Privacy Model
Dualis Finance leverages Canton Network's sub-transaction privacy to offer institutional-grade confidentiality that is impossible on transparent blockchains. The protocol provides three configurable privacy levels, allowing participants to balance transparency, regulatory compliance, and competitive confidentiality according to their requirements.
Canton Sub-Transaction Privacy
Unlike Ethereum, Solana, and other public blockchains where every transaction is visible to all network participants, Canton implements privacy at the protocol level through a concept called sub-transaction privacy.
In Canton, a transaction can consist of multiple sub-transactions, and each sub-transaction is only visible to the parties that are directly involved in it. A party that is not a stakeholder in a particular sub-transaction cannot see its contents, cannot infer its existence, and cannot correlate it with other sub-transactions in the same top-level transaction.
This is not an application-layer privacy layer or a zero-knowledge proof system. It is a fundamental property of the Canton ledger model: the synchronization protocol itself ensures that data is only distributed to parties who need it. There is no global state that any node can observe.
Three Privacy Levels
Dualis Finance provides three privacy levels that participants can configure per position or per account. Each level offers a different balance of confidentiality and transparency:
| Level | Position Details | Transaction History | Identity | Analytics Inclusion | Best For |
|---|---|---|---|---|---|
| Standard | Visible to counterparties and protocol | Visible to counterparties and protocol | Pseudonymous (Canton party ID) | Included in aggregate pool statistics | Retail users, public funds, transparent institutions |
| Enhanced | Visible only to direct counterparties | Visible only to the position holder | Shielded party ID with alias | Excluded from granular analytics; included in aggregates only | Hedge funds, asset managers, proprietary trading desks |
| Full | Encrypted; visible only to position holder and settlement engine | Encrypted; visible only to position holder | Fully shielded; no linkable identifier | Excluded from all analytics | Central banks, sovereign wealth funds, sensitive institutional operations |
Standard Privacy
Standard privacy is the default level. Positions and transactions are visible to the protocol and direct counterparties, but not to the broader network. This provides a significant improvement over public blockchains while maintaining enough transparency for regulatory reporting and basic counterparty due diligence.
Enhanced Privacy
Enhanced privacy restricts visibility further. Transaction history is hidden from all parties except the position holder, and the party identity is shielded behind an alias. This prevents other market participants from analyzing trading patterns, inferring position sizes, or front-running large orders.
Full Privacy
Full privacy provides the maximum level of confidentiality. Position details are encrypted and only accessible to the position holder and the settlement engine (which requires access to validate transactions). There is no externally linkable identifier, and the position is excluded from all analytics, including aggregate pool statistics.
Privacy Comparison: Dualis vs. Public Chains
To understand the significance of Canton's privacy model, consider how Dualis compares to lending protocols on public blockchains:
| Privacy Aspect | Ethereum / Solana (Aave, Compound) | Dualis on Canton |
|---|---|---|
| Transaction visibility | Every transaction visible to all nodes and block explorers | Transactions visible only to involved parties |
| Position sizes | Anyone can query any address's supply, borrow, and collateral | Position details visible only per privacy level |
| Liquidation exposure | Health factors publicly observable; MEV bots compete to liquidate | Health factors private; liquidation executed by authorized bots only |
| Trading patterns | Full on-chain history enables pattern analysis and front-running | Transaction history shielded at Enhanced and Full levels |
| Identity linkage | Wallet addresses linkable through on-chain analysis | Party IDs shielded; no cross-transaction linkability at Full level |
| Regulatory access | Open access (no special mechanism needed) | Governed disclosure through Canton divulgence |
Why Institutions Need Privacy
Privacy is not merely a preference for institutional participants — it is a regulatory and competitive requirement:
- Fiduciary duty: Asset managers and fund administrators have a legal obligation to protect client portfolio information. Public blockchains make this impossible, which is a primary reason institutional adoption of DeFi has been limited.
- Market impact: When a large institution's positions are publicly visible, other market participants can front-run their trades, copy their strategies, or deliberately move prices against them. This creates direct financial harm.
- Competitive intelligence: In securities lending and institutional borrowing, the terms and sizes of positions represent valuable competitive information. Public exposure of this data undermines negotiating leverage.
- Regulatory compliance: Regulations such as MiFID II, GDPR, and banking secrecy laws in various jurisdictions require that client financial data be kept confidential. A blockchain that exposes this data by design is incompatible with these requirements.
- MEV protection: On public chains, Maximal Extractable Value (MEV) bots extract value from ordinary users by reordering, inserting, or censoring transactions. Canton's privacy model eliminates this attack vector entirely because pending transactions are not visible to third parties.