I came to blockchain skeptically — and I think that skepticism is why I ended up in the right place.
In early 2023, some friends were working on a cross-chain DeFi protocol. They kept telling me the engineering was interesting. I kept telling them it sounded like a scam. So I did what any engineer would do: I started investigating. I spent the better part of a year reading whitepapers, auditing protocol architecture, and leveling up my understanding of the cryptographic primitives — threshold signatures, multi-party computation, cross-chain bridge security. I was simultaneously doing defense and security work, building systems for high-security DoD environments, which gave me a particular lens on what “trustworthy infrastructure” actually means.
By mid-2024, I’d satisfied myself that the protocol was legitimate and the engineering was genuinely compelling. I joined the team.
The cryptography was as interesting as advertised. I got deep into the protocol’s threshold signature stack — GG20-based MPC key generation, distributed signing ceremonies, cross-chain custody without a centralized custodian. The engineering challenges were hard in ways that kept me engaged.
But things quickly got complicated.
In early 2025, a major exchange hack sent shockwaves through the DeFi ecosystem. The money laundering that followed (and the organizational response to it) raised serious questions about how the infrastructure I was helping build was being used. I had to step away from the team.
I continued providing code and security review to the broader protocol, but this experience sharpened my thinking about complicity and infrastructure. Once the team addressed those specific concerns, I came back. I specifically targeted building out DKLS23-based threshold signature systems for a new project. That’s where I went from understanding TSS academically to shipping it in production, and it’s what I wrote about on this blog.
As the protocol itself continued to evolve they elected to integrate privacy chain support. I’d explained earlier this would be a line I wouldn’t cross, so I was forced to step away from that too.
Two departures, two different ethical lines. Both pointed in the same direction: I needed to be building infrastructure whose purpose I could defend without caveats.
The Values Problem
The technical work was excellent. Threshold signatures, multi-party computation, cross-chain bridge security — these are problems with real cryptographic depth.
But the systems those tools served? An honest assessment is more complicated.
Most of the value flowing through public crypto infrastructure is speculative. DeFi protocols trade tokens whose prices reflect sentiment more than utility. NFT markets peaked and collapsed. The “real-world asset” narrative that’s now driving institutional interest was, for years, a slide in pitch decks rather than a product in production.
I don’t say this to dismiss the entire space. I know developers building meaningful infrastructure on public chains. But after working on custody systems whose primary use cases were either enabling leveraged speculation on volatile tokens or implicitly enabling illicit activity, I wanted to build on something where the technology’s purpose was clearer.
What Canton Gets Right
It was a colleague on my previous team who introduced me to Canton. I was skeptical. “Enterprise blockchain” has a deserved reputation as vaporware. The IBM Hyperledger era produced a lot of press releases and very few production systems.
Canton earned my attention through specifics rather than promises.
The privacy architecture is structural, not cosmetic. I covered this in the first post in this series, but it bears repeating in context. Canton’s sub-transaction privacy is the foundation, not an incidental feature. Every transaction decomposes into sub-transactions visible only to the parties whose rights or obligations are affected. Validators confirm validity without learning contents.
This matters because it’s the reason regulated institutions can actually use the network. The privacy model is designed from first principles to satisfy the requirements that financial regulators impose.
The smart contract model eliminates entire categories of bugs. Daml’s declarative approach to contract modeling — signatory authorization, controller-based choice execution, atomic lifecycle management — means you don’t ship reentrancy vulnerabilities, integer overflows, or the state management bugs that have cost the Solidity ecosystem billions. I walked through the technical comparison last week.
Coming from a security background1I write the Security Corner column for PHP Architect, and I’ve built cryptographic systems for DARPA-funded projects the reduction in attack surface isn’t a minor point. It’s the difference between a system I’d trust with production financial data and one I wouldn’t.
The participants have real operational stakes. Goldman Sachs, Deutsche Börse, Visa, DTCC, BNP Paribas — these aren’t companies running a blockchain experiment. They’re building production infrastructure for tokenized securities, cross-institutional settlement, and collateral management. When DTCC announces it’s tokenizing U.S. Treasury securities on Canton, that’s not a testnet demo. This is the organization that clears virtually all U.S. securities transactions committing to the platform.
Building Here
I joined a Canton Network-focused infrastructure company as a founding engineer. We build the systems that help institutions operate on Canton — payment infrastructure, validator operations, coordination protocols. The plumbing that other systems depend on.
The work is the kind of engineering I find most rewarding. It’s similar in character to the defense and security systems I built before coming to crypto, and to the ML infrastructure I built earlier in my career that scaled through a public offering. Complex systems with real operational consequences, where getting the engineering right isn’t a nice-to-have.
What I appreciate most about working in the Canton ecosystem is that the conversations are different. Nobody asks me when the token will moon. The discussions are about settlement finality, regulatory compliance, multi-party workflow modeling, and how to express complex authorization logic in a type-safe language. The developers I interact with come from financial infrastructure, enterprise systems engineering, and formal methods backgrounds. The problems are hard in a satisfying way.
Two Lanes
I’m building in two parallel lanes, and the relationship between them is deliberate.
Through my day-to-day role, I work on institutional Canton infrastructure — the kind of systems that financial institutions need to participate in the network at a production level.
Through my own consulting company2Displace Technologies I build open-source developer tooling (Cantool, which I introduced on Monday) and commercial infrastructure products for the Canton ecosystem.
The two lanes are complementary. Both strengthen an ecosystem that’s still early enough for individual contributors to have a meaningful impact.
I’ll have more to share about Cantool’s roadmap and Displace’s broader vision in the coming weeks — stay tuned.
- 1I write the Security Corner column for PHP Architect, and I’ve built cryptographic systems for DARPA-funded projects
- 2