This queries the Canton JSON API four times — once per party — to show exactly what each party is authorized to see
Data Visibility Matrix
This matrix shows the theoretical visibility of each data field per party, enforced by Canton's privacy model.
| Data Field | 👔Seller | 🏭Bidder A | 🏗️Bidder B | 🔍Auditor |
|---|---|---|---|---|
| Auction ID | ||||
| Item Description | ||||
| Scoring Weights | ||||
| All Bid Values | ||||
| Own Bid | ||||
| Score Breakdown | ||||
| Winner Identity | ||||
| Award Proof | ||||
| Losing Bid Values | ||||
| Reputation Data | ||||
| Escrow Details | ||||
| Dispute Evidence |
Live Party Views
Seller
Auction creator — sees everything about their own auction, all bids, and full scores
Bidder A
Submitted bid — sees only own bid and limited auction info; blind to other bids
Bidder B
Submitted bid — sees only own bid; cannot infer anything about Bidder A
Auditor
Neutral observer — can verify commitments and timeline but not see bid details
How Canton Privacy Works
Party-Based Visibility
In Canton, every contract has a set of stakeholders — parties who can see the contract. When a bidder submits a sealed bid, the contract is only visible to the bidder and the seller. Other bidders literally cannot query for it.
Sub-transaction Privacy
Even within a single transaction, Canton shows each party only the parts they're authorized to see. The scoring computation is visible only to the seller. The award proof is crafted to share criteria without revealing actual values.
Auditable Without Leaking
The Auditor party can verify that events happened and that the timeline is consistent, but cannot see the actual bid values. Combined with Hedera commitments, this gives public verifiability with private execution.