Architecture

​

System diagram

​

Participant roles

See Participants for a deeper breakdown per role.

​

Life of a paid delivery

1. Client bootstrap — client generates a keypair, queries the on-chain registry, seeds a peer table, and subscribes to regional + global gossip topics.
2. Discovery — client probes its known peers for a blob hash. On miss, any peer performs a DHT lookup to locate holders.
3. Selection — returned candidates are scored by price, latency, and reputation; lowest cost wins.
4. Payment channel open — client opens a USDC payment channel with the selected node on-chain (payments).
5. Streaming + vouchers — node streams to the client; client signs off-chain vouchers as bytes flow.
6. Cache-miss fan-out — if the node doesn’t have the blob, it pulls from another peer (paid). Every byte delivered in the network is paid.
7. Channel close — either party initiates settlement on-chain, with a dispute window for stale closes.

​

Key invariants

• No external origin URL exists — content enters the network through origin-backed nodes whose backends are hidden.
• A node cannot earn without delivering verifiable bytes — hash mismatch voids payment.
• A node cannot join the mesh without bonding — registration enforces a capacity bond (bond = k × Mbps^α) scaled to declared bandwidth, rather than a flat minimum.
• A node cannot register an identity it does not control — both keys must sign at registration.
• Safety bounds on all governable parameters are hardcoded — governance cannot set fees to 100% or push the operator revenue share below its floor.
• Being recognized as an origin is DAO-governed — configuring an origin backend locally without authorization means the node’s bytes are served only as cache.
• A node cannot serve a blacklisted hash after the compliance window — doing so is slashable.

​

Non-goals

• DRM or content protection
• Content transcoding or adaptive format conversion
• Search, discovery, or recommendation
• Mobile or web clients
• Erasure coding — full replication only