Canton has started a battle: its goal is to stifle Ethereum's institutional path.

Article by: Thejaswini MA

Article compiled by: Block unicorn

Foreword

What happens when a company shifts from defense to offense, changes its posture, and refines its rhetoric?

We know this because Microsoft has claimed for years that it has no hostility towards Linux. Yet, it has started appearing at government procurement meetings, giving security briefings, and explaining why open-source software could pose a threat to national infrastructure. Google also claimed to publishers that it had been simply compiling information for a decade. Yet, it began funding research that found paywalls to the news to be harmful to democracy. The former "we built something different" has become "what they built is dangerous." If you are good enough and have the right connections, you don't even need to be technically superior. You just need to make sure that the people who ultimately decide the direction of technology are those who trust you more than your competitors.

Canton is doing just that now. Meanwhile, the cryptocurrency industry is largely excluded from the discussion.

In January of this year, I pointed out that Canton chose efficiency over freedom, and institutions chose Canton as well. The argument at the time was that Canton and Ethereum targeted different audiences and solved different problems. This argument was correct then. However, since then, Canton's development direction has changed.

Canton's founders have been articulating to buyers and regulators in public and closed-door meetings that zero-knowledge proofs (ZKP) pose an unacceptable risk to mission-critical financial systems. I believe this is a regulatory stance advocacy campaign running concurrently with a funding round that attracted major investors such as Goldman Sachs, Citadel, DRW, Circle, Paxos, and Polychain. JPM Coin launched on Canton in January. Visa joined as a super validator in March. On March 27, LayerZero became the first interoperability protocol to run directly on Canton, enabling institutions to route tokenized assets across more than 165 public blockchains. The fully diluted value of the $CC token is $5 billion.

These are not the main points. What I want to talk about is how Canton is now trying to control the range of technologies that banks can use. So far, Canton is the only company discussing this.

Arguments against ZK

Canton's argument is roughly as follows: Zero-knowledge proof vulnerabilities may be difficult to detect because the underlying data is private. If such vulnerabilities spread silently without audit trails or accountability mechanisms, they can constitute a fatal flaw.

They pointed to a real-world example. On April 16, 2025, Solana patched a zero-day vulnerability in its zero-knowledge proof (ZKP)-based "confidential transfers" feature. This vulnerability could have allowed attackers to mint an unlimited number of tokens. It is currently unclear whether this vulnerability has been exploited.

The person who raised this argument is Shaul Kfir, co-founder and COO of Canton, and also a co-author of libsnark, a C++ library for creating zk-SNARK proofs. Is he denying a technology he doesn't understand? Unlikely.

His argument is that when zero-knowledge proofs fail, no one will notice. Data remains private, errors are hidden, and by the time someone notices the problem, the damage has already spread. For regulators, whose responsibility is to prove banks aren't laundering money, a system that "trusts math" is unsatisfactory. They need to review the records.

In Canton's model, the only entity that can view these records in real time is the super validator, which is the same organization that would become a single point of failure if the key were compromised.

In Canton's model, the only entity that can view these records in real time is the super validator, and if the keys of these institutions are leaked, they will become the only point of failure.

This argument doesn't need to be flawless to be effective. It just needs to sound plausible enough to appeal to those who are already skeptical of cryptocurrencies. For those who have built their careers on paper records and audit logs, the evidence becomes worthless in the event of a serious vulnerability in cryptocurrency. You don't need to win the technical debate, but you still need to make the other side feel that the alternative is very risky.

Where is the problem?

ZKsync co-founder Alex Gluchowski publicly responded to this view last week. He stated that Canton's logic is too extreme. If a technology has vulnerabilities that could have catastrophic consequences, then we should never use it. Following this logic, we should have grounded all commercial flights and stopped building any aircraft back in the 1970s. Fly-by-wire systems have vulnerabilities, engine controllers have vulnerabilities, and autopilot software has experienced malfunctions that resulted in injuries and fatalities. But we haven't stopped flying. The aircraft we build are equipped with multiple independent systems so that when one system fails, another can detect and fix it in time, preventing crashes.

Has Canton addressed what happens if carrier keys are compromised? Currently, there's no backup system or second layer of security to check for leaks. Trusted carriers are the only line of defense. If this line of defense fails, damage can spread silently throughout the network, unchecked. By Canton's own standards, this architecture should truly be a cause for concern for regulators.

The solution to technological deficiencies is never to find an absolutely reliable technology, but to build systems that can anticipate failures and ultimately survive. The safety of a nuclear reactor doesn't stem from its software never crashing, but from the fact that if one component fails, five other components must fail simultaneously for a disaster to occur. The same applies to pacemakers and commercial aircraft. Their engineering principles lie in redundancy and isolation. Multiple independent system layers are built, ensuring that if one layer fails, another can compensate in time. Simultaneously, system design should ensure that, in the event of a failure, the damage can be contained within the system and not spread to all connected components.

Glokhovsky conducted the same tests on Canton's own architecture. Canton's privacy and integrity model relies on a single mechanism: a trusted operator isolates data among participants. This model lacks a cryptographic verification layer or independent inspection mechanism. If an operator's key is compromised, the tampered state will silently propagate through the opaque UTXO chain without any monitoring. According to Canton's own logic (a single point of failure with potentially disastrous consequences), this is the kind of architecture that regulators should be concerned about.

ZK vulnerabilities and Solana zero-day vulnerabilities are real problems. However, addressing faulty components shouldn't be about replacing them with another single point of failure disguised as an institutional one. The correct approach is to build multiple independent defense systems, limiting the attack scope through design, and conducting adversarial stress tests resulting from a decade of public scrutiny. The EVM we see today is the result of over a decade of continuous adversarial testing by the world's most sophisticated attackers, costing hundreds of billions of dollars. Every maturity question Canton raised regarding ZKP also applies to DAML, but the available mitigation measures are far fewer.

These approaches do not end the debate, but they redefine its focus. One institutional risk management approach argues, in situations where regulations are being developed, that it should be the only permitted method.

Canton's argument completely ignores a crucial point. Zero-knowledge technology doesn't have a fixed level of risk; rather, it becomes more secure as more people participate in verification. Its core mechanism lies in the fact that zero-knowledge proofs allow people to prove a statement is true without revealing the underlying data. Verifiers examine the proof itself, not the data. The more independent verifiers verify the same proof system, the harder it is to detect any vulnerabilities or tampering. In 2025, Nethermind formally verified the correctness of an on-chain zero-knowledge verifier using EasyCrypt, completing the first such formal proof in a real-time zero-knowledge system. This demonstrates that adversarial scrutiny of open systems can produce significantly stronger results over time.

Canton's model is the opposite. Trust concentrated on a few approved operators has varying cumulative effects. A closed system comprised of approved validators has a limited capacity to withstand scrutiny. Who has the authority to validate is not a trivial matter in security debates. As the validator network grows, open zero-knowledge-sharing (ZK) systems become harder to break. The strength—and vulnerability— of permissioned trust models depends on their weakest operator. A systematic analysis of known attacks in 2024 found that approximately 96% of documented circuit-layer vulnerabilities in ZK systems were caused by poorly constrained circuits, and open adversarial testing is designed to discover and eliminate such vulnerabilities. The vulnerabilities Canton points out are real. An open ecosystem is the mechanism for discovering and fixing these vulnerabilities. Keeping the ecosystem closed does not make vulnerabilities disappear; it only reduces the number of people paying attention to them.

Canton is no longer sticking to the old ways.

To reiterate what I said earlier, Canton is positioned as a parallel system that solves different problems for different user groups, rather than competing with Ethereum for the same market.

LayerZero integration changes this landscape. It enables Canton's traditional financial institutions to route tokenized securities, digital bonds, and stocks across more than 165 public blockchains while meeting compliance and confidentiality requirements. Investors can now use stablecoins on external public chains to purchase tokenized real-world assets developed natively by Canton. Canton's native tokenization tools can then be traded on secondary markets within other ecosystems.

LayerZero Labs CEO Bryan Pellegrino stated, "Canton has already built the infrastructure for traditional finance, processing over $350 billion in U.S. Treasury repurchase transactions daily. LayerZero's mission is to ensure that these assets can circulate across all markets and all blockchains globally."

Canton is venturing into cryptocurrency liquidity pools, not distancing itself from them. This has created a tension. Canton's founders are holding closed-door consultations with regulators who believe zero-knowledge proofs are too dangerous for institutional finance. Meanwhile, Canton-based assets are flowing into a public blockchain ecosystem through LayerZero, where zero-knowledge proofs form the foundation of a critical infrastructure. This includes products positioned as institutional alternatives to Canton.

What does this mean in practice? A bank holds tokenized U.S. Treasury bonds on Canton. Through LayerZero, these bonds can now be transferred to Ethereum or Arbitrum, where they can be used as collateral on Aave, lent out on Ondo, or used as underlying assets for DeFi lending protocols. The tool remains institutional-grade and compliant on Canton's track. The liquidity it gains is crypto-native. Ondo Finance has already implemented similar functionality using LayerZero. Its tokenized Treasury bond product, USDY, runs on four blockchains and has a total value locked (TVL) of $700 million, which can be used as collateral for DeFi. Canton can now directly enter the same ecosystem. Banks gain yield and composability. DeFi gains institutional collateral. And Canton can argue to regulators that zero-knowledge proofs (ZKPro) are too dangerous, while its assets can flow freely on the blockchains running on it.

If the goal is regulatory capture, then leveraging cryptocurrency infrastructure while simultaneously arguing with regulators that the underlying privacy technologies of cryptocurrencies pose a systemic threat is a coherent strategy, not a contradiction. You could say that because the zero-knowledge camp has not yet organized a response of equal scale.

As of last week, the most notable contribution from the ZK camp in the regulatory discussions was Grouchovsky's post. It was indeed a good post. Canton has lawyers involved in these meetings. Goldman Sachs's connections. For a decade, they've been working to build trust with regulators, whose approvals determine what a systemically important bank can operate.

What risks does Ethereum face?

This is not an abstract concept for anyone who holds Ethereum or is interested in the direction of institutional tokenization.

If Canton wins the regulatory battle—that is, if zero-knowledge proofs are classified as too risky, too obscure, too novel, and not in line with the regulatory framework for systemically important institutions—then Ethereum's path to institutional settlement will be closed before it is fully open. The $100 trillion tokenization opportunity mentioned by Larry Fink in his annual letter will continue to rely on permissioned payment methods. Ethereum can settle decentralized finance (DeFi). While this is important, it is not a global financial settlement layer.

If the zero-knowledge (ZK) camp wins—that is, if zkSync's Prividium and emerging institutional-grade zero-knowledge infrastructures receive regulatory approval simultaneously with or even earlier than Canton's model—the landscape will shift dramatically. Blockchains that support decentralized finance (DeFi) will begin to support institutional tokenization. Ethereum's position in the financial system will be elevated. Assets that previously seemed marginalized at the institutional level will ultimately become the cornerstone of institutional life.

Visa has just joined Canton as a super authenticator node. DTCC is moving towards production. Broadridge already processes hundreds of billions of dollars in transactions daily on the Canton platform. Institutions participating in the testing include Goldman Sachs, BNP Paribas, Tradeweb, and Citadel Securities. The flywheel of institutional payments is spinning, and has been spinning long enough to generate real momentum.

In January of this year, I stated that Canton's goal was not to replace Ethereum. That remains unchanged. Its goal is more explicit and effective than simply replacing Ethereum. Its goal is to ensure that Ethereum never has a chance to compete in the same market. This is not achieved by developing a better product, but by gaining early certification. It's about obtaining certification before regulators intervene in the technology and using that as a framework to establish evaluation standards for all subsequent related technologies.

Cryptocurrencies have always competed on visible metrics such as Total Value Locked (TVL), transaction fees, number of users, trading volume, and token price. Canton, however, has never competed on these metrics. It is based on trust, which is intangible, slowly accumulated, and virtually impossible to replicate once owned by someone else.

Interestingly, zero-knowledge proofs were invented precisely to solve the problem Canton was exploiting. If mathematics can prove something without showing the results, you don't have to trust anyone. Canton's argument is that mathematics itself is untrustworthy. Therefore, institutions should be trusted. The one ultimately named as the risk winner.