Arc, Canton, and Tempo: The Same Privacy Principle, Two Opposite Architectures, and Nine Years of Evidence

The transparency that makes public blockchains trustworthy is the same property that makes them commercially unusable. A trading firm whose positions are visible before a transaction settles, or a bank whose payroll flows appear on a public block explorer, has no practical path to shared financial infrastructure.

Three purpose-built institutional blockchains have attracted over a billion dollars in capital on the argument that privacy, engineered into the architecture from the start, resolves that problem. The question those raises leave open is which kind of privacy.

Circle disclosed a $222 million presale for Arc at a $3 billion fully diluted valuation on May 11, backed by a16z, BlackRock, Apollo, and Intercontinental Exchange. The same day, Bloomberg reported that Digital Asset, the company behind Canton Network, is seeking approximately $300 million at a $2 billion valuation in a round led by a16z, with the deal not yet closed.

Stripe's Tempo, which raised $500 million at a $5 billion valuation in late 2025 with design input from Deutsche Bank, Revolut, Visa, and OpenAI, had already established the direction. All three name privacy as the design principle separating them from Ethereum and Solana, and Arc and Canton have not built the same version of it.

Two definitions of the same principle

Canton encodes privacy at the protocol and smart contract level. Participants in a transaction see only the data relevant to their role: the bank processing the payment leg of a settlement sees the cash movement, and the securities registrar sees the asset transfer, with neither party seeing the other's portion.

Privacy on Canton is the default condition, enforced by the network's architecture before any operator configures anything. Canton Network processes over $100 billion in daily repo flows across its institutional participants, including Goldman Sachs and JPMorgan's Kinexys division, all transacting on that default-private model.

Arc's architecture works from a different premise. Privacy on Arc is opt-in: businesses can selectively shield transaction details through configurable controls, with wallet addresses remaining visible by default. Arc's documentation describes this as configurable privacy that preserves auditability while giving institutions control over what they disclose. The configuration decision sits with the operator, applied workflow by workflow, rather than being set at the protocol layer.

The behavioral consequence of that architectural difference has already been measured. As The Bright Minded documented in its analysis of Zcash's nine-year adoption record, Zcash launched in 2016 with zero-knowledge cryptography built into the protocol and shielded transactions available from day one. Across most of the coin's history, around 80% of holders transacted on the public ledger anyway, despite having access to one of the most advanced financial privacy systems ever built. The technology was available and the behavioral outcome was determined by which option the product presented first.

What changing the default produced

The shift in the Zcash record came in early 2026, when ZODL, an independent wallet team, changed its default routing so that transactions went through the shielded pool automatically. Shielded fintech transactions rose to 59.3% of all Zcash activity within months, with no change to the underlying cryptography. The privacy feature that most users had not used for nine years became the condition most transactions operated under, because the product stopped requiring users to choose it. Privacy as a default and privacy as an option produced categorically different outcomes from identical technology.

The reasonable counterargument for Arc's design is that institutional operators behave differently from individual retail holders. Compliance teams and engineering departments implementing defined configurations for specific financial workflows may actively configure privacy wherever their business requires it, producing an outcome that looks less like the Zcash consumer opt-in gap and more like a deliberate, workflow-level privacy architecture.

That argument is available to Arc's designers, and it may prove correct at institutional scale. Canton's design removes the question entirely. Privacy is the condition of participation on Canton, and the DTCC's planned tokenization of DTC-custodied Treasuries on Canton's infrastructure in 2026 is being built on that foundation.

The institutional blockchain industry is raising and seeking over a billion dollars in capital across two architecturally opposite answers to the question Zcash spent nine years answering through its own adoption data: whether privacy should be the default, or whether offering it as a choice is enough.

Editor's note

Every piece published on The Bright Minded goes through careful verification, but mistakes can happen. If you spot an error, have additional information, or want to flag anything, write to rosalia@thebrightminded.com.