MetaChain 元链 Whitepaper

MetaChain

元链

A peer-to-peer network security system

Whitepaper

Abstract

MetaChain is a peer-to-peer network security system dedicated to safeguarding personal data, enabling free information sharing, and offering a blockchain-driven integrated network security solution. It provides true internet freedom, enhances security, and ensures a seamless user experience, ultimately establishing a free and secure platform for global network resource sharing. MetaChainVPN, designed specifically for cryptocurrency enthusiasts, is the first exclusive cryptocurrency VPN created by MetaChain. It boasts multiple high-quality global dedicated lines, protecting blockchain enthusiasts from network and geographical restrictions while providing fast and stable access to the world of blockchain. MetaChainVPN was launched in March 2022 and underwent product upgrades, culminating in version 2.0 in August 2023. MetaChainVPN employs a cloud mining model that connects and mines, eliminating centralized servers. Through a peer-to-peer approach, it ensures user anonymity and security within the decentralized world. MetaChain Accelerator features multiple high-quality global dedicated lines, guaranteeing users unrestricted bandwidth and high-speed, stable global network access. MC, the native token of MetaChain, allows users to mine while using the VPN. The mined MC serves as MetaChain's native digital token, functioning as a medium for free trading scenarios and supporting the extensive and promising shared network ecosystem. MC continues to exist as a proof-of-work incentive for users to share idle network and storage resources within MetaChain VPN and future dVPN offerings. Additionally, MetaChain will continuously invest the commercial value of the shared network ecosystem into the MC system, building a sustainable ecosystem.

Table of Contents

- Abstract

- 1. Background

  - 1.1 Existing Network Transmission

  - 1.2 Network Security

  - 1.3 Current State of the VPN Industry

- 2. Project Overview

  - 2.1 Project Vision

  - 2.2 Peer-to-Peer Decentralized Network

  - 2.3 VPN and DVPN

  - 2.4 MetaChain's Web3.0 Ecosystem and Applications

- 3. Technical Architecture

- 4. Consensus Mechanisms

  - 4.1 Credit-Based System

  - 4.2 Invitation-Based System

  - 4.3 Delegation System

- 5. Node Selection

- 6. Community Governance

- 7. Tokenomics

- 8. Roadmap

1. Background

1.1 Current Network Transmission

When we access the internet, we are essentially finding a server for a specific website through the network and retrieving data from that server. The process of accessing the internet can be simplified into three steps: addressing, requesting, and receiving. This process is somewhat analogous to today's courier services. First, we have an address, similar to our home address. Next, we need to find the address of the merchant (in this case, a website) we want to visit. Then, we send a request to the merchant, and the merchant, based on our address, sends the requested goods to us.

Similarly, when we go online, we start by connecting a device (such as a computer) to a router (which connects multiple devices within our home, creating a local network, similar to our home). From there, we can connect to the external public network. On the internet, we have our own address, which is our IP address (like our home's specific address). We then look up the server address of the website we want to visit. For example, if we want to visit Baidu's content, our computer can't directly recognize the web address "www.baidu.com." This is where a Domain Name System (DNS) server comes in. It helps us translate "www.baidu.com" into its corresponding address.

Once we find Baidu's address, we need to send a request to Baidu's server to get its data. However, in practice, our request doesn't go directly to Baidu's server. Instead, it first goes to an intermediate hub, which is the Internet Service Provider (ISP), similar to a provincial warehouse in the courier analogy. The ISP then routes our request through multiple ISPs, finally reaching the ISP in Beijing, and from there, it goes to Baidu's server. This completes the request to Baidu's server. The whole process is somewhat like how a courier passes through multiple warehouses (ISPs in this case) before reaching its destination. Once our request reaches Baidu's server, the server sends back the data we need, which is received by our device. Thus, the entire process of addressing, requesting, and receiving is complete (note that this process has been simplified, and actual situations can be more complex).

1.2 Network Security

Network security encompasses the security of network software, network devices, and network information. It involves protecting hardware, software, and data from accidental or malicious alterations, disruptions, or leaks to ensure that systems can operate reliably, continuously, and normally, with uninterrupted network services.

With the rise of emerging technologies such as big data, 5G, cloud computing, and the Internet of Things (IoT), the boundaries of network information security are weakening, and the content of security protection is increasing. This presents significant challenges to data security and information security, while also opening up new development opportunities in the network information security market. Moreover, issues like data security, privacy protection, and economic globalization are gaining further attention, driving growth in the network security market.

According to data, the potential market space for China's information security market is estimated to be around 100 billion RMB. As proactive awareness of network security defense grows, the domestic network service market share is expected to expand further. Currently, China's information security industry is still hardware-centric, leaving significant market opportunities and immense development potential.

Source: https://zq.gp451.com/page/4d5e0b89baa0f519/?source=baidu&plan=PC-%E6%A6%82%E5%BF%B5%E8%82%A1(%E6%9D%BF%E5%9D%97)-%E9%9B%AA%E8%8E%B9&unit=pc-%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E6%A6%82%E5%BF%B5&keyword=%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E7%8E%B0%E5%9C%A8%E7%8A%B6%E5%86%B5%E5%92%8B%E6%A0%B7&e_creative=65660311490&e_keywordid=502946123310&e_keywordid2=502946123310&bd_vid=11404087665164838836

1.3 Current State of the VPN Industry

In its early days, VPN technology primarily focused on establishing secure tunnels between an organization's servers and its members to ensure encrypted data transmission. Over the past decade, modern consumers have not only started associating VPNs with the enterprise-centric narrative but have also linked them with a fresh narrative centered around their concerns for privacy, internet security, and global data accessibility. Due to these concerns, we have witnessed a thriving VPN industry, growing at an annual rate of 15%. It is estimated that by 2030, the global market value of this industry will reach $75 billion.

For decades, the fundamental task of IPsec VPN has been to remove packets from authenticated endpoints. All communication between endpoints is encrypted at the highest level, forming the foundation of VPNs on the internet. VPNs are considered simple and cost-effective, but they may have issues when it comes to ensuring network performance. Basic VPNs can prioritize applications and communications before encrypting them. However, the value of doing this is limited because once communication is transmitted within an encrypted channel, it cannot be prioritized from the perspective of network providers since the message headers are encrypted and cannot be inspected. Another challenge is to establish the optimal network that supports communication at a reasonable level of performance. A typical VPN operates some operations on a single IP backbone, which is suitable for small businesses. However, for large enterprises with multiple locations, IPsec VPNs often lead to issues with voice and video applications due to high latency or congestion on the network.

Currently, available consumer VPN applications in the VPN industry cannot substantiate their claims of authenticity. They fail to uphold their promises to users, ensuring both "privacy" and "reliability," leading to significant contradictions. In recent years, this contradiction has been exposed nearly every quarter as leading VPN networks have been deliberately used to store and collect user data while allowing significant security vulnerabilities to exist. The VPN industry currently operates in a cartel-like manner, with the majority of leading brands having the same owners. These similar products maintain an equal degree of anonymity, and consumers lack trust in their backend functionalities.

Source: Sentinel Whitepaper Page 5

2. Project Overview

2.1 Vision of the Project

The vision of the MetaChain project is to safeguard the security of personal data, enable unfettered information sharing, provide a blockchain-driven integrated network security solution, deliver true internet freedom, enhance security, and offer a seamless user experience. Its goal is to build a platform for the free and secure sharing of network resources for all of humanity.

To construct a completely free and secure network resource sharing platform, one that allows every netizen to move freely on the internet, enjoy the conveniences it offers, and avoid privacy and security infringements, MetaChain, as a foundational network security infrastructure, must possess the following characteristics:

Privacy and Security Protection

Foremost is the issue of security. During a user's internet usage, any step along the way has the potential to compromise information, which can then be exploited by hackers. For example, connecting to an insecure Wi-Fi network or having information intercepted by rogue cell towers poses security risks. Furthermore, for large enterprises, transmitting data between branches in different regions through external public networks can lead to security concerns. Using a company's internal network may address speed and performance issues, but challenges remain. Additionally, how can employees traveling or working remotely securely access the company's internal network via public networks?

Moreover, with the development of the Internet of Things (IoT) in recent years, hackers can not only hijack personal computers but also compromise connected devices like cameras, smart appliances, smart locks, routers, and more. All these scenarios underscore the critical issue of how to prevent hijacking during internet use, a paramount concern in current network security.

Breaking Through Regional Restrictions

When we use the internet, we might find ourselves controlled by certain centralized entities for various reasons. For instance, we can be blocked. Some Internet Service Providers (ISPs) manipulate DNS operations for certain purposes, making it impossible for us to obtain the correct IP address of the target server when using the ISP. It's like a logistics company altering its address book, rendering us unable to determine the specific address of the manufacturer we want to contact, thereby preventing us from shopping normally and, in turn, from surfing the web freely.

Or we can be restricted. Some products impose usage limitations on users based on their geographical regions. Each user's network IP represents the region to which it belongs. Consequently, different management practices can be applied to users from different regions. For example, some video streaming platforms may only be accessible to users in the United States. When users from other regions visit the page, video content will not be displayed. Conversely, the opposite can occur, where certain regions are denied access to content.

Due to these reasons, we cannot truly experience freedom when navigating the internet.

Based on the above, MetaChain proposes the following solutions:

Peer-to-Peer Decentralized VPN Network

MetaChainVPN and DVPN (Decentralized VPN)

Mining Shared Network Bandwidth

[Information Source](https://mp.weixin.qq.com/s/_S8b4EW6MqD5S66vzveZ1w)

2.2 Peer-to-Peer Decentralized VPN Network

The key to achieving a decentralized VPN lies in the absence of centralized servers. Blockchain achieved decentralization by transforming centralized accounting into distributed accounting, where anyone can keep records. The Bitcoin whitepaper is titled "A Peer-to-Peer Electronic Cash System," and it embodies this concept. In a peer-to-peer network, the status of each node is equal; no node has central control, and no node acts as an intermediary in transactions. Each node serves as both a server and a client. Nodes can join and exit at will, choose to run all functions or only some functions, and the more nodes, the greater the system's computational power, data security, and resistance to disruption. Bitcoin utilizes this peer-to-peer network protocol, which has been adopted by many subsequent cryptocurrencies such as ETH and EOS.

MetaChain draws inspiration from blockchain thinking. Similarly, MetaChain can use peer-to-peer technology to transform centralized servers into servers owned by everyone, establishing a decentralized, server-less internet system that relies on user peers to exchange information. Its role is to reduce the number of nodes in network transmission to minimize the risk of data loss. In contrast to centralized server-based central network systems, each user terminal in a peer-to-peer network functions as a node and has server functionality. No node can directly locate other nodes and must rely on its peer group to exchange information.

Different from traditional mesh networks, a point-to-point network security system with traceable data ownership and immutable information provides the following advantages:

a) Open Source Transparency: Through open-source transparency and application integrity verification systems, it establishes end-to-end encrypted provability between users and servers from which they intend to access data.

b) Bandwidth Proof: It has a bandwidth-provable system that allows server providers to offer bandwidth in exchange for compensation agreed upon by users in a trustless and provable manner.

c) Privacy Protection: It can provide evidence that there are no logs related to user browsing or data history and that this information is not centrally stored by application developers.

2.3 MetaChainVPN and DVPN

2.3.1 MetaChain's First Step - MetaChainVPN

MetaChain has already released a VPN software called MetaChainVPN, which has garnered significant acclaim from blockchain enthusiasts. MetaChainVPN, tailored specifically for the crypto community, is the first exclusive free VPN designed by MetaChain. It employs a cloud mining model that connects and mines, eliminating centralized servers and ensuring user anonymity and security throughout the decentralized world. It boasts multiple high-quality global dedicated lines to protect blockchain enthusiasts from network and geographical restrictions, allowing for high-speed and stable exploration of the blockchain world.

Traditional VPNs establish a private network, or virtual circuit, on a public network, hence the term "virtual circuit." This means that communication between any two nodes in the entire VPN network does not require an end-to-end physical link, as it is built on a network platform provided by public network service providers. Since the entire communication occurs over public networks, there may be latency fluctuations and packet loss.

What sets MetaChainVPN apart is its use of IPLC (International Private Leased Circuit) physical dedicated lines, which are essentially point-to-point intranets. The network's entry point is in the domestic region, so it is not affected by international linkages, and it does not have to go through the national firewall. This results in a high availability of IP addresses and avoids being blocked. The exit point is located overseas, allowing unrestricted access to websites that are inaccessible from within China. Because it operates as an intranet, it is not affected by network fluctuations. Latency to overseas destinations is generally very low. Although this approach may have higher costs, it offers speed and extremely low latency.

MetaChainVPN also plays a crucial role in absorbing early traffic for MetaChain, establishing a solid foundation for MetaChain in the field of networking. It has also attracted a large number of users with remote access needs. These users will be the primary users of MetaChainDVPN (Decentralized VPN) in the future. To increase MetaChain's exposure in the early stages, we implemented mining incentives in the MetaChainVPN design project. According to the established plan, MetaChainVPN has completed three rounds of reduced mining. It currently has a mining power of 1.25 MC/hour. VIP users have mining rights and can participate in the promotion pool mining, but the number of promotion pools is limited (5%). Once the output is exhausted, line mining will be terminated immediately.

Sources: [Information Source](https://zhuanlan.zhihu.com/p/139688763)

2.3.2 MetaChain's Continued Expansion - MetaChainDVPN

The peer-to-peer decentralized VPN network is a hybrid P2P distributed bandwidth sharing network used to bypass regional censorship and ensure privacy. The network is serverless and distributed; user data is never logged, leaked, or invaded by hackers. Each node operator has the right to act as both a client and a server. Node operators are rewarded handsomely for contributing bandwidth to the network. Compared to traditional P2P network models, an incentive mechanism ensures network stability (details of the incentive mechanism will be explained in the node selection section).

The embodiment of this concept is MetaChain's DVPN (Decentralized VPN) hardware device. It can be used for both shared network bandwidth mining and decentralized VPN functionality. All DVPN users contribute bandwidth to the entire network, and an increase in users means more nodes offering bandwidth sharing, which in turn increases network security. With the mining mechanism in place, MetaChain can quickly build a robust decentralized private network. Since there are no centralized servers, user data is never logged, leaked, or exposed to hackers during DVPN transmission, making it an important gateway for the transition from Web 1.0 and Web 2.0 to Web 3.0.

MetaChain's DVPN uses a point-to-point bandwidth sharing mechanism to establish an end-to-end encrypted private network, allowing each node operator to act as both a client and a server. Node bandwidth sharers earn mining rewards by providing untraceable and unblockable internet bandwidth sharing to other nodes. DVPN is the first killer shared broadband application in the MetaChain blockchain ecosystem, eliminating technical barriers and providing all users with a private, secure, and unrestricted internet experience. MetaChain DVPN truly popularizes blockchain technology and raises public awareness of the upcoming Web 3.0 era, making it a pioneering work in the decentralized sharing economy and personal data security.

Like other sharing economy systems, in a peer-to-peer DVPN, there are users who provide bandwidth and users who consume bandwidth. In theory, there may be a situation of excess bandwidth (although the likelihood of this happening in practice is small). When this occurs, we will call on MetaChainVPN, as mentioned earlier, to bundle the surplus bandwidth and offer it to MetaChainVPN users, thereby consuming it and ensuring profits for the bandwidth sharers.

2.4 MetaChain's Web 3.0 Ecosystem and Applications

2.4.1 Becoming a Crucial Gateway from Web 1.0 and Web 2.0 to Web 3.0

Web 1.0 was characterized by information consumption, where we could only read the information provided by websites, such as portals and search engines. Web 2.0 introduced information interaction, allowing users to generate content independently, interact with websites and others, and communicate and connect. These two phases do not replace each other; they coexist. Web 3.0, however, will be based on a decentralized network of blockchains and other decentralized infrastructure, in contrast to the general internet that hosted Web 1.0 and Web 2.0. Web 3.0 is decentralized, while Web 1.0 and Web 2.0 are centralized. With products for decentralized network transmission, such as MetaChain's DVPN hardware device, we can freely switch between these two approaches. This means that MetaChain DVPN plays an important role in connecting Web 1.0, Web 2.0, and Web 3.0. Users can choose what type of product to use based on their needs, ending the current state of having no choices.

2.4.2 Decentralized Edge Computing Platform (MetaChain)

MetaChain is a decentralized infrastructure built on nodes. It uses blockchain platforms to release decentralized tasks. MetaChain nodes listen for specific events, parse event-triggered task workflows, and pull, schedule, and monitor task execution status on nodes based on application URLs and operation parameters. When specific conditions are met, the tasks end. Each node may bear different web2/web3 applications, and they will easily become providers or co-providers of certain services by offering development and maintenance of these services, earning revenue and ownership. Such an off-chain decentralized platform offers possibilities for entirely new application forms, including oracles, the zero web, Lightning Network, triggers, mail services, and more.

2.4.3 Decentralized Creator Platform

Traditional web2.0 content platforms consider creators as essential components of customer acquisition and traffic generation. Creators are creators and owners of platform value and space but lack control over content, copyrights, and advertising. Web3.0, based on decentralized networks, relies on secure data storage and rapid traffic distribution capabilities, creating a completely decentralized creation platform for creators. Using off-chain web3 decentralized website operation methods and combining on-chain NFT (Non-Fungible Token) value certificate methods, it develops a producer economy and provides a new web3 interaction mode for all creators. Through mechanisms like "watch-and-earn" and "create-and-earn," it incentivizes greater participation and growth for creators and fans, creating a decentralized, open creative environment for creators.

2.4.4 Decentralized Chat and Social Software

Leveraging the deployment capability of decentralized applications (DApps) based on the DEP (Decentralized Edge Protocol), it rapidly deploys nodes for large-scale chat applications. With the help of DVPN's privacy encryption network technology, it enables cross-domain private message transmission. In traditional web2.0 chat software, users do not have control over identity and data disposition. Platforms can arbitrarily restrict individual account access and usage permissions, and any chat content and transaction records can be monitored at will. By using off-chain decentralized encryption tunnel nodes, combined with on-chain blockchain identity verification and peer-to-peer transaction methods, it ultimately ensures that users own and control digital content, ownership, and control, allowing users to independently choose agreements for value created by users themselves.

3. MetaChain Technology Architecture

The top layer comprises several hundred validation nodes, functioning similarly to other blockchains. The bottom layer, also referred to as the MetaChain meta-layer, is composed of millions of MetaChain DVPN (Decentralized Virtual Private Network) devices. These devices earn credit tokens (MC tokens) by providing services such as bandwidth sharing and VPN services. Unlike the standard Nakamoto consensus protocol, our Proof of Credit (PoC) mechanism does not rely on Proof of Work (PoW), thus resulting in lower energy consumption. Our consensus mechanism is similar to Proof of Stake (PoS), but the voting power of validation nodes depends on both their deposits and credit scores.

On one hand, the security of the top layer is protected by the credit scores of the bottom-layer devices. The more devices that join the bottom layer, the more secure the network becomes. On the other hand, the rewards (MC tokens) received by bottom-layer devices incentivize more participants to join the MetaChain distributed hybrid network. This closed-loop system expands and safeguards the entire network.

3.1 Trident Protocol

The core of MetaChain's tunneling technology is to achieve unrestricted and free access to the internet, and this is accomplished through the Trident Protocol. Internet access censorship involves comprehensive monitoring and filtering of users' internet traffic, relying on the deployment of numerous network firewalls and offline analysis devices in core networks and key exit points. Therefore, to introduce the penetrability of the Trident Protocol, let's first review how network firewalls function.

Currently, network firewalls have evolved from basic port-based access control table models to intelligent models based on content recognition. This model has various specific implementation methods. The first four methods are passive recognition methods, while the fifth method is an active recognition method. Some firewalls can simultaneously utilize several of these methods for application type recognition in user data streams, and even employ artificial intelligence algorithms such as Bayesian theorem or decision trees for intelligent recognition.

3.1.1 Port Coarse Filtering

Port Coarse Filtering refers to the method of determining possible application types based on the destination port. The Internet Assigned Numbers Authority (IANA) is the organization responsible for defining network ports and their corresponding network applications. As of now, ports 0 to 1024 are mostly allocated. Firewalls can use network ports to roughly determine the likely running protocol. For example, if traffic on port 2049 is detected, commonly associated with the NFS protocol, even in the absence of clear content characteristics, it can be roughly determined as the application type.

3.1.2 Content Recognition

Content recognition is the method of identifying the network application type based on the content of user data streams. Since network applications are typically completed according to pre-defined network protocols, user data streams often have certain content features. For example, several HTTP commands (GET/POST, etc.) are commonly found at the beginning of the first data packet negotiated over TCP, and the first line always ends with HTTP/X.X (the used HTTP version number). Firewalls can use this feature to identify the allowed HTTP protocol on any destination port. Similarly, all internationally standardized protocol organizations have clear content features. For some non-standard protocols, their content characteristics may change with version upgrades, requiring firewalls to regularly update their feature libraries to keep up with changes in numerous software features.

3.1.3 Packet Length Recognition

Packet length recognition is a method of application recognition based on the length sequence and distribution of interactive data packets. When there are no clear content characteristics in user data streams, this method is very practical. During the negotiation phase of network protocols, there is often a certain regularity in the lengths of packets sent between servers and clients. If a network protocol specifies during the negotiation phase that the client must send a TCP data packet with a payload length of 60 bytes to initiate a request, and the server must reply with a 40-byte data packet as a response and another data packet with a length between 20 and 30 bytes as another response, then this network protocol has certain packet length characteristics that can be utilized by the firewall for application recognition. To evade recognition by firewalls using this method, applications need to disrupt length characteristics by methods such as obfuscation or encryption.

3.1.4 Packet Interval Recognition

Packet interval recognition is a method of application recognition based on the periodic keep-alive packets specified in network protocols. In tunneling protocols, servers and clients periodically send keep-alive packets to monitor the tunnel's availability. These packets are often sent at fixed intervals and are of relatively small length. Even some non-standard tunneling applications often adhere to this network protocol's pattern. Network technologies used for disruption can utilize this pattern to recognize tunneling applications and subsequently block them.

3.1.5 Active Detection Recognition

Active detection recognition involves the firewall acting as an intermediary, altering the data packet content sent from the client to the server, and identifying the application type based on the server's response. For instance, control channels for malicious software often adhere to the standard IRC (Internet Relay Chat) protocol, an internet chat protocol defined by the IETF (Internet Engineering Task Force). However, they often do not support common IRC commands in a straightforward manner. Firewalls leverage this feature by actively sending commands to test server responses, thereby recognizing whether the network application is a normal chat application or a control channel for malicious software. It's worth noting that active detection recognition is fundamentally different from the passive methods described above. It allows firewalls not only to identify applications by monitoring data stream content but also to actively modify or send data packets for active detection. To address all these detection methods, the Trident Protocol combines two tunneling modes to circumvent firewall detection: protocol obfuscation mode and protocol camouflage mode. Protocol obfuscation mode, by concealing all characteristics from firewalls, achieves the function of bypassing network interference. However, in some whitelist systems, any data streams that cannot be identified are also discarded or blocked. In such cases, the Trident Protocol will automatically switch to protocol camouflage mode to continue bypassing network interference.

3.1.6 Protocol Obfuscation Mode

The Protocol Obfuscation Mode is designed to counter various firewall detection methods, making it impossible for the firewall to recognize any distinguishing features. The operation of this mode is as follows:

a) Random Ports: Randomly negotiate ports as data flow ports.

b) Encrypted Content: Encrypt all data packet contents, ensuring that no content features can be extracted using regular expressions (regex).

c) Packet Length Obfuscation: Randomize the length of all data packets.

d) No Regular Keep-Alive Packets: Data packets carry their own keep-alive data; there are no separate, obvious keep-alive packets.

e) Prevent Active Detection: Servers discard any non-protocol-compliant data packets and refuse to respond.

3.1.7 Protocol Camouflage Mode

Protocol Camouflage Mode involves disguising traffic characteristics as those of other common protocols. For example, it can masquerade as the following two common protocols:

a) HTTP Protocol: The tunneling protocol is entirely encapsulated within an "HTTP GET" and an "HTTP POST" message body. The "GET Response" command is used to receive downstream data, while the POST message body is used to send upstream data. Since the ports are randomly negotiated by both the client and server in advance, there are no specific field names or other features associated with HTTP.

b) TLS Protocol: In this case, the TLS 1.2 session ticket feature is utilized. Tunnel traffic appears as a standard HTTPS connection using a pre-negotiated session ticket. Because there is no negotiation phase, firewalls cannot act as intermediaries for decryption/encryption. AtomOS will also use encryption and anti-detection mechanisms similar to the Protocol Obfuscation Mode in subsequent payloads.

3.1.8 NAT Traversal

Another common issue in P2P networks is NAT (Network Address Translation) traversal. NAT is a common feature of current network devices in IPv4 network environments. Devices within a local area network (LAN) are often configured with private IP addresses. However, to transmit packets over the internet, the destination and source IP addresses of the packets must be configured as public IP addresses. To resolve this contradiction, network devices at the LAN's exit point can use NAT to translate the private IPv4 addresses of data packets from the LAN into the gateway's public IP address, enabling the packets to be transmitted over the internet. This approach not only addresses the issue of limited IPv4 addresses but also allows organizations or enterprises to hide their internal network structure and isolate it from external networks.

3.2 Intelligent Routing Technology

Intelligent routing technology automatically determines network routing based on user data stream characteristics and decides whether to encapsulate the data in a tunnel. We offer two modes: Privacy Protection Mode and Network Interference Bypass Mode. In Privacy Protection Mode, user data streams that involve traces of internet usage are determined for tunnel encapsulation based on the user's configured anonymity service level. In Network Interference Bypass Mode, user data streams accessing the internet are decided for tunnel encapsulation based on the accessed website's address and its corresponding allowed access regions and blocked access regions database.

Intelligent routing provides the following benefits:

a) Cost Savings: Network tunnels are established between two or more Meta Chain DVPN devices. Therefore, both ends of the tunnel are Meta Chain DVPN devices. If a Meta Chain DVPN device seeks to establish a tunnel connection with another Meta Chain DVPN device, it must find a server through a network sharing platform and pay digital currency based on traffic or network speed. Users are not using network tunnels for free. Intelligent routing technology can automatically determine whether data flows through a network tunnel based on data stream properties. This reduces tunnel usage and avoids the network latency caused by network tunnels, providing users with the original experience of normal data flows without additional costs.

b) Anonymous Services: Anonymous services refer to hiding a user's IP address to make internet usage traces difficult to trace. Since data transferred through network tunnels is encrypted end-to-end, user data streams transmitted through network tunnels do not leave any traces on the internet. We set levels of anonymity based on the public nature of the accessed content and decide whether to encapsulate the corresponding data streams in network tunnels according to user preferences. Web browsing, which is highly public, falls under the highest level of anonymity service. For this level, network tunnel encapsulation is mandatory. P2P downloads, with lower public visibility, fall under the second-highest level of anonymity service. For this level, network tunnel encapsulation is optional to reduce user costs. Furthermore, users can choose the multi-hop routing mode for stricter anonymity services. In a multi-hop routing environment, the network tunnel is established using more than two Meta Chain DVPN devices, rather than the usual two. The benefit of this approach is that intermediate nodes, because they cannot decrypt user data streams, cannot peek at the content. Additionally, the last node in the chain, while it can decrypt user data streams, cannot determine the source of the data stream. Thus, the more Meta Chain DVPN devices that form a network tunnel, the harder it is to trace user data streams, but the corresponding cost also increases.

3.3 Link-Layer Tunneling Technology

Link-layer tunneling technology is the world's first device that can achieve intelligent routing and tunnel encapsulation in virtual wire mode without any configuration. Currently, all network devices that implement tunneling functions on the market operate in routing mode. In other words, users need to have some network technical knowledge, learn IP address planning, tunnel protocol configuration, and have routing knowledge to correctly establish tunnels. They also need routing knowledge to forward the required traffic into the tunnel for proper encapsulation and de-encapsulation. Link-layer tunneling technology completely changes the professional knowledge requirements for end users. Meta Chain DVPN devices do not require any specialized knowledge. When users connect a link-layer tunneling technology device to the upstream link of a home router, it enters a learning phase. During this phase, it listens to traffic without affecting traffic forwarding and automatically determines the direction of connections based on the statistical patterns of IP addresses appearing on both sides of the ports. We know that there are billions of nodes on the internet, while the number of exit IP addresses for individual users is very small and fixed. Therefore, after analyzing traffic for a short period, we can determine which side is the upstream port and which is the downstream port. Subsequently, link-layer tunneling technology further learns the upstream gateway IP/MAC addresses, DNS servers, and other information for possible tunnel negotiation and encapsulation in the future. We believe that a smart home gateway is a product that users rarely interact with, the less users need to be aware of its existence, and the fewer configurations they need to make when changing functions, the more it meets the real needs of most users. In particular, when combined with our innovative intelligent routing technology mentioned above, with zero usage threshold, it fulfills user privacy protection and network traversal needs at minimal cost.

4. Consensus Mechanisms

MetaChain employs an advanced trust consensus mechanism that consists of three crucial components or modules: the Credit System, the Invitation System, and the Proxy System. These three mechanisms are the core of the MetaChain metachain consensus mechanism. Let's delve into each of these mechanisms.

4.1 Credit System

The Credit System is the most vital mechanism among the three core mechanisms. As the name suggests, it reflects the contribution of each participant based on the computing power of each node and allocates rewards in MC tokens accordingly. Computing power can be obtained in two main ways. One is by registering as a user and consistently connecting and mining every day to contribute computing power. The other is by participating in MetaChain DVPN sharing and consensus activities to acquire computing power. The former relies on MC as an incentive, while the latter is based on the technical support of the MetaChain metachain public chain. In this way, MetaChain establishes a credit system. Each node accumulates its computing power by using, promoting, or participating in the construction of on-chain mixed network device applications. This design not only almost reduces energy consumption and hardware waste to zero but also incentivizes every node to participate in valuable on-chain applications. It can be seen as a win-win solution.

4.2 Invitation System

New nodes must obtain computing power contributions by invitation from existing nodes to join the network. Furthermore, each invited node automatically receives a basic level of computing power upon joining the network, enabling it to start earning rewards in MC for connecting and mining. Inviters also receive a corresponding bonus based on the invited node's computing power, thus motivating nodes to actively contribute to the platform.

To rapidly expand the number of nodes, MetaChain sets aside 60% of the total issuance of tokens as incentives to support the implementation of the referral system. Any participant who successfully invites new nodes can receive this portion of the system reward. Therefore, the Invitation System is one of the key mechanisms for MetaChain to quickly grow its network. On the other hand, to be eligible for referrals, one must become a participant and contribute to MetaChain, investing time and financial costs. Consequently, existing nodes certainly do not want to invite malicious actors or individuals who contribute nothing to the network. Therefore, the Invitation System encourages existing nodes to carefully select qualified and outstanding new nodes to join. It is the transmission of trust and consensus.

4.3 Proxy System

MetaChain consists of two layers: the upper layer of validation nodes and the lower layer of MetaChain DVPN nodes. The upper layer validation nodes are primarily responsible for block generation, with the top layer comprising hundreds of validation nodes that continuously create new blocks. The lower layer consists of millions of MetaChain network devices. The lower-layer MetaChain network device nodes are primarily responsible for supervising and selecting the upper-layer validation nodes. These network devices earn new MC by completing various economically valuable tasks, with each device associated with an account. The more tasks a device completes, the higher the credit score the corresponding account receives. Each device can delegate its credit score to a validation node.

This design is inspired by the proxy systems used in some countries, where citizens elect representatives to form a parliament. The parliament formally represents the will of the people in exercising state power. In MetaChain, device nodes provide trust votes to validation nodes, which, when selected, represent all device nodes in participating in the network consensus building.

MetaChain's proxy mechanism is a two-layer architecture that allows any number of participants to join in consensus-building without affecting efficiency. This fully reflects the fairness of the network. System scalability-wise, MetaChain's two-layer architecture is inherently a scalable architecture of Layer 1 + Layer 2. Each MetaChain DVPN device has a certain amount of computing power and can perform micro-payment functions, among others. They compute and bundle transactions on the hardware device before uploading them to the chain, greatly improving the overall system's operational efficiency. It inherently possesses the characteristics to address scalability issues in the system.

Due to wordings limitation, please refer to this link for more information

https://zline-1.gitbook.io/the-edges-of-metachain/