System Overview

Architecture at a Glance

The CBTC system bridges the Bitcoin Layer‑1 UTXO model to Canton’s Daml‑based smart‑contract network. The system operates through a coordinated, decentralized process to ensure every Bitcoin deposit is securely verified before minting CBTC.

The bridge architecture consists of:

Bitcoin Layer – Bitcoin transactions are monitored and verified with required confirmations (currently 6)
Attestor Network – A decentralized network of Attestors monitor and manage Bitcoin deposit/withdrawal transactions, and translate those actions via a governance module on Canton to validate and execute actions
Canton Asset Layer – Daml contracts that mint and burn CBTC tokens, but only after a threshold of Attestor nodes contribute their Canton signatures to the contract execution. No CBTC can be minted or burned without this decentralized approval process.

Core Actors & Roles

Actor

Responsibilities

Coordinator

Executes periodic checks every 60-120 seconds, monitors deposit accounts, constructs Bitcoin transactions, and submits governance actions

Attestors

Independent nodes that verify deposits/withdrawals and submit confirmations via Canton's governance module. Every important action requires group approval

Minter

Create deposit accounts, send Bitcoin to generated addresses, initiate withdrawals, and hold CBTC tokens

Trust & Threat Model

The CBTC system relies on a decentralized network of Attestors who must coordinate via a governance module on Canton to validate and execute actions, and a group threshold signing process on the Bitcoin L1. Every important action requires group approval. This shared decision-making keeps CBTC decentralized, reliable, and secure.

Because Canton provides deterministic finality, once a mint or burn is executed its state transition is irrevocably committed, removing the roll‑back risk that probabilistic Layer‑1s face.

This ensures that no single party, including the Coordinator, can unilaterally mint CBTC or withdraw Bitcoin.

On-Ledger Governance Flow

The CBTC system relies on a decentralized network of Attestors who must coordinate via a governance module on Canton to validate and execute actions.

The governance process works as follows:

For actions like ConfirmDepositAction (for minting) or ArchiveWithdrawRequest (for withdrawal finalization), each Attestor must submit their confirmation signature independently
Each attestor member submits its signed confirmation message, and once a threshold of signatures has been reached on the contract, the Coordinator executes the action

Credentials & Permissioning in Canton

For CBTC there are two primary credentials:

Minter Credential — Grants the right to request deposit addresses and invoke the CBTC.Issuance mint choice
Holder Credential — Lets an institution receive, hold, transfer, and burn CBTC

PreviousCBTC NextUser Flow

Last updated 1 month ago