CompressRail docs

Privacy model and boundary

Privacy claims in this space are easy to overstate, so this page states the exact boundary — what the operator can and cannot see, and what CompressRail is not.

What "operator-blind" means, precisely

The operator never sees any participant's economic terms — positions, sensitivities, notionals, or trade details. Two mechanisms enforce this together:

  • Daml stakeholder scoping.The operator is never a signatory or observer on any contract that carries a participant's trade. Canton's projection rules then ensure the operator's node is not even notified of those contracts.
  • Application-layer encryption. Every economic field is written on-ledger only as authenticated-encryption ciphertext plus a hash commitment, and the operator holds no decryption key. This second layer is necessary, not redundant: on Canton, the participant that submits a transaction interprets all of it, so anything stored in cleartext would be visible to whoever submits.

What the operator can see

That a cycle exists, which trades are nominated (by opaque reference), the netting topology (which participant pairs receive replacement trades), the opaque commitments, and each participant's boolean "within tolerance" attestation. It sees no economic magnitudes.

The privacy matrix

Can see…Participant AParticipant BOperatorRegulator (A's)
A's economic termsyesnonoyes (scoped)
B's economic termsnoyesnono
Full cycle plan in cleartextown legs onlyown legs onlynono
Cycle topology and validityown legsown legsyes (no economics)no
Margin released (own)yesyesnoyes (scoped)

This is enforced by Canton and verified by reading each party's own ledger view — not by filtering in the interface. The demo's privacy-matrix scoreboard computes this table live from real per-party projection reads.

What this is not

  • Not topology-hiding. The operator does see cycle topology and which trades are torn up. Hiding that as well requires multi-party computation and is on the roadmap, not in this build.
  • Not zero-knowledge, not fully homomorphic encryption, not MPC.
  • Not a legal-enforceability layer.CompressRail does not make a replacement trade legally enforceable, EMIR/CSA-compliant, or a counterparty creditworthy. Those are questions for the parties' own agreements and legal review.
  • Not custody. CompressRail never takes custody of any asset. It produces compression instructions and records.
  • Not production-grade key management. Key handling in this build is demo-grade, clearly labeled as such. Production key management (KMS/HSM, rotation, external signing) is future work.

Why Canton

The problem needs three properties at the same time, which Canton provides natively:

  • Sub-transaction privacy — a party sees only the contracts it is a stakeholder of.
  • Atomic multi-party composition — one transaction can archive many bilateral trades and create their replacements across many counterparties, all-or-nothing.
  • Selective disclosure — a regulator can be added as a scoped observer without seeing the rest of the graph.

A public chain would expose positions, or hide them behind heavyweight cryptography with no native settlement. A centralized service would reintroduce the trusted operator that is the whole problem.