trust—intangible, slow to accumulate, and nearly impossible to imitate once it’s held by someone else.

Ironically, zero-knowledge proofs were invented to solve exactly the problem Canton is now exploiting. If math can prove something true without showing the answer, you don’t have to trust anyone. Canton’s argument is that math itself isn’t trustworthy. Therefore, you should trust institutions. The one who gets named as the risk wins.