System Overview
Architecture at a Glance
The CBTC system bridges the Bitcoin Layer‑1 UTXO model to Canton’s Daml‑based smart‑contract network. It operates through a coordinated, decentralized process to ensure every Bitcoin deposit is securely verified before minting CBTC
The bridge architecture consists of:
Bitcoin Layer - Bitcoin transactions are monitored and verified with required confirmations (currently 6)
Attestor Network - A decentralized network of Attestors monitor and manage Bitcoin deposit/withdrawal transactions, and translate them via a governance module on Canton to validate and execute actions
Canton Asset Layer - Daml contracts that mint and burn CBTC tokens, but only after a threshold of Attestor nodes contribute their Canton signatures to the contract execution. No CBTC can be minted or burned without this decentralized approval process For the full technical specification, see the CBTC Token Standard Info
Core Actors & Roles
Actor
Responsibilities
Coordinator
Executes periodic checks every 60-120 seconds, monitors deposit accounts, constructs Bitcoin transactions, and submits governance actions
Attestors
Independent nodes that verify deposits/withdrawals and submit confirmations via Canton's governance module. Every important action requires group approval
Minter
Create deposit accounts, send Bitcoin to generated addresses, initiate withdrawals, and hold CBTC tokens
Trust & Threat Model
The CBTC system relies on a decentralized network of Attestors who must coordinate via a governance module on Canton to validate and execute actions, and a group threshold signing process on the Bitcoin L1. Every important action requires group approval. This shared decision-making keeps CBTC decentralized, reliable, and secure
Because Canton provides deterministic finalityarrow-up-right, once a mint or burn is executed its state transition is irrevocably committed, removing the roll‑back risk that probabilistic Layer‑1s face
This ensures that no single party, including the Coordinator, can unilaterally mint CBTC or withdraw Bitcoin
On-Ledger Governance Flow
The CBTC system relies on a decentralized network of Attestors who must coordinate via a governance module on Canton to validate and execute actions.
The governance process works as follows:
For actions like ConfirmDepositAction (for minting) or ArchiveWithdrawRequest (for withdrawal finalization), each Attestor must submit their confirmation signature independently
Each attestor member submits its signed confirmation message, and once a threshold of signatures has been reached on the contract, the Coordinator executes the action
Last updated