Canton
Canton
Tokenizing Assets on Canton Network with zerohash
The convergence of institutional finance and blockchain technology has reached a critical inflection point.
Example H2

Overview

The convergence of institutional finance and blockchain technology has reached a critical inflection point. Traditional financial institutions are increasingly seeking to harness the transformative benefits of tokenization – instant settlement, 24/7 operations, programmable compliance, and atomic multi-party transactions. Different blockchain architectures serve different use cases: public blockchains excel at transparency and global accessibility, while permissioned networks address specific institutional requirements around privacy, selective visibility, and confidential operations.

zerohash operates a comprehensive multi-chain tokenization engine, enabling institutions to deploy on networks that best suits their specific needs – whether that’s a public network for transparency-focused use cases, or permissioned networks for privacy-sensitive operations.

This white paper focuses specifically on the integration of zerohash's institutional-grade tokenization engine with Canton Network, a privacy-enabled, permissioned blockchain designed for financial institutions requiring confidentiality. This integration enables:

  • Privacy-preserving tokenization with selective visibility across institutional networks
  • Atomic cross-institution settlement reducing counterparty risk
  • Programmable compliance embedded directly into tokenized assets via Daml smart contracts
  • Regulatory transparency through configurable reporting layers
  • Institutional-grade security meeting SOC 2 Type II, ISO 27001, and banking standards

By combining zerohash's proven tokenization infrastructure – which includes MiCA and GENIUS Act-compliant  regulatory framework, comprehensive custody solutions, and operational excellence across multiple blockchain networks – with Canton's unique privacy architecture, we enable financial institutions to launch tokenized assets with selective visibility quickly and securely.

This integration addresses specific institutional needs where privacy and confidentiality are essential: moving from public blockchain deployments where transparency is acceptable to private institutional networks where selective visibility preserves confidential business information while enabling seamless interoperability among authorized participants.

Introduction

The Tokenization Opportunity

The tokenization of real-world assets (RWAs) represents one of the most significant transformations in financial markets infrastructure. McKinsey projects the tokenized asset market will reach $2T by 2030, while Boston Consulting Group estimates potential market size of $16T by 2030. The stablecoin market alone has grown to $230B+ in circulation with $27.6T in annual transaction volume.

Traditional financial infrastructure suffers from fundamental limitations:

  • Settlement delays: T+1 or T+2 settlement cycles creating capital inefficiency
  • Operational hours: Business hours-only operations limiting global commerce
  • Fragmented systems: Disconnected ledgers requiring complex reconciliation
  • Manual compliance: Point-in-time compliance checks rather than continuous enforcement
  • Counterparty risk: Non-atomic multi-party transactions creating settlement risk

Tokenization addresses these limitations by representing assets as programmable digital tokens on blockchain infrastructure. This enables instant settlement, reducing capital requirements and accelerating business velocity. Operations can run continuously without regard to business hours or holidays. Automated compliance can be embedded directly into assets themselves, enforcing rules in real-time. Atomic multi-party transactions ensure that complex settlements either complete entirely or fail entirely, eliminating counterparty risk.

The Institutional Challenge

Public blockchains have proven highly successful for many tokenization applications, offering unparalleled transparency, global accessibility, and robust decentralization. zerohash works with partners to issue tokens on public chains including Ethereum, Solana, and other leading networks, and these platforms will continue to serve critical roles in the digital asset ecosystem.

However, certain institutional use cases may require privacy features that public blockchains aren't designed to provide. For these specific scenarios – such as confidential securities trading, proprietary treasury operations, or regulated banking activities – transaction transparency creates challenges that need to be addressed.

Complete transaction transparency may be incompatible with:

  • Client confidentiality requirements
  • Competitive business information
  • Regulatory expectations around data protection
  • Front-running and MEV (Maximal Extractable Value) risks

Technical limitations:

  • Scalability constraints during high transaction volumes
  • Gas fee volatility making costs unpredictable
  • Smart contract immutability complicating regulatory compliance

Operational complexity:

  • Managing private keys at institutional scale
  • Integrating blockchain with traditional banking infrastructure
  • Ensuring 99.99%+ uptime required for financial services

zerohash & Canton Network

The integration of zerohash's tokenization engine with Canton Network addresses institutional privacy requirements while maintaining the benefits of blockchain technology. This combination serves use cases where selective visibility and permissioned access are essential. These benefits include:

  • Privacy-first architecture: Canton's unique "network of networks" design ensures transaction data is only visible to authorized stakeholders, not the entire network.
  • Regulatory compliance: zerohash provides GENIUS Act-compliant frameworks, banking partnerships, and operational infrastructure that institutional customers require.
  • Programmable compliance: Daml smart contracts embed regulatory rules directly into tokenized assets, ensuring compliance is automatic and auditable.
  • Institutional security: Multi-party computation (MPC) custody, hardware security modules (HSMs), and comprehensive insurance protect institutional assets.
  • Proven infrastructure: zerohash's platform processes billions in transaction volume with partnerships including major banking institutions and financial services providers.
  • Interoperability: Canton's synchronization domains enable atomic transactions across separate institutional ledgers while maintaining privacy where required.

This white paper details the technical architecture, regulatory framework, use cases, and implementation approach for tokenizing assets on Canton Network using zerohash's infrastructure.

Canton Network: Architecture and Key Capabilities

Network of Networks Architecture

Canton Network represents a fundamental rethinking of blockchain architecture for institutional use. Rather than a single shared global state visible to all participants (as in Ethereum or Bitcoin), Canton implements a "network of networks" where each institution or application runs its own private ledger (Participant Node).

Key architectural components:

  • Participant Nodes: Each institution operates its own node maintaining a private ledger visible only to that institution. Multiple applications or business units within a single institution can operate separate nodes.
  • Synchronization Domains: Coordination layers that order and timestamp transactions between participant nodes. Critically, Sync Domains only see encrypted transaction data and cannot view sensitive content. This preserves confidentiality while enabling coordination.
  • Global Synchronizer: For transactions spanning multiple Sync Domains (e.g., a securities trade involving cash from one domain and stocks from another), the Global Synchronizer coordinates atomic settlement across separate domains, ensuring all components of a multi-party transaction either fully complete or fully fail.
  • Daml Smart Contracts: The Daml programming language enables privacy-preserving smart contracts where only stakeholders defined in the contract can view transaction details. This allows different parties to see different aspects of the same transaction based on their role.

Selective Visibility and Privacy

Canton's privacy model differs fundamentally from both public blockchains and traditional private permissioned networks:

Stakeholder-based visibility: Only parties explicitly defined as stakeholders in a Daml contract can view that contract and its transaction history. For example:

  • In a tokenized bond trade, the issuer sees issuance details
  • The buyer sees their purchase and holding
  • The transfer agent sees ownership changes
  • The regulator (if designated) sees aggregate reporting
  • No single party sees all aspects unless explicitly granted permission

Encryption by default: All transaction data transmitted through Synchronization Domains is encrypted. The infrastructure itself (Sync Domain operators) cannot view transaction content, only coordinate ordering and timing.

Configurable transparency: Each network can define visibility rules. A consortium might grant all members full visibility, while a multi-tenant network might enforce strict isolation between tenants with selective sharing for specific transaction types.

Regulatory visibility: Regulatory bodies can be granted read access to specific transaction types or aggregate data without requiring full network visibility. This is implemented through the Global Synchronizer, allowing governments to validate fund flows while preserving commercial confidentiality.

Atomic Multi-Party Settlement

One of Canton's most powerful capabilities is enabling atomic (all-or-nothing) transactions that span multiple institutions, applications, and asset types. Traditional financial transactions often involve multiple sequential steps that create settlement risk. A typical securities trade requires a bank to transfer cash to an exchange, the exchange to hold cash in escrow, a securities custodian to verify ownership, securities to be transferred, and finally cash to be released to the seller. Each step creates settlement risk—the possibility that one party completes their obligation but the counterparty fails to complete theirs.

Canton's solution uses the Global Synchronizer to coordinate all steps of a multi-party transaction atomically. The entire transaction either completes in its entirety or fails completely, eliminating settlement risk. Daml smart contracts define the transaction requirements, specifying all preconditions that must be met. The Global Synchronizer coordinates execution across all required Participant Nodes and Sync Domains. Only when all parties have validated their portion does the transaction commit to all ledgers simultaneously.

Use cases include:

  • Delivery-versus-payment (DvP) for securities trades
  • Payment-versus-payment (PvP) for FX settlements
  • Complex multi-leg derivatives settlements
  • Supply chain finance with multiple counterparties

Proof-of-Stakeholder Consensus

Canton decouples transaction validation from transaction ordering, enabling superior scalability compared to traditional blockchain consensus mechanisms. In traditional blockchains, all validators must validate all transactions, creating scalability bottlenecks where throughput is limited by the slowest validator and the need for global consensus.

Canton's approach allows only stakeholder nodes—parties actually involved in a specific transaction—to validate that transaction. The Sync Domain provides ordering and timestamping but does not perform validation itself. This architecture delivers several critical benefits.

Scalability improves dramatically because validation work is distributed across only the relevant parties, not the entire network. A transaction between Bank A and Bank B need not be validated by Banks C through Z. Privacy is enhanced since validators only see transactions they're actually involved in. Finality is achieved once stakeholders validate their own interests, not when some probabilistic threshold is reached across thousands of unknown validators. Different transaction types can have different validation requirements based on their risk profile and complexity.

Programmable Compliance with Daml

Daml (Digital Asset Modeling Language) is Canton's smart contract language, purpose-built for financial applications:

  • Regulatory rules as code: Compliance requirements are embedded directly into tokenized assets. For example, a security token might specify:
    • Only verified accredited investors can hold this token
    • Transfers only allowed between approved jurisdictions  
    • Mandatory holding period of 6 months after issuance
    • Maximum ownership concentration of 10% per entity
    • Automatic tax withholding for foreign holders
  • Runtime enforcement: The Canton Network enforces these rules at transaction time. A transfer violating compliance rules is automatically rejected before execution.
  • Auditability: All compliance decisions are recorded on-ledger with full audit trails showing which rules were evaluated and why transactions were approved or rejected.
  • Upgradability: As regulations evolve, compliance rules can be updated while maintaining backward compatibility with existing tokens.

Multi-jurisdiction support: Different rules can apply based on stakeholder jurisdictions, with automatic application of the correct regulatory framework.

zerohash Tokenization Engine

Overview and Capabilities

zerohash provides the regulatory foundation and technical infrastructure to power compliant tokenization for enterprise partners. The platform eliminates the typical 18-24 month build cycle and $5M+ annual infrastructure costs required for independent launches, offering instead a comprehensive suite of capabilities that enable rapid deployment while maintaining institutional-grade security and compliance.

Token Infrastructure

zerohash's token infrastructure supports deployment and management across a number of blockchains with unified APIs and administrative controls:

  • Smart contract deployment and management across multiple networks
  • Mint and redeem APIs with real-time supply tracking for transparent reserve management
  • Administrative and emergency controls including pause, freeze, and burn capabilities
  • Multi-chain distribution (including on Canton) and bridging enabling liquidity across networks

Compliance Engine

The Global Policy Engine ensures every transaction meets regulatory requirements before execution:

  • KYC/AML verification integrated with leading identity providers
  • Real-time OFAC and sanctions screening against comprehensive watchlists
  • Configurable address whitelisting and blacklisting for jurisdictional restrictions
  • Transaction monitoring with automated suspicious activity detection and reporting
  • Travel Rule compliance for transfers exceeding regulatory thresholds
  • Jurisdiction-based restrictions automatically applied based on party locations

Custody and Security

zerohash's institutional-grade custody infrastructure has never experienced a security breach:

  • MPC-based custody with 3-of-3 threshold signatures ensuring no single point of compromise
  • Hardware Security Module (HSM) integration for cryptographic key protection
  • Quorum-based approvals for sensitive operations providing operational security
  • SOC 2 Type II and ISO 27001 certified meeting the highest industry standards
  • Comprehensive insurance coverage protecting institutional assets

Policy Engine Authorization

Treasury Management

zerohash maintains banking relationships with major institutions to provide seamless fiat connectivity:

  • Banking partnerships with tier-1 institutions for reserve custody
  • Reserve management and attestation services ensuring 1:1 backing
  • Fiat on/off ramps operational across 185+ countries
  • Liquidity management and stress testing under various market scenarios
  • Monthly reserve attestations by Big Four accounting firms providing independent verification

Operational Infrastructure:

zerohash handles the operational complexity of tokenization, allowing partners to focus on their core business:

  • Fund administration and accounting services
  • Regulatory reporting automation reducing compliance overhead
  • Real-time reconciliation ensuring accurate record-keeping
  • Dedicated operational support with institutional SLAs
  • 99.99% uptime guarantee for mission-critical financial infrastructure

Deployment Models

zerohash offers two flexible deployment models tailored to different institutional needs and regulatory postures. Both models provide comprehensive tokenization capabilities while allowing partners to choose the level of operational control appropriate for their business model.

Infrastructure Model:

The Infrastructure Model is designed for institutions with existing regulated entities seeking technology acceleration. The partner provides the regulated Trust company and maintains custody relationships, while zerohash delivers the complete technology stack and operational support. This model is optimal for banks, fintechs, and institutions with established regulatory infrastructure who want to maintain control over reserves and compliance operations while leveraging zerohash's proven technology platform.

Issuer Model:

The Issuer Model offers a turnkey solution where zerohash provides the regulated Trust company, custody infrastructure, and full operational support. Partners focus exclusively on marketing, customer acquisition, and user experience while zerohash handles the regulatory and operational complexity. This comprehensive service model is ideal for partners without existing regulatory infrastructure who want to launch quickly without the burden of establishing banking relationships and compliance frameworks.

Both models include:

  • Token design and smart contract deployment tailored to specific use cases
  • Mint and redeem APIs providing programmatic control over token supply
  • Administrative and emergency controls for risk management
  • Institutional-grade digital asset custody with MPC infrastructure
  • Real-time reporting and analytics dashboards
  • Dedicated support with institutional SLAs

Multi-Chain Infrastructure

zerohash's tokenization engine supports multiple blockchain networks with unified management, allowing partners to deploy across chains while maintaining consistent security and compliance standards. This multi-chain approach enables optimization for different use cases while preserving interoperability.

EVM Chains:

Ethereum serves as the primary institutional network, offering the highest security and deepest liquidity for institutional use cases. Polygon provides low-cost Layer 2 scaling ideal for retail transactions and high-frequency operations. Arbitrum and Optimism deliver Ethereum Layer 2 solutions optimized for DeFi applications requiring composability with existing protocols. Avalanche offers fast finality with subnet isolation

capabilities, enabling customized blockchain environments. Celo provides mobile-first infrastructure targeting emerging markets with accessibility and low fees.

Non-EVM Networks:

Solana supports high-frequency trading applications with sub-second finality, transaction fees under $0.001, and capacity exceeding 57 million daily transactions. This makes Solana particularly suitable for payment applications and high-volume trading where cost per transaction is critical.

Cross-Chain Bridging:

zerohash implements native bridging via mint-and-burn mechanisms, avoiding the security risks of wrapped tokens. When tokens move between chains, the source chain burns the tokens while the destination chain mints equivalent tokens, maintaining asset integrity across networks. Compliance controls are enforced during cross-chain transfers, ensuring regulatory requirements apply regardless of which chain holds the tokens. Real-time balance synchronization ensures reserve attestations accurately reflect total supply across all supported chains.

Chain-Specific Optimizations:

Each blockchain network has unique characteristics requiring tailored optimization strategies. zerohash implements gas optimization strategies per network, reducing transaction costs through techniques like batched operations and efficient contract design. Treasury operations benefit from batched distributions consolidating multiple payments into single transactions. Gasless transactions using meta-transactions improve user experience by allowing sponsors to pay gas fees on behalf of users. Network-specific wallet support ensures compatibility with the most popular wallets on each chain, reducing user friction.

Integration Architecture: zerohash on Canton

High-Level Architecture

The integration of zerohash's tokenization engine with Canton Network creates a powerful platform for institutional asset tokenization. The architecture consists of two primary layers: the Canton Network Layer and the zerohash Integration Layer.

The Canton Network Layer includes Participant Nodes operated by each institution (such as Bank A and Bank B in a transaction). These nodes connect to a Synchronization Domain that provides encrypted coordination services without accessing transaction content. The Global Synchronizer coordinates cross-domain atomic settlement when transactions span multiple synchronization domains or involve multiple asset types.

The zerohash Integration Layer sits below the Canton Network Layer and provides comprehensive tokenization services: 

  • The Tokenization Engine handles mint, burn, and transfer operations for all supported asset types. 
  • The Global Policy Engine validates all operations against compliance requirements before they reach the blockchain. 
  • MPC Custody Infrastructure manages private keys using multi-party computation, ensuring no single point of compromise. 
  • Reserve Management maintains 1:1 backing for stablecoins and tokenized deposits, with real-time monitoring and attestation. 
  • Banking Integrations provide connections to traditional financial infrastructure including RTP, ACH, FedWire, and SWIFT. 
  • Compliance Monitoring performs continuous KYC/AML surveillance, sanctions screening, and regulatory reporting.

Participant Node Architecture

Each institution deploying on Canton through zerohash operates a Participant Node with several key components.

Node Components:

Ledger API - Daml-based interface for:

  • Submitting transactions (mint, burn, transfer)
  • Querying active contracts (token holdings, compliance status)
  • Subscribing to ledger updates (real-time notifications)
  • Managing parties and permissions

zerohash Connector - Integration layer translating between:

  • zerohash's REST APIs → Canton Ledger API
  • Canton events → zerohash webhooks
  • Compliance checks → Daml contract validation
  • Custody operations → Canton transaction signing

Privacy Controls - Configuration defining:

  • Which transactions are visible internally only
  • Which transactions require synchronization with other nodes
  • Stakeholder definitions for each contract type
  • Regulatory reporting visibility

Local Storage - Private database maintaining:

  • Transaction history for this participant
  • Active contract state
  • Audit logs and compliance records
  • PII (personally identifiable information) not stored on-chain

Token Contract Design

zerohash deploys Daml contracts on Canton that implement tokenized asset logic. The core Asset Template defines the structure of each token with fields for the issuer (zerohash or a partner entity), the current owner, the token quantity, an asset identifier, and embedded compliance rules.

The contract includes several key choices (operations in Daml terminology). The Transfer choice allows the owner to transfer tokens to a new owner, but only after validating compliance rules. The contract checks that the transfer doesn't violate any embedded compliance requirements, verifies the recipient's KYC/AML status by fetching their verification record, applies jurisdiction rules to ensure the transfer is allowed between the parties' locations, and only then executes the transfer by creating a new contract with the updated owner.

The Burn choice allows the issuer and owner together to destroy tokens, reducing the circulating supply. This validates burn authorization, records the burn in the reserve ledger to maintain accounting integrity, and reduces the token supply by either completely archiving the contract (if burning the entire amount) or creating a new contract with the reduced amount.

Compliance is integrated deeply into every operation. A KYC Registry maintains on-ledger verification status without exposing personally identifiable information. Sanctions Screening performs real-time checks against OFAC, UN, and EU sanctions lists before allowing any transfer. Jurisdiction Rules automatically apply cross-border restrictions based on where parties are located. Holding Periods enforce lock-up requirements through time-based constraints that cannot be bypassed. Concentration Limits are calculated automatically, preventing any single entity from accumulating excessive ownership.

Privacy Preservation

The integration maintains institutional privacy requirements:

Transaction Isolation:

  • Token transfers within a single institution's node are not visible to other nodes
  • Only when a transfer crosses institutional boundaries does the transaction involve the Synchronization Domain
  • Even then, only the encrypted transaction is coordinated, not the plaintext details

Stakeholder Visibility:

  • Issuer (zerohash or partner) sees all tokens for that asset
  • Token holders see only their own holdings
  • Transfer agents see ownership changes they process
  • Regulators see only what they're explicitly granted access to
  • Market makers see only the liquidity they provide

PII Protection:

  • Names, addresses, SSNs, account numbers stored off-chain in zerohash systems
  • On-chain representation uses pseudonymous party identifiers
  • KYC verification status reflected on-chain (verified: yes/no) without revealing details
  • Compliance with GDPR, CCPA, and other privacy regulations

Selective Disclosure:

  • Auditors can be granted read-only access to specific contract types
  • Regulators receive aggregate reporting without individual transaction details
  • Investors see their portfolio but not other investors' holdings

Custody Integration

zerohash's MPC custody infrastructure secures all Canton operations through several layers of protection. Canton participant keys are controlled by zerohash MPC clusters using a 3-of-3 threshold signature requirement where all three key shards must participate in every signature. Key shards are stored in geographically separated secure enclaves, ensuring that no single location compromise can expose keys. Complete private keys are never materialized during operation—signatures are generated through cryptographic protocols that never assemble the full key. All operations comply with NIST cryptographic standards for institutional-grade security.

The transaction signing process follows a rigorous workflow:

  1. zerohash API receives mint/burn/transfer request
  2. Global Policy Engine validates compliance
  3. Quorum approval obtained (if required by policy)
  4. MPC signing request generated
  5. Three MPC nodes each contribute signature share
  6. Signature shares combined to create valid Daml submission
  7. Signed transaction submitted to Canton Ledger API
  8. Canton validates and commits transaction

Operational controls provide defense in depth. Time-locked operations require additional waiting periods and approvals for large transactions. Threshold monitoring triggers automatic alerts when unusual patterns are detected. Emergency pause functionality can halt specific contracts or addresses if fraud is detected. Multi-level approval workflows apply different requirements based on transaction size, type, and risk. Continuous audit logging captures every signing operation with full forensic detail.

Disaster recovery ensures business continuity:

  • Key shards backed up in multiple secure locations
  • Recovery procedures tested quarterly
  • Failover to backup MPC nodes within minutes
  • No single point of failure in signing infrastructure

Use Case: Tokenized Deposit Accounts

Scenario: A commercial bank wants to offer tokenized deposit accounts enabling programmable payments and instant settlement for corporate customers.

Requirements:

  • FDIC insurance on deposits
  • Bank regulatory compliance (capital requirements, liquidity ratios)
  • Customer confidentiality (competitors cannot see balances)
  • Integration with existing banking core systems
  • Programmable payment logic (scheduled payments, conditional releases)
  • Interoperability with other financial institutions

Implementation:

  1. Bank obtains necessary regulatory approvals
  2. Deposits represented as Daml contracts on Canton
  3. Each deposit account = token contract with embedded business rules and compliance requirements
  4. Corporate customers use APIs to create programmable payment instructions that execute automatically when conditions are met
  5. Payments to other banks execute via the Synchronization Domain, enabling instant inter-bank settlement
  6. Intra-bank payments remain private to bank's node
  7. Integration with zerohash’s on/off ramps via ACH, FedWire, and SWIFT provide seamless settlement operations with traditional financial infrastructure

Benefits include:

  • Corporate treasurers automate payment workflows
  • Instant inter-bank settlement vs. T+1 ACH
  • Reduced manual reconciliation (blockchain source of truth)
  • Programmable escrow and conditional payment release
  • Lower operational costs vs. traditional treasury management
  • Enhanced liquidity management with 24/7 visibility

Conclusion

The integration of zerohash's tokenization infrastructure with Canton Network's privacy-preserving architecture provides institutions with a powerful option for use cases requiring selective visibility and confidentiality.

Key Takeaways:

  1. Privacy meets compliance: Canton's selective visibility architecture ensures transaction confidentiality while zerohash's compliance engine meets all regulatory requirements from the GENIUS Act to MiCA.
  2. Atomic settlement without counterparty risk: The Global Synchronizer enables complex multi-party transactions to execute atomically across institutional boundaries, eliminating settlement risk entirely.
  3. Proven infrastructure: zerohash processes billions in transaction volume with zero security breaches, SOC 2 Type II and ISO 27001 certification, and partnerships with major financial institutions.
  4. Programmable compliance: Daml smart contracts embed regulatory rules directly into tokenized assets, ensuring automatic enforcement and audit-ready compliance.
  5. Institutional security: MPC custody, HSM integration, comprehensive insurance, and 99.99% uptime meet the highest institutional standards.

The Path Forward:

For financial institutions seeking to harness the transformative potential of tokenization while maintaining confidentiality, regulatory compliance, and operational excellence, the zerohash and Canton integration provides a comprehensive solution:

  • Banks can issue tokenized deposits enabling 24/7 treasury management for corporate customers
  • Securities registrars can deliver T+0 settlement with atomic delivery-versus-payment
  • Payment providers can offer instant cross-border settlement at <1% cost
  • Enterprises can automate supply chain finance with privacy-preserving smart contracts
  • Asset managers can tokenize alternative investments with embedded compliance

Get started today

Contact zerohash to schedule a consultation and discover how the Canton Network integration can transform your institution's digital asset strategy.

LET'S TALK