The Canton Network is built on a sophisticated technical architecture designed to solve the unique challenges of institutional finance. This article explains the core technologies that power the network, including the Daml smart contract language, the Canton protocol, and the synchronizer architecture.

Architecture Overview

Canton Network operates as a "network of networks" - a fundamentally different architecture from traditional blockchains. Instead of a single global ledger that all participants must agree on, Canton uses a distributed architecture where:

• Each participant maintains their own private ledger containing only the data relevant to them
• Synchronizers (also called domains) coordinate transactions between participants
• The Global Synchronizer enables interoperability across the entire network
• Daml smart contracts define the business logic and authorization rules

This architecture provides several key benefits:

Daml Smart Contract Language

Daml (Digital Asset Modeling Language) is an open-source smart contract language specifically designed for building distributed applications in regulated industries. Unlike general-purpose smart contract languages like Solidity, Daml was built from the ground up with privacy, authorization, and composability as core features.

Key Features

Daml provides several features that make it uniquely suited for financial applications:

Functional Programming

Daml is based on functional programming principles, similar to Haskell. This makes contracts easier to reason about and test, reducing the risk of bugs that could lead to financial losses.

Strong Type System

Daml's type system catches many errors at compile time rather than runtime. This is crucial for financial applications where bugs can be extremely costly.

Built-in Authorization

Every Daml contract explicitly defines who can do what. The language enforces these rules automatically, preventing unauthorized actions.

Privacy by Design

Daml contracts specify exactly which parties can see which data. The runtime enforces these privacy rules, ensuring that sensitive information is never leaked.

Formal Verification

Daml supports formal verification, allowing developers to mathematically prove that their contracts behave correctly under all circumstances.

Contract Model

Daml uses a unique contract model based on the concept of active contracts:

• Contracts are immutable records that represent agreements or assets
• Choices are actions that can be performed on contracts by authorized parties
• When a choice is exercised, the original contract is archived and new contracts may be created
• This creates an append-only ledger where the current state is the set of all active (non-archived) contracts

A simple Daml contract example (conceptual):

template Asset
  with
    owner: Party
    issuer: Party
    amount: Decimal
  where
    signatory issuer
    observer owner

    choice Transfer : ContractId Asset
      with newOwner: Party
      controller owner
      do
        create this with owner = newOwner

In this example, an Asset contract has an owner and issuer. The owner can transfer the asset to a new owner by exercising the Transfer choice. The signatory (issuer) must have agreed to the original contract, and the observer (owner) can see the contract.

Privacy Model

Daml's privacy model is based on the principle of need-to-know:

• Signatories - Parties who must authorize the creation of a contract. They always see the contract.
• Observers - Parties who can see the contract but didn't need to authorize it.
• Controllers - Parties who can exercise specific choices on a contract.

When a transaction occurs, only the parties who are signatories, observers, or controllers of the affected contracts learn about it. Other parties on the network see nothing.

Canton Protocol

The Canton Protocol is the interoperability layer that enables different Daml applications to communicate and transact with each other. It implements Daml's authorization and privacy models in a distributed setting.

Key aspects of the Canton Protocol:

Virtual Global Ledger

Canton creates the illusion of a single global ledger while actually distributing data across many participants. Each participant only stores the data they're entitled to see, but the protocol ensures consistency.

Atomic Transactions

Transactions in Canton are atomic - they either complete fully or not at all. This is crucial for financial applications where partial execution could lead to inconsistent states.

Sub-Transaction Privacy

Even within a single transaction, different parties may see different parts. For example, in a delivery-versus-payment transaction, the buyer might see the payment details while the seller sees the delivery details, but neither sees the other's private information.

Synchronizers (Domains)

Synchronizers (previously called "domains") are the coordination layer in Canton. They are responsible for:

• Ordering transactions - Ensuring all participants see transactions in the same order
• Providing timestamps - Giving transactions a definitive time
• Mediating conflicts - Resolving situations where multiple transactions try to use the same contract

Importantly, synchronizers do not see the content of transactions. They only see encrypted messages and metadata needed for coordination. This means even the infrastructure operators cannot access private transaction data.

Types of Synchronizers

Global Synchronizer

The Global Synchronizer is the primary public synchronizer that enables interoperability across the entire Canton Network. It is operated by a decentralized set of validators and governed by the Canton Foundation.

Key characteristics:

• Decentralized operation - Run by 600+ validators including 30 super validators
• Permissionless access - Any application can connect (subject to compliance requirements)
• High availability - Designed for 24/7 operation with no downtime
• Privacy preserving - Validators cannot see transaction contents

Privacy Architecture

Privacy is a fundamental design principle of Canton, not an afterthought. The network implements multiple layers of privacy protection:

Data Minimization

Each participant only receives the data they need. There is no global state that everyone must download and store.

Encryption

All communication between participants is encrypted. Synchronizers only see encrypted payloads.

Selective Disclosure

Parties can choose to reveal specific information to specific counterparties without exposing it to others.

Regulatory Compliance

The privacy model is designed to be compatible with regulations like GDPR. Data can be deleted when no longer needed, and access can be controlled based on jurisdiction.

Consensus Mechanism

Canton uses a unique consensus approach that differs from traditional blockchain consensus:

• No global consensus - There is no need for all participants to agree on all transactions
• Local consensus - Only parties involved in a transaction need to reach agreement
• Synchronizer-mediated - Synchronizers provide ordering and conflict resolution
• BFT-based - Byzantine Fault Tolerant protocols ensure security even if some validators are malicious

This approach provides several advantages:

• Higher throughput - No bottleneck from global consensus
• Lower latency - Transactions confirm quickly
• Better privacy - Validators don't need to see transaction contents
• Horizontal scaling - Adding more synchronizers increases capacity

Scalability

Canton is designed to scale to meet the demands of global financial markets:

Horizontal Scaling

The network can scale by adding more synchronizers. Each synchronizer handles a subset of transactions, so total capacity grows linearly with the number of synchronizers.

Parallel Processing

Transactions that don't conflict can be processed in parallel, maximizing throughput.

Efficient Storage

Participants only store data relevant to them, reducing storage requirements compared to blockchains where everyone stores everything.