Summary
Institutional blockchains (like Jovay Network, Canton, Corda, Arc, Tempo) make a deliberate tradeoff: they sacrifice decentralization, censorship resistance, and permissionlessness to achieve regulatory compliance, deterministic settlement, and enterprise-grade accountability. Jovay (Ant Group / Ant Digital, launched Sep 2025) is the leading case study of an Ethereum-anchored institutional L2 designed for Asia-Pacific regulated finance.
The Core Institutional Tradeoff Table
| Property | Public L2 (Base, Arbitrum) | Institutional L2 (Jovay) |
|---|---|---|
| Sequencer | Decentralizing (Arbitrum BOLD) | Centralized (Ant DT) |
| Proof system | ZK (production) | TEE → ZK roadmap |
| Forced inclusion | Yes (fraud proof path) | No current mechanism |
| MEV protection | Auction-based or FCFS | Deterministic rules; no public mempool |
| KYC/AML | None at protocol layer | ZAN compliance stack |
| Open composability | Full | Controlled (transfer restrictions) |
| Censorship resistance | High | Low (by design) |
| L1 anchoring | Yes (blobs) | Yes (EIP-4844 blobs) |
Jovay Architecture (Case Study)
Use case: Tokenized real-world assets (RWA) for Asian regulated financial institutions. Real examples:
- HK$100M Towngas credit facility backed by tokenized energy infrastructure (Nov 2025)
- Ant Digital tokenization of EV charging network cash flows for institutional investors
Proof system: TEE-based (Intel TDX/SGX attestation) currently; ZK proofs on roadmap. TEE rationale:
- Speed to market (ZK EVM proving = multi-year effort)
- Cost (ZK orders of magnitude more expensive than TEE)
- Institutional familiarity (HSMs, secure enclaves already known to finance)
Risk: Compromised TEE → fraudulent state transitions accepted by L1 (L1 verifies attestation, not mathematical proof). TEE side-channel attacks (Plundervolt, SGAxe, CacheOut) are documented.
Parallel execution: 3-tier pipeline similar to Solana:
- Static dependency analysis → mark parallelizable transactions
- Optimistic concurrent execution → abort + retry on conflicts
- Deterministic canonical ordering maintained
Benchmark: 6–7k TPS single node; 22–30k TPS multi-process; but realistic mixed loads achieve only 240–260 TPS.
Compliance stack:
- ZAN: eKYC, AML screening, KYT real-time risk scoring
- Private PII off-chain; on-chain transaction data public for audit
- DT-TAAS: smart contract templates with embedded transfer restrictions
- ZAN + Jovay together control the MsgOracle consensus (3-of-5, all operated by Ant DT team)
Blob DA: uses EIP-4844 blobs; sustainable throughput ceiling ~7,400–11,100 TPS at target/max blob capacity (with 10:1 compression, 200B/tx)
MEV in Institutional L2s
MEV Elimination by Design
Institutional L2s are explicitly designed to eliminate MEV that is unacceptable to regulated markets:
- No public mempool → no frontrunning/sandwich attacks observable to retail
- Deterministic execution rules → no ordering manipulation by searchers
- Centralized sequencer → sequencer controls ordering (shift from MEV to explicit sequencer policy)
Residual MEV Risks
- Sequencer-owned MEV: the centralized sequencer can exploit its ordering power (no searcher MEV, but sequencer MEV exists)
- Oracle frontrunning: if oracle updates are scheduled and known, sequencer or privileged parties can frontrun them
- Information asymmetry: ZAN compliance gatekeeping creates an information class — who passes KYC first has access advantages
The Censorship/MEV Tradeoff
The elimination of public-mempool MEV (sandwiches, frontrunning) comes at the cost of censorship:
- No forced inclusion mechanism → sequencer can exclude any transaction
- The CROPS property of censorship resistance is explicitly abandoned
- “Accountability is contractual and reputational, not cryptoeconomic”
Competitive Landscape
| Chain | Primary focus | Trust model | Geography |
|---|---|---|---|
| Jovay | Asia-Pacific RWA tokenization | TEE + Ant DT centralized | APAC |
| Canton | US/EU regulated finance (repos, bonds) | DLT consortium | US/EU |
| Arc | Stablecoin-native settlement, USDC gas | Circle stack trust | Global |
| Tempo | Payments-first; stablecoin fees | Permissionless roadmap | Global |
| Corda/Fabric | Private enterprise; no public chain | Fully permissioned | Global |
Jovay’s unique position: Ethereum-anchored + Asia-Pacific regulatory alignment + Ant Group enterprise relationships. Not trying to compete with general-purpose L2s.
Implications for Ethereum Ecosystem
L1 Security Budget
Jovay (and similar institutional L2s) pays L1 blob fees → positive contribution to L1 security budget. However, their compliance requirements make them unlikely to use Ethereum L1’s censorship resistance properties — the value they extract from L1 is settlement finality and auditability, not permissionlessness.
CROPS Mismatch
Institutional L2s like Jovay explicitly reject C (censorship resistance) and partially P (privacy is compliance-controlled, not user-controlled). They use Ethereum’s settlement layer while not embodying Ethereum’s values layer.
This creates a tension in the EEZ / native rollups vision: if native rollups inherit L1 security, do they also inherit L1’s CROPS requirements? The EF’s current position is that L1 enforces these properties at the L1 layer; L2s can choose different tradeoffs.
Open Questions
- When does the Jovay→ZK proof transition happen, and who controls the upgrade governance?
- Can the MsgOracle consensus (currently 100% Ant DT) be decentralized without destroying the compliance model?
- How does liquidity form in a permissioned market without open DeFi composability?
- As institutional volume grows, does Jovay’s managed-service model become a systemic risk?
Related Pages
- The L1–L2 Relationship: Settlement, Differentiation, and Native Rollups — L1-L2 relationship; native rollups vision
- TEEs and Attested TLS — TEE attestation mechanism
- Ethereum”s Values: Zero Option, CROPS, and the Right to Quit — CROPS properties that institutional L2s sacrifice
- Ethereum Economic Zone (EEZ) and Cross-Chain Composability — EEZ vision vs. permissioned L2 reality
Key Sources
- Deep Dive on Permissioned Blockchains: Jovay (Tesa, Flashbots Collective, Mar 20, 2026) — Architecture analysis; compliance stack; competitive landscape; risk assessment