VPX Protocol & Network Architecture
Technical specification for a purpose-built, telecom-native settlement, routing and fraud chain
This paper describes the design of the VPX Protocol - a purpose-built, telecom-native chain for routing, fraud management and settlement. It is built on a proven high-performance base - a Sui-derived Move object model with Mysticeti-class DAG-BFT consensus - rather than a bespoke consensus of its own: independent, single-owner operations (routing decisions, CDR records) finalise on a fast path in roughly 250 to 400 milliseconds without a full consensus round, while shared-state operations (settlement escrow, fraud blacklist writes) take the ordered consensus path at roughly 390 milliseconds; the base consensus is demonstrated in production at over 200,000 transactions per second, well beyond real telecom event volumes. It covers the four specialised node types (Fraud, Routing, Analytics and Gateway) and their place in the validator and worker mesh; the smart-contract layer (routing, fraud and settlement) written in Move, whose resource safety makes it impossible by construction for value to be copied or double-spent; fiat-pegged fees settled in VPXN, priced from established oracle feeds for the currency legs and a native time-weighted average for the token itself; geographic distribution and fault tolerance; data retention and GDPR compliance; staking, delegation and slashing economics; a security programme of independent audits plus Move formal verification; economic attack resistance; and a phased launch. The architecture complements - it does not replace - existing SIP and H.323 interconnects, providing a decentralised coordination layer alongside traditional carrier networks. Its deeper purpose is an incentive realignment: a network on which fraudulent traffic earns no participant, and on which the value a call creates can flow back to the person who made it - the opposite of an industry whose incentive to police bad traffic has always been undercut by the revenue earned from carrying it.
CONTENTS · 22 SECTIONS
1. Introduction
The wholesale telecom and business messaging ecosystem remains large and fragmented: TeleGeography estimates that wholesale carriers terminated approximately 217 billion international voice minutes in 2024, while MobileSquared estimates that global A2P SMS traffic peaked at 2.84 trillion messages in 2024, including 297 billion international A2P messages. Ofcom describes the A2P SMS value chain as spanning messaging service providers, aggregators and terminating mobile operators, rather than a single direct route. (Sources: TeleGeography, International Voice Report Executive Summary (2025); MobileSquared, Global A2P SMS 2017-2029 (1Q 2025 redacted version); Ofcom, Business messaging: Review of the A2P SMS termination market (2025).)
Despite this scale, the infrastructure coordinating these transactions relies on bilateral agreements, siloed fraud databases, opaque routing decisions and settlement processes that can take 30-90 days to reconcile.
The deeper problem is not inefficiency, it is incentive. The parties best placed to stop fraudulent and low-quality traffic are frequently the parties that earn from carrying it, so the market has learned to tolerate what it publicly deplores. VPX is built on the opposite premise: a coordination layer on which fraudulent traffic earns no participant, on which quality is rewarded rather than gamed, and on which the value a call creates can flow back to the person who made it. The technology described in this paper exists to make that premise structural rather than aspirational.
The VPX Protocol addresses these structural inefficiencies by introducing a purpose-built blockchain coordination layer for telecom operations. Unlike general-purpose blockchain platforms (Ethereum, Solana, etc.), VPX is designed from the ground up for the specific requirements of real-time telecommunications - sub-second finality, deterministic routing decisions, consensus-driven fraud management and per-call settlement.
Critically, VPX does not replace existing telecom infrastructure. Voice media continues to flow over standard SIP and H.323 interconnects. The VPX Protocol operates as a signalling-layer coordination network - making routing decisions, validating fraud reports, recording CDR data and distributing settlement - while existing carrier infrastructure handles the actual call transport.
Note on Terminology: This document uses technical terms from both telecommunications and blockchain domains. Readers unfamiliar with terms like ASR (Answer-Seizure Ratio), CDR (Call Detail Record), or DPoS (Delegated Proof-of-Stake) should refer to the Glossary (Section 21) for definitions. Key terms are also explained in context on first use.
Note on Token Pricing: References to VPXN token prices (e.g., "£0.10 per VPXN") throughout this document are illustrative examples for economic modelling purposes only. Actual market price will be determined by supply and demand dynamics on decentralised exchanges. For comprehensive token distribution and fundraising details, see Whitepaper 02: VPX Token Economy, Section 2.
2. Design Principles
The VPX Protocol is governed by five core design principles that informed every architectural decision:
2.1 Telecom-Native Performance
General-purpose chains were long constrained by financial-transaction assumptions, where multi-second confirmation was acceptable (Ethereum ~12s block time; earlier Solana ~400ms slots with multi-second finality, now moving toward sub-150ms). Telecom routing decisions must complete in tens of milliseconds. VPX meets this on a Sui-derived object model: independent routing decisions take an owned-object fast path that finalises in roughly 250 to 400 milliseconds, and a local quality cache enables sub-10ms lookups for hot-path decisions - so the routing path is used the moment it is chosen while finality settles underneath it.
2.2 Complement, Not Replace
VPX operates alongside existing carrier networks. A carrier connecting to VPX continues to use their existing SIP or H.323 switches, their existing media gateways, their existing SMPP binds. The VPX Network provides intelligence (routing decisions, fraud signals, quality data) while existing infrastructure handles transport. This zero-forklift philosophy is essential for carrier adoption.
2.3 Consensus Over Authority
No single entity - including VoicePro Plus - can unilaterally blacklist a number, alter a routing decision or modify a CDR record. All state changes require consensus from the relevant node population. This eliminates the single-operator bias that plagues centralised fraud databases and routing platforms.
2.4 Deterministic Auditability
Every routing decision, fraud report, quality event and settlement transaction is recorded on-chain with a cryptographic proof chain. For any completed call, the entire decision history - why this route was selected, what quality scores were considered, which fraud checks were applied - is permanently and immutably available.
2.5 Economic Alignment
Network participants are economically incentivised to behave honestly. Accurate fraud reports earn rewards. Inaccurate reports trigger stake slashing. High-quality routing data earns bonus distributions. The token economy is designed so that honest, high-quality participation is always more profitable than gaming the system.
3. Consensus Mechanism
VPX does not invent its own consensus. It adopts a proven, in-production base - a Sui-derived Move object model with Mysticeti-class DAG-BFT consensus - and builds the telecom-specific layer (the four node classes, fraud consensus, quality-weighted routing and fiat-pegged settlement) on top. This is the discipline of the whole design: standard where a mistake costs real money (consensus and cryptography), novel only where it is the differentiator (the telecom-native layer). What follows describes how that base is configured for telecom workloads - sub-second finality, priority handling for time-sensitive routing, and heterogeneous node roles.
3.1 Block Production
Rather than a single-leader rotation, VPX uses a Mysticeti-class DAG-BFT consensus - the class of consensus proven in production on the Sui network - in which validators build a directed acyclic graph of transaction batches and commit with sub-second latency. Throughput scales with the number of workers rather than collapsing as the validator set grows, which is what allows the network to add capacity by adding nodes.
Two execution paths fall out of the object model, and they map exactly onto telecom priorities. Independent, single-owner operations - a routing decision, a per-call CDR record - touch only their own state and finalise on a fast path in roughly 250 to 400 milliseconds, in parallel, without a full consensus round. Shared-state operations - settlement against a carrier escrow, a fraud blacklist write - are totally ordered through consensus at roughly 390 milliseconds. Because the overwhelming majority of telecom traffic is independent (different calls, numbers and routes touch different state), the hot path is the fast path, and it stays sub-second at scale by construction rather than by promise.
3.2 Validator Selection
Validators are selected based on stake weight, uptime history and domain-specific performance metrics. A Fraud Node with a high accuracy rate and consistent uptime will rank higher in validator selection than one with lower accuracy - even if the latter has a larger stake. This blended selection model prevents pure plutocratic control while still requiring meaningful economic commitment.
3.3 Finality
Finality is single-step. A committed block is final - there is no probabilistic wait and no separate second phase to reach settlement certainty. Routing decisions, taking the owned-object fast path, are final in roughly 250 to 400 milliseconds; shared-state writes (fraud blacklist, settlement) are final at consensus commit, roughly 390 milliseconds. This removes an entire class of reorganisation risk: with instant BFT finality there is no probabilistic history to rewrite, so a long-range fork attack has nothing to attack.
3.4 Fiat-Pegged Fee Pricing
Network service fees settle in VPXN, but their value is anchored to fiat - and two layers that are often conflated are worth separating. The display layer is universal: a fee can be quoted to any participant in any local currency - GBP, NGN, INR, BRL and beyond - as a read-time conversion, so that everyone, everywhere, gets the same budgeting certainty in the currency they actually think in. This is also what lets the customers of our customers - resellers, aggregators, downstream enterprises - transact against the network in their own currency without ever having to see, hold or understand VPXN. The token stays invisible plumbing.
The peg layer is deliberately more conservative, because a peg is a guarantee the protocol makes. Fees are denominated on-chain against a disciplined basket of deep, oracle-reliable currencies - GBP, EUR and USD at genesis, matching the market reality that wholesale voice settles in USD and messaging in EUR. A currency is admitted to the basket only when both a liquid, manipulation-resistant price feed and a means to hedge it exist; that test, not a "major versus exotic" label, is the gate, and the basket is expandable by governance as more currencies qualify (INR, for instance, has deep non-deliverable-forward markets). Pegging to a currency the protocol cannot truly price or hedge would relocate FX risk into the one place it must not sit, and would offer certainty in a unit no one can actually transact at - the opposite of the intent.
The layer between local display and the settlement peg - the FX conversion itself - is a VoicePro service, not a protocol primitive. It is where corridor, float and FX-margin economics live, and it is the mechanism by which downstream local-currency demand becomes network volume: quote local, settle in a strong unit, own the corridor.
Example: A routing fee is fixed at £0.002 per minute. If VPXN trades at £0.10 (illustrative price), the carrier pays 0.02 VPXN per minute. If VPXN rises to £0.50, the carrier pays 0.004 VPXN per minute - the fiat cost remains constant.
The fiat-to-VPXN exchange rate is split into two parts, because they carry very different risk. The currency legs of the peg basket (GBP, EUR, USD against a reference) are a commodity - sourced from established, battle-tested oracle networks such as Pyth and Chainlink, not built in-house. There is no reason to reinvent a price feed the entire industry already depends on. These peg-basket feeds are settlement-grade, and a currency cannot join the basket until such a feed exists for it. The universal display layer, by contrast, is served by a separate, broader and deliberately softer rate feed covering many more currencies: a display conversion that is a fraction of a percent off is cosmetic, whereas the peg feed governs real settlement and is held to the higher standard. Two tiers of feed for two tiers of purpose.
The only genuinely bespoke feed is the VPXN price itself, because at genesis VPXN is a new native token with no external market to read. For that leg the protocol computes a time-weighted average price (TWAP) from the native on-chain liquidity pool plus signed OTC settlement reports from registered counterparties, updated on-chain, with TWAP smoothing to prevent flash-crash or manipulation-driven spikes. As VPXN gains external market venues over time, those simply become additional inputs to the same average.
The VPXN TWAP degrades gracefully: if the primary averaging window cannot update, the protocol falls back to progressively shorter windows for faster response while retaining manipulation resistance. Only if pricing cannot be established at all for an extended outage does the next safeguard engage.
Emergency fallback (VPXN leg only): if the VPXN TWAP cannot update for an extended period, a DAO-elected multi-signature authority can post an emergency rate - bounded by a strict maximum deviation from the last known value (5%) and drawn from publicly verifiable sources - with all such writes recorded on-chain with a full audit trail. This is a narrow safety valve for the one bespoke feed, not a multi-tier authority sitting over the whole oracle. The commodity FX legs need no such override; they inherit the reliability of the external networks.
Automatic Fee Suspension: If oracle failure exceeds 72 hours with no emergency update, all fiat-pegged fees automatically suspend until oracle restoration, protecting carriers from stale pricing risk.
This design keeps costs predictable on both sides of the ledger: a carrier pays a fixed fee in fiat terms and a node operator earns a fixed fee in fiat terms, regardless of which way VPXN moves in between - the token is the settlement rail, not the source of the return. Industry precedent: Chainlink uses a similar fiat-pegged pricing model with demonstrated enterprise adoption (see: Chainlink Economics 2.0, chainlink.com/economics).
3.5 Example: Complete Routing Decision Lifecycle
Concrete example demonstrating how all protocol components interact:
T=0ms: Carrier X (VoicePro Plus) wants to route call to +44 20 7946 0958 (London number).
T=2ms: Request arrives at Gateway Node GW-UK-01 via standard SIP INVITE message.
T=5ms: Gateway Node queries Fraud Nodes: "Is +44 20 7946 0958 blacklisted?" Fraud consensus responds in 8ms: No blacklist match, fraud score 12/100 (low risk).
T=13ms: Gateway Node submits routing request to Routing Node pool with quality constraints: minimum ASR 65%, minimum ACD 40s, destination UK.
T=18ms: Routing Node RN-EU-14 queries local quality cache (updated every commit, ~390ms, from chain state). Finds 3 available routes: Route A (Carrier Alpha, £0.045/min, ASR 71%, ACD 52s), Route B (Carrier Beta, £0.038/min, ASR 58%, ACD 48s), Route C (Carrier Gamma, £0.052/min, ASR 89%, ACD 67s).
T=22ms: Routing decision logic: Route B eliminated (ASR 58% fails 65% threshold). Between Route A and Route C, both meet quality requirements. Route A selected (lowest cost among qualifying routes: £0.045 vs £0.052).
T=28ms: The routing decision is written as an owned Call object on the fast path - final in roughly 300ms, in parallel with every other call in flight, with no full consensus round required. It records the selected route, quality scores at decision time, the cost calculation, timestamp and requesting carrier.
T=35ms: Gateway Node translates decision back to SIP 302 Moved Temporarily response, directing call to Carrier Alpha SIP trunk.
T=40-180s: Call proceeds over Carrier Alpha infrastructure (media flows peer-to-peer, never touches VPX blockchain).
T=180s: Call completes. Gateway Node submits CDR to Analytics Node pool: duration 180s, actual ASR 100% (call completed), actual ACD 180s, destination +44 20 7946 0958, route Carrier Alpha.
T=182s: Analytics Node AN-US-07 processes CDR in real-time stream. Updates Route A quality metrics: ASR maintained 71%, ACD updated to 53s (weighted average including this call). Commits updated metrics to blockchain.
T=183s: Settlement Contract executes: Debits Carrier X escrow 0.0045 × 3 minutes = £0.0135 equivalent in VPXN (at current oracle rate £0.10/VPXN illustrative = 0.135 VPXN). Credits Carrier Alpha £0.0135 equivalent. Records settlement transaction on-chain (final confirmation at T=185s).
T=185s: With single-step BFT finality there is no separate attestation phase and no probabilistic wait - the routing decision, CDR record and settlement transaction are all final. The immutable audit trail for the call is complete.
4. Node Architecture
The VPX Network comprises four specialised node types. Each type performs a distinct function within the ecosystem and requires specific hardware, software and staking commitments.
4.1 Fraud Nodes
Fraud Nodes are responsible for real-time fraud detection and consensus-driven blacklist management. Each Fraud Node runs an AI scoring model (gradient boosting + neural network ensemble) that evaluates 47 behavioural and network features per number submission. When a Fraud Node identifies a suspicious number, it submits a fraud report to the network.
Blacklisting requires 2/3+ consensus from active Fraud Nodes. A counter-evidence process allows any node to submit exonerating data before a blacklist entry is confirmed. Confirmed blacklist entries propagate to all network participants within 60 seconds of blockchain confirmation.
Fraud types covered include IRSF (International Revenue Share Fraud), Wangiri (one-ring callback fraud), AIT (Artificially Inflated Traffic), CLI spoofing and grey route detection.
4.2 Routing Nodes
Routing Nodes maintain a continuously updated quality picture of every route on the VPX Network. Quality dimensions tracked are ASR (Answer-Seizure Ratio), ACD (Average Call Duration), PDD (Post-Dial Delay), NER (Network Effectiveness Ratio) and MOS (Mean Opinion Score).
When a routing request arrives, the Routing Node applies quality-weighted Least Cost Routing. Routes failing configurable quality thresholds are eliminated regardless of cost. Among qualifying routes, the lowest cost option is selected. The routing decision - including quality scores at decision time, route selected and cost calculation - is recorded on-chain as an immutable audit record.
Quality data is refreshed every commit (~390ms). A route that degrades mid-session triggers an immediate quality score update that affects subsequent routing decisions within one commit.
4.3 Analytics Nodes
Analytics Nodes are the data processing backbone. They ingest raw CDR data from connected carriers and network nodes, process it as a real-time stream (not batched) and produce the quality metrics, traffic intelligence, anomaly signals and billing data that power every other function in the ecosystem.
Enriched CDRs are available within 2 seconds of call completion. Network-wide intelligence aggregates - route quality benchmarks, traffic volume trends, destination performance rankings - are computed by the Analytics Node population and committed to VPX Protocol hourly as consensus-derived reference data.
4.4 Gateway Nodes
Gateway Nodes bridge traditional telecom protocols to the VPX blockchain layer. They perform bidirectional protocol translation between SIP (RFC 3261, IETF), H.323 (ITU-T H.225.0/H.245) and SMPP v3.4 (Short Message Peer-to-Peer protocol version 3.4, smpp.org - the protocol version, unrelated to VPX Token Economy v3.5) on the carrier side, and VPX Protocol transactions on the blockchain side.
From a carrier's perspective, a Gateway Node looks like a standard SIP or H.323 interconnect peer. The carrier sends traffic using their existing switch configuration. The Gateway Node translates signalling into VPX routing requests, receives the routing decision and translates the result back to SIP or H.323 for delivery. Media flows directly between endpoints - Gateway Nodes handle signalling only.
Gateway Nodes also serve as CDR submission points. Every call transiting a Gateway Node contributes quality and traffic data to the shared network intelligence pool.
4.5 Node Hardware & System Requirements
Each node type has specific hardware requirements based on computational workload. These are MINIMUM specifications for production operation - higher specs improve performance and reward potential.
- IPv4 + IPv6: All nodes must support dual-stack IPv4/IPv6.
- Public IP: Gateway Nodes require static public IP. Other node types can operate behind NAT with UPnP/port forwarding.
- Latency: Recommended latency to nearest 3 peer nodes <30ms (affects validator selection).
- Uptime: Target 99.5% uptime (monitored per epoch). Below 90% uptime in any epoch = no rewards for that epoch.
- Security: SSH key-only access, automatic security updates enabled, firewall configured (ports 30333 blockchain P2P, 9944 RPC, node-type-specific ports).
5. Smart Contract Layer
The VPX smart contract layer governs three core functions: routing policy, fraud consensus and settlement. Contracts are written in Move - the resource-oriented language of the object-model base - not a general-purpose VM such as the EVM, and not a bespoke language of our own. Move is the right tool for a settlement chain for one specific reason: it models value as a linear resource that cannot be copied or double-spent by construction, so the property a settlement system most needs is enforced by the language itself rather than hoped for by the auditor. Move is also amenable to formal verification via the Move Prover, which is applied to the money-critical settlement and staking paths.
5.1 Routing Contracts
Routing contracts define the quality thresholds, cost constraints and traffic class rules that Routing Nodes apply to every decision. Carriers can deploy custom routing contracts specifying their own quality-cost tradeoffs per traffic class (e.g. "for premium CLI traffic, require ASR >65% and ACD >45s regardless of cost"). Contract parameters are modifiable by the deploying carrier via signed transactions.
5.2 Fraud Contracts
Fraud contracts govern the consensus process for blacklist management. They define the consensus threshold (currently 2/3+ active Fraud Nodes), the counter-evidence window (currently 30 seconds), the evidence submission format and the stake slashing conditions for demonstrably false reports. Fraud contract parameters are governed by DAO vote.
5.3 Settlement Contracts
Settlement contracts automate inter-carrier billing based on on-chain CDR records. When a call completes and the CDR is recorded on-chain, the settlement contract calculates the cost based on the applicable rate, debits the originating carrier's escrow and credits the terminating carrier. Settlement is per-call and near-real-time - eliminating the 30-90 day reconciliation cycles that characterise traditional wholesale settlement.
6. Network Topology & Geographic Distribution
The VPX Network operates as a fully connected mesh at the consensus layer, with geographic distribution requirements enforced by the validator selection algorithm at the protocol level. No single data centre, country or network provider can host more than 33% of active validators - preventing geographic or infrastructure concentration from compromising consensus integrity.
6.1 Enhanced Protocol-Level Geographic Enforcement
Geographic diversity is not a policy recommendation - it is enforced by the protocol itself through the validator selection algorithm with multiple independent verification methods. Each node registers with verifiable location identifiers validated by physical network characteristics that cannot be spoofed via VPN or proxy:
- IP Geolocation (Primary): Validated by at least 3 peer nodes using independent geolocation databases (MaxMind GeoIP2, IP2Location, ipinfo.io). Nodes that cannot achieve 3-peer consensus on their declared location are excluded from validator selection.
- Latency Triangulation (Physical Validation): Peer nodes in known, verified locations (initially VoicePro Plus operated anchor nodes in London, Frankfurt, New York, Singapore, Tokyo) measure round-trip latency to the claiming node. Physics cannot be spoofed: a node claiming to be in Tokyo cannot respond to a Tokyo anchor in <5ms while responding to a London anchor in 250ms.
- Timezone Clock Correlation: Nodes submit signed timestamps at randomised intervals. Clock skew patterns indicate timezone (a node in GMT+9 will have systematic time delta vs GMT nodes). Combined with NTP server detection (which NTP servers is the node syncing from - geographic indicator), this provides additional location validation.
- AS Number (Autonomous System): Extracted from BGP routing tables and cross-referenced against RIR (Regional Internet Registry) WHOIS data. Prevents a single network provider from operating excessive validators under different branding.
- Data Centre Provider: NO LONGER self-declared. Extracted from BGP AS-to-datacenter mapping databases (PeeringDB, Hurricane Electric BGP Toolkit) and cross-validated with IP range WHOIS data.
6.2 Validator Selection Algorithm (Hybrid Deterministic Shortlist + VRF Sample)
The validator selection algorithm is a hybrid two-stage process: a deterministic merit-based shortlist filtered for geographic diversity, followed by a VRF-driven random sample drawn from that shortlist. It preserves merit and geography filtering while removing the long-horizon predictability that a pure deterministic top-N would create.
Stage 1 - Deterministic geographic-merit shortlist (size = 2N).
Step 1.1: Sort all eligible nodes by (stake weight × performance score) in descending order.
Step 1.2: Filter out nodes in over-represented regions - if Region X hosts >30% of current validators, exclude the lowest-scored X-region nodes until the threshold is met.
Step 1.3: Filter out nodes in over-represented networks - if AS Number Y hosts >20% of current validators, exclude the lowest-scored Y-AS nodes.
Step 1.4: Filter out nodes in over-represented datacenters - if Data Centre Z hosts >15% of current validators, exclude the lowest-scored Z-datacenter nodes.
Step 1.5: Take the top 2N nodes from the filtered set (where N is the target active-validator count, e.g. 150 → shortlist of 300). This shortlist is deterministic and verifiable epoch-ahead from on-chain state.
Stage 2 - VRF-driven random sample (size = N).
Step 2.1: Sample N validators from the 2N-shortlist using a Verifiable Random Function (VRF). The VRF seed is `keccak256(prev_block_hash, prev_epoch_hash, beacon_round)` where the beacon round is drawn from drand (or an equivalent distributed-randomness beacon). Sampling is stake-weighted within the shortlist - each shortlisted node's sampling probability is proportional to its (stake × performance) score within the shortlist.
Step 2.2: The VRF output is publicly verifiable: any party can recompute the seed from on-chain inputs and verify that the selected validator set matches the VRF-derived sample. Selection cannot be reordered, grinded, or covertly biased.
This hybrid preserves the geographic-diversity guarantees of the deterministic filter while introducing per-epoch unpredictability against long-horizon adversary planning. It also rules out the gameable-tiebreak surface of pure deterministic top-N when many shortlisted nodes have near-identical scores.
This algorithm is designed so that lying about location does not work - peer nodes cross-validate all location claims using physical network characteristics (latency triangulation, timezone correlation), and nodes submitting false location data are automatically excluded and subject to stake slashing (25% first offence, 75% second offence, 100% plus permanent exclusion third offence).
6.3 Geographic Spoofing Resistance
While the latency triangulation and multi-factor verification system provides strong resistance to casual geographic spoofing, sophisticated attackers with distributed infrastructure could potentially bypass single-method validation. The protocol implements layered defense:
Active Probing: Random validators send timing challenges to suspected collocated nodes at unpredictable intervals. Nodes that exhibit consistent latency patterns indicating proxy forwarding (e.g., Tokyo node showing London-like latency to London anchors via forwarding server) are flagged for investigation.
Economic Penalties: Validators caught spoofing geographic location forfeit their entire stake and face permanent network ban. The penalty severity reflects the critical importance of geographic distribution to network security.
Minimum Inter-Node Distance: Validators operated by the same legal entity or known-affiliated parties must maintain >2,000km geographic separation (measured by average peer-to-peer latency verification). This prevents single operators from claiming diversity while actually controlling collocated infrastructure.
Limitation Acknowledgment: Geographic verification provides strong resistance to casual spoofing and raises the cost of sophisticated attacks, but cannot prevent well-funded adversaries with genuinely distributed infrastructure (multiple rented servers across continents). The economic cost and operational complexity of such attacks (maintaining 33%+ of stake across genuine global infrastructure) serves as the primary deterrent.
6.4 Fault Tolerance Characteristics
Geographic distribution combined with consensus requirements provides exceptional fault tolerance:
- Byzantine fault tolerance up to 1/3 of active validators
- Automatic failover within a single commit round if a validator drops - the DAG consensus has no single block producer to lose
- Network partition recovery: the segment retaining a 2/3 validator quorum stays live, while a segment without quorum halts and resyncs committed state on heal (no fork, no longest-chain)
- Geographic distribution enforced at the protocol level - not by policy
- No single point of failure for routing, fraud or settlement functions
- Survives total loss of any single country, datacenter provider, or AS network
- Designed behaviour: a total internet outage isolating the EU (around 40% of validators) leaves consensus with the reachable US and APAC validators; provided they still hold two-thirds of stake, block production continues and the isolated validators re-sync on reconnection with no manual intervention. A testnet validation of this behaviour is scheduled for Q3 2026 as part of pre-mainnet hardening.
7. Performance Characteristics & Throughput Breakdown
The VPX Protocol operates within the performance envelope required for real-time telecom operations, and the base it is built on already exceeds that envelope. The Mysticeti-class consensus underneath VPX has been benchmarked in published testing at over 200,000 transactions per second with sub-second commit; the object-model fast path finalises independent operations in roughly 250 to 400 milliseconds. VPX does not need the headline maximum. Sizing from real telecom event volumes - a routing decision, a fraud check, a CDR and a settlement per call - puts sustained load in the single-digit-thousands of transactions per second even at very large scale, with busy-hour peaks in the low tens of thousands.
Honest target vs proven capacity: the design target is 5,000 to 10,000 TPS sustained with headroom to roughly 20,000 at peak - comfortably inside the base consensus's proven capacity, with room to scale further as demand grows. The capacity figures are the published benchmark numbers of the underlying consensus, not VoicePro lab claims; VoicePro-specific mainnet performance under a geographically distributed validator set will be confirmed during the Phase 2 rollout and stated as measured, not projected.
7.1 Performance Scaling Model
This is where the choice of base matters most. In classical single-leader BFT, throughput degrades as the validator set grows, because every validator must broadcast to every other - an O(n squared) cost that forces a trade between decentralisation and speed. The DAG-based consensus underneath VPX decouples transaction dissemination from ordering: capacity scales with the number of worker processes rather than collapsing with the validator count, and adding workers adds throughput close to linearly.
The practical consequence is that the network scales by adding nodes rather than being capped by them, and the geographic-diversity target (hundreds of validators across dozens of countries) does not force a throughput sacrifice the way it would on a single-leader chain. The real trade the network makes is latency against validator count and geography, not throughput against decentralisation.
8. Security Model
The VPX security model combines cryptographic guarantees with economic incentives:
All transactions are signed with Ed25519 keys. Node identity is tied to staked tokens, creating an economic cost for Sybil attacks. Fraud report accuracy is tracked per-node, with consistently inaccurate nodes subject to economically prohibitive progressive stake slashing: 25% first offence, 75% second offence, 100% third offence plus permanent network ban and public blacklist. Additionally, if a false fraud report causes proven economic damage to a carrier (verified via dispute resolution), the slashing penalty is multiplied by 3x the documented damages, ensuring malicious reports are never profitable.
Smart contract execution is sandboxed and formally verifiable. Routing contracts cannot access settlement state, and fraud contracts cannot modify routing parameters. This separation of concerns prevents cross-domain attack vectors.
The Gateway Node layer provides an additional security boundary. Carrier traffic never touches the blockchain directly - all interaction is mediated through the Gateway Node's protocol translation layer, which validates and sanitises all inputs before submitting transactions to the network.
9. Network Monitoring & Observability
The VPX Protocol includes comprehensive monitoring infrastructure for network health, performance tracking and anomaly detection:
9.1 Real-Time Dashboards
Planned public dashboard (vpx.network/dashboard, to be deployed at mainnet genesis) will display real-time network metrics updated every 30 seconds:
- Active validator count and geographic distribution map
- Current TPS (routing, fraud, settlement transactions)
- Block production time (P50, P95, P99 latencies)
- Consensus participation rate (percentage of eligible validators actively voting)
- Total stake distribution by node type
- Network-wide quality metrics (ASR, ACD, fraud detection rate)
- VPXN burn tracker (real-time cumulative burn counter)
9.2 Node Operator Metrics
Each node operator has access to a private metrics portal showing node-specific performance data:
- Uptime percentage (current epoch and historical 30-day average)
- Performance Score trend (daily scores for past 90 days)
- Reward earnings (per-epoch breakdown, cumulative totals)
- Slashing history (if any offences recorded)
- Peer connectivity status (connected peer count, geographic distribution, latency measurements)
- Resource utilisation (CPU, RAM, disk I/O, network bandwidth)
- Validator ranking (current position in validator selection queue)
9.3 Alerting & Anomaly Detection
Automated alerts trigger when network health degrades or anomalies are detected:
- Consensus degradation: Alert if <67% of validators are participating in attestation (approaching Byzantine threshold)
- Performance degradation: Alert if P95 commit latency exceeds 2 seconds for 10+ consecutive commits
- Geographic concentration: Alert if any single region exceeds 35% validator concentration
- Validator churn: Alert if >15% of validators deregister within a 24-hour period
- Fraud spike: Alert if fraud report volume exceeds 3× 30-day average
- Economic anomaly: Alert if VPXN price moves >20% in 1 hour (potential oracle manipulation or market manipulation)
9.4 On-Chain Analytics
Historical blockchain data is queryable via GraphQL API and archived for long-term analysis:
Routing analytics: Quality score trends by destination country, carrier performance rankings, cost optimisation opportunities.
Fraud analytics: Fraud type distribution, geographic fraud hotspots, time-series fraud incidence.
Economic analytics: Stake distribution evolution, reward yield by node type, burn rate trends, fee revenue projections.
Network growth: Validator count over time, total stake growth, transaction volume trends, geographic expansion.
10. Data Retention & Storage Model
The VPX Protocol implements a tiered data retention model balancing operational requirements, regulatory compliance and blockchain scalability:
10.1 On-Chain Data (Permanent)
Permanently stored on-chain with full replication across all validators:
- Routing decisions (transaction hash, timestamp, selected route ID, quality scores at decision time, requesting carrier ID)
- Fraud blacklist entries (number, fraud type, consensus vote record, timestamp, evidence hash)
- Settlement records (originating carrier, terminating carrier, call duration, rate, VPXN amount, timestamp)
- Smart contract deployments and updates
- Governance proposals and voting records
- Validator registration and stake records
10.2 On-Chain Data (Time-Limited)
Stored on-chain for defined retention periods, then archived to decentralised storage (IPFS, Arweave):
- Full CDR data: 13 months on-chain (regulatory minimum for telecom billing disputes per UK Communications Act 2003 and EU eIDAS Regulation 910/2014), then archived with cryptographic proof anchor remaining on-chain permanently
- Quality metrics historical data: 24 months on-chain (sufficient for trend analysis), then aggregated monthly summaries remain on-chain permanently
- Fraud investigation evidence: 36 months on-chain (statute of limitations for fraud prosecution in most jurisdictions), then archived
10.3 Off-Chain Data (Node-Local)
Stored locally by individual node operators, not replicated network-wide:
- Raw SIP/H.323 signalling logs (Gateway Nodes only) - 90 days local retention, not uploaded to blockchain
- ML model training data (Fraud Nodes only) - retained indefinitely for model improvement, privacy-scrubbed before any sharing
- Quality cache tables (Routing Nodes) - ephemeral, reconstructed from on-chain data every commit (~390ms)
- CDR processing pipeline intermediate data (Analytics Nodes) - 48 hours retention, then deleted after enriched CDR published on-chain
10.4 Archival & Pruning
After time-limited on-chain data expires, it is migrated to decentralised archive storage (Arweave for permanent archival, IPFS for cost-optimised retrieval). A cryptographic anchor (Merkle root hash) of the archived data remains on-chain permanently, allowing anyone to verify archive integrity.
Archive retrieval: Any party can retrieve archived data by querying the archive network with the on-chain anchor hash. Archive storage fees are paid by the VPX DAO Treasury from protocol fee revenue.
Pruning does not affect light clients or new validators - they can sync from genesis by downloading archived data and verifying it against on-chain anchor hashes.
11. Privacy & GDPR Compliance
The VPX Protocol processes CDR data containing phone numbers (personal data under GDPR) and settlement records (financial data). As traffic data generated by a public electronic communications service, CDRs also fall under the UK Privacy and Electronic Communications Regulations 2003 (PECR): processing is limited to the permitted purposes - billing, interconnection payment, fraud prevention and network management - with erasure or anonymisation once no longer required for them. Compliance mechanisms:
11.1 Data Minimisation
Only data strictly necessary for routing, fraud detection and settlement is recorded on-chain. Specifically:
- Phone numbers: Stored as keyed hashes (HMAC-SHA-256 under a secret salt held in the off-chain key-management service, so a digest cannot be brute-forced against the small phone-number keyspace) except where fraud investigation requires plaintext for law enforcement coordination
- Call content: NEVER stored. Media flows peer-to-peer over carrier infrastructure, never touches VPX nodes
- Geolocation: not collected by the wholesale settlement protocol - routing is destination-number-based, not location-based. (VoicePro Mobile, as an MVNO, has access to network-derived serving-cell data via its network operator; that is governed by the consumer Privacy Policy, not this protocol.)
- End-subscriber identity: not known to the wholesale protocol. The protocol records A-party and B-party numbers (keyed-hashed per 11.1) and the originating and terminating carrier IDs, not the personal identity of the individual behind a number. (For VoicePro Mobile SIM and DID customers, subscriber identity is held under the consumer Privacy Policy.)
11.2 Right to Erasure (GDPR Article 17)
Blockchain immutability conflicts with right-to-erasure requirements. VPX implements cryptographic erasure as the compliance mechanism:
Personal data on-chain is encrypted with a per-record AES-256 key. The encryption key is stored off-chain in a GDPR-compliant key management service operated by VoicePro Plus (UK-based; ISO 27001 certification in progress). Upon receiving a valid erasure request, the encryption key is permanently deleted - rendering the on-chain ciphertext permanently unreadable (cryptographic erasure). The ciphertext remains on-chain (required for blockchain integrity), but without the key it is computationally infeasible to recover the plaintext.
This approach is recognised by data protection authorities as compliant with GDPR Article 17 when technical deletion is impossible (see: French CNIL, "Blockchain and the GDPR: Solutions for a responsible use of the blockchain in the context of personal data", September 2020, cnil.fr/en/blockchain-and-gdpr-solutions-responsible-use-blockchain-context-personal-data).
11.3 Data Controller & Processor Roles
Under GDPR, data controller/processor roles are clearly defined:
Data Controllers: Individual carriers using VPX Network services. Each carrier controls the personal data of its own subscribers and determines purposes/means of processing.
Data Processor: VoicePro Plus operates as data processor on behalf of carrier controllers. VoicePro Plus processes CDR data solely for the purpose of providing VPX Network services (routing, fraud detection, settlement) as instructed by carriers.
Node Operators: NOT data processors (they process only encrypted/hashed data and have no ability to identify individuals). Node operators are independent infrastructure providers, not acting on behalf of controllers.
Each carrier signs a Data Processing Agreement (DPA) with VoicePro Plus specifying processing purposes, security measures and data subject rights handling.
12. Smart Contract Security Program
All VPX smart contracts undergo formal verification and multi-phase security auditing before deployment:
12.1 Formal Verification
Routing, fraud and settlement contracts are written in Move - the resource-oriented language of the object-model base (Section 5) - whose type system makes assets first-class resources that cannot be duplicated or silently dropped. Every contract undergoes automated formal verification proving that: state transitions are deterministic, no arithmetic overflow/underflow is possible, access controls cannot be bypassed, contract termination is guaranteed (no infinite loops), inter-contract calls cannot create re-entrancy vulnerabilities.
Formal verification is performed using the Move Prover, the specification-driven verifier for Move: invariants and pre/post-conditions are written alongside the contract source and machine-checked on every build. Verification proofs are published publicly with each contract deployment.
12.2 Security Audits
Three-phase audit process before any contract deployment:
- Phase 1 (Internal): VPX Engineering team performs line-by-line code review and automated static analysis (Move-native analysers plus the Move Prover specification suite)
- Phase 2 (External): Independent security firm performs comprehensive audit (examples: Trail of Bits, OpenZeppelin, Consensys Diligence, or equivalent - rotating auditors to avoid familiarity bias)
- Phase 3 (Public Bug Bounty): 60-day public bug bounty on testnet deployment with rewards up to $250,000 for critical vulnerabilities. Administered via the Immunefi platform - the programme page is published at testnet launch - with tiered rewards: Critical ($100K-$250K), High ($25K-$100K), Medium ($5K-$25K), Low ($1K-$5K). Scope includes all smart contracts, consensus mechanisms, and node software. Out of scope: frontend UI, documentation, known issues already disclosed.
12.3 Upgrade Mechanism
Smart contracts are upgradeable via DAO governance vote to fix bugs or add features, but with safeguards against malicious upgrades:
Upgrade proposals require: 7-day discussion period, 14-day voting period (66%+ approval threshold), 7-day timelock before execution. Timelocked upgrades are publicly visible, allowing the community to verify the upgrade code and exit the network if an upgrade is deemed malicious.
Emergency Upgrade Constraints: Critical security fixes can bypass timelock via 7-of-9 multi-sig authority (DAO-elected, publicly disclosed identities, geographically distributed, subject to annual re-election). Multi-sig signer identities and affiliations will be announced 30 days before mainnet genesis. Emergency upgrades are strictly constrained:
Permitted: Bug fixes, performance patches, security vulnerability hotfixes.
Prohibited: Modifications to settlement logic, stake balances, fee distribution formulas, consensus parameters, or any functionality changes.
Mandatory Third-Party Audit: All emergency upgrades must undergo independent security audit by qualified firm within 7 days of deployment (retroactive review). Audit results are published on-chain.
Community Fork Right: The community retains explicit right to fork the network if an emergency upgrade is deemed malicious or overreaching. Emergency multi-sig power is a trusted last-resort mechanism, not a governance override.
13. Economic Attack Resistance
The VPX Protocol is designed to resist economic attack vectors common to decentralised networks:
13.1 51% Stake Attack
An attacker acquiring 51% of staked VPXN could theoretically control validator selection and manipulate consensus. Mitigation: Geographic distribution enforcement reduces this to a 51% stake + geographic distribution attack - the attacker must control 51% of stake AND distribute their validators across sufficient geographies to pass location verification. This dramatically increases attack cost.
Additionally, the blended validator selection formula (stake weight × performance score) means raw stake alone is insufficient - the attacker must also operate high-performance nodes. A well-capitalised attacker with poor node performance will rank below smaller but better-operated nodes.
Because validator selection is multi-factor, a 51% stake holder controls far fewer than 51% of validator slots: geographic distribution enforcement caps how many of an attacker's validators can be seated from any one region, and performance scoring demotes poorly-operated nodes regardless of stake. A testnet validation of this defence is scheduled for Q3 2026 as part of pre-mainnet security hardening, with the measured attacker validator share and consensus outcome published alongside the results.
13.2 Sybil Attack (Fake Node Spam)
An attacker could spin up thousands of low-stake nodes to flood the network. Mitigation: Minimum stake requirements (50,000 VPXN for Fraud Nodes, 75,000 for Routing Nodes, 100,000 for Analytics Nodes, 150,000 for Gateway Nodes). At illustrative VPXN price ($0.10), spinning up 1,000 fake Fraud Nodes costs $5.0M in stake - economically irrational given that validator selection favours high-stake, high-performance nodes.
Additionally, nodes with stake below the 75th percentile are deprioritised in validator selection. Sybil attackers creating many low-stake nodes will cluster at the bottom of the selection ranking.
13.3 Eclipse Attack (Network Isolation)
An attacker could attempt to isolate a target node by controlling all its peer connections, feeding it false blockchain state. Mitigation: Nodes are required to maintain connections to at least 12 peers distributed across at least 4 different AS numbers and 3 different geographic regions. A node that cannot satisfy this peer diversity requirement is automatically flagged as potentially eclipsed and excluded from validator selection.
Peer selection is randomised with geographic stratification - not user-configurable. This prevents an attacker from tricking a node into connecting only to attacker-controlled peers.
13.4 Long-Range Attack (Rewriting History)
An attacker who previously held significant stake could attempt to fork the chain from a historical point, rewriting blockchain history. Mitigation: Checkpointing. Every 10,000 blocks (~1.4 hours), the network produces a checkpoint (Merkle root hash of blockchain state) that is embedded in the VoicePro Plus mobile app and node software updates. Nodes reject any chain fork that conflicts with an embedded checkpoint.
Checkpoints are also published to Ethereum mainnet (high security, censorship-resistant anchor). An attacker attempting a long-range attack would have to rewrite both VPX history AND Ethereum history - economically infeasible.
14. Three-Phase Launch Strategy
VPX Protocol launches in three phases over an 18-month timeline:
14.1 Phase 1: Testnet & Early Adopter Pilot (Months 1-6)
Goals: Validate protocol performance under real-world telecom load, onboard 10-15 early adopter carriers, demonstrate sub-50ms routing decisions and <60s fraud propagation in production conditions.
Network configuration: 50-75 validators (operated by VoicePro Plus and strategic partners), permissioned testnet (invite-only node operators), test VPXN tokens (no economic value, unlimited faucet supply).
Testnet Access: Wholesale carriers and node operators interested in Phase 1 participation can apply via vpx.network/testnet-access (application portal launches Q3 2026). Priority access will be granted to carriers with >10M annual voice/SMS minutes, established infrastructure, and technical teams capable of operating VPX nodes. Selection criteria include geographic diversity, traffic volume, and strategic fit with VPX ecosystem goals.
Target success metrics: 30-day period with 99.5%+ uptime, sustained 10,000+ TPS routing decision throughput, zero critical security incidents, positive feedback from at least 8 of 10 pilot carriers.
Carrier onboarding during Phase 1 utilises bootstrap incentives detailed in Section 16, including 100% fee subsidisation and early adopter bonus allocations to remove adoption friction.
14.2 Phase 2: Mainnet Genesis & Public Node Onboarding (Months 7-12)
Goals: Launch mainnet with real economic stake, transition from permissioned to permissionless validator set, achieve 150+ active validators across 25+ countries, activate VPXN token economy.
Network configuration: Mainnet genesis block produced (Month 7), on-chain VPXN token generation event (TGE) minting the fixed 1B supply into the pre-allocated buckets per Token Economy §2 (no public retail sale - distribution is to private-round participants subject to vesting, treasury, and rewards/incentive pools), permissionless node registration opens (any party meeting minimum stake and hardware requirements can operate a validator), DAO governance activated (protocol parameter changes require token holder vote).
Target success metrics: 150+ active validators by Month 12, at least 30 carriers routing live production traffic, sustained throughput at the 5,000-10,000 TPS design target with validated headroom to roughly 20,000 TPS at peak (Section 7), geographic distribution across 25+ countries, DAO successfully executes at least one governance proposal.
14.3 Phase 3: Cross-Chain Integration & Ecosystem Maturity (Months 13-18)
Goals: Bridge VPX settlement data to Ethereum L2s for DeFi integration, expand beyond voice/SMS to support IoT connectivity routing, achieve 500+ active validators, activate advanced features (cross-chain bridges, DeFi liquidity pools, decentralised exchange integration).
Network configuration: Ethereum L2 bridge deployment (settlement data published to Arbitrum/Optimism for DeFi composability), VPXN liquidity pools on Uniswap/Curve, delegation marketplace for passive VPXN holders, and cross-chain composability for consumer rewards (VoicePro Mobile users can bridge and trade their earned VPXN on Ethereum-side DeFi venues).
Consumer VPXN earning is not gated by this cross-chain phase. VoicePro Mobile launches in Q4 2026 (soft launch 1 October, hard launch 1 November) and users earn VPXN from their first call - recorded on the VoicePro rewards ledger from Day 1 and settled on-chain at mainnet genesis. What Phase 3 adds for consumers is cross-chain composability of those earned balances, not the earning itself.
Target success metrics (projected): 500+ active validators, $10M+ TVL in VPXN liquidity pools, 100+ carriers routing production traffic, cross-chain bridge processes 1,000+ settlement transactions per day, VoicePro Mobile app has 50,000+ active users earning VPXN rewards.
15. Business Value Proposition & ROI
Beyond technical capabilities, the VPX Protocol delivers quantifiable business value to wholesale carriers, addressing critical pain points in the current telecom ecosystem:
15.1 Fraud Loss Reduction
Industry estimates suggest global telecom fraud losses range from $30-40 billion annually, with IRSF (International Revenue Share Fraud) and Wangiri attacks representing a substantial portion of this total. Based on discussions with carrier fraud teams and VoicePro Plus operational experience, typical fraud loss rates range from 0.5-1.2% of wholesale voice revenue.
The loss is not evenly borne. A carrier that already screens its traffic in real time carries little fraud loss - the loss falls on the number holder and the Tier 1 operator, because in IRSF and Wangiri the money flows down the settlement chain and is paid out to the fraudster before detection catches up. That detection-time gap is the loss. VPX attacks it directly: consensus-driven fraud detection with cross-carrier blacklist propagation in under 60 seconds means a number flagged by any participant is blocked for all within a single fraud cycle, not days later. The protection is credible precisely because the network is built to block bad traffic even when blocking costs the operator revenue - the opposite of an industry norm in which the incentive to stop fraud is undercut by the revenue earned from carrying it. Conservative modelling suggests a 40-60% reduction in fraud-related losses for participating carriers with real exposure.
Carrier ROI Example: A Tier 2 carrier terminating 500M minutes annually with historical fraud loss rate of 0.8% (industry typical) loses approximately £1.8M annually to fraud. VPX participation (projected to reduce fraud rate to 0.3%) could save approximately £1.1M annually. Network participation costs (node operation + VPXN fees) = £180K annually. Net projected benefit: £920K. Actual results will vary based on carrier traffic patterns, fraud exposure, and network adoption.
15.2 Settlement Reconciliation Cost Savings
Traditional wholesale settlement involves: bilateral invoice exchange, manual reconciliation of CDR discrepancies, dispute resolution processes, 30-90 day payment cycles, and currency exchange complications.
Industry benchmarks suggest reconciliation overhead consumes 2-4% of gross settlement value. For a carrier processing £50M in annual settlements, this represents £1-2M in administrative overhead.
VPX's blockchain-based settlement with immutable CDR records and real-time reconciliation eliminates the majority of this overhead. Target reduction: 75% of reconciliation costs = £750K-1.5M annual savings for £50M settlement volume carrier.
15.3 Routing Quality Improvement
VPX's shared quality intelligence network (MOS scores, ASR data, PDD metrics contributed by all participants) enables superior routing decisions compared to individual carrier knowledge.
Improved routing quality translates to: Higher customer satisfaction (fewer dropped calls, better audio quality), Increased traffic volume (other carriers preferentially route to high-quality destinations), Premium pricing power (quality-differentiated routing commands higher rates).
Projected Impact: Based on quality-weighted routing optimisation models and carrier traffic analysis, VPX is expected to deliver ASR improvements in the 4-7 percentage point range for carriers with sub-70% baseline ASR. A 5-point ASR improvement on 500M annual minutes = approximately 25M additional connected minutes = £750K-1.25M additional revenue at a conservative blended £0.03-0.05/minute termination rate; on the higher-value international destinations that dominate real wholesale mixes, termination runs several times higher, scaling the recovered revenue up accordingly. Actual improvements will vary based on carrier baseline quality, traffic patterns, and network adoption.
15.4 Time-to-Market for New Interconnects
Establishing a new carrier interconnect traditionally requires: Commercial negotiation (2-4 weeks), Technical integration (SIP trunk testing, 1-3 weeks), Billing system integration (2-4 weeks), Credit and fraud vetting (1-2 weeks). Total time: 6-12 weeks.
VPX-connected carriers can establish routing relationships within 48 hours - commercial terms agreed, technical integration via existing Gateway Node connection, settlement and fraud detection automatically handled by protocol.
Business Value: Faster interconnect deployment enables carriers to capitalize on time-sensitive traffic opportunities (e.g., routing arbitrage, emergency traffic surges, new geographic markets) and reduces opportunity cost of delayed revenue.
15.5 Competitive Differentiation
VPX participation enables carriers to market: Blockchain-verified quality metrics (independently auditable ASR, MOS data), Real-time fraud protection (consortium-based threat intelligence), Instant settlement (next-block finality vs 30-90 day terms), Transparent pricing (on-chain fee visibility).
These differentiators attract enterprise customers and premium traffic sources seeking reliable, transparent wholesale partners.
16. Bootstrap Strategy & Cold Start Solution
VPX faces a classic two-sided marketplace problem: VPXN only has value if carriers use the network, but carriers won't adopt without proven value. The bootstrap strategy addresses this circular dependency:
16.1 Phase 1 Fee Subsidisation (Months 1-6)
The first 25 carriers joining the network receive 100% fee subsidisation for 6 months. They route traffic, benefit from shared fraud intelligence and quality data, but pay zero VPXN fees. VoicePro Plus Treasury covers all network service costs during this period.
Subsidy reduces to 50% in Months 7-12, then 25% in Months 13-18, finally reaching 0% (full market pricing) in Month 19+.
Goal: Remove adoption friction during critical network bootstrap phase, allowing carriers to validate value proposition risk-free.
16.2 Treasury Market Making
During Phase 1 (first 12 months post-mainnet) VoicePro Plus Treasury operates a discretionary market-making programme targeting a reference band of approximately £0.08-£0.12. This is not a price guarantee or price-support commitment: Treasury may pause, narrow, widen or withdraw the programme at any time, subject to DAO ratification, and the target band is forward guidance rather than a contractual floor or ceiling. The intent is to reduce - not eliminate - short-term volatility for carriers acquiring VPXN to pay fees. Token holders should assume VPXN price can move outside the reference band; refer to WP-09 Risk Disclosures.
Treasury deploys £2M in initial liquidity. At Day 1 this liquidity is deployed entirely on the native VPX-chain AMM (specification per §3.4 and the WP-01 update). Once the Phase 3 (Months 13-18) Ethereum L2 bridge is delivered and audited, a portion of the Treasury market-making allocation will be rotated into Ethereum-side pools (Uniswap V3, Curve, Balancer) under DAO ratification - that rotation is forward guidance, not a Day-1 commitment. The market-making contract automatically rebalances to maintain target price band.
As organic trading volume grows and VPXN achieves sufficient liquidity (target: £10M daily trading volume), Treasury gradually withdraws market making support over 6-month transition period.
16.3 Fiat Payment Bridge (Temporary)
During Phase 1, carriers can opt to pay VPX fees in fiat (GBP/EUR/USD) instead of VPXN. VoicePro Plus handles backend VPXN acquisition and fee payment on carrier's behalf.
This removes VPXN acquisition complexity for conservative carriers while still creating organic token demand (VoicePro Plus must buy VPXN on open market to pay fees).
Sunset Plan: Fiat payment option remains available until Month 18, then gradually increases in cost (5% convenience fee added) to incentivise direct VPXN usage. Fiat bridge fully sunset by Month 24.
16.4 Early Adopter Incentives
Carriers joining during Phase 1 (first 25 carriers) receive: Bonus VPXN allocation denominated as £15,000 per carrier at 30-day VWAP, ≈150,000 VPXN at the £0.10 reference, vested over 24 months - aggregate ≈£375K / ~3.75M VPXN across 25 carriers (authoritative reconciliation per TE §2.5 and EO §15.1), Reduced minimum stake requirements for operating nodes (50% reduction vs standard requirements), Governance weight multiplier (1.5x voting weight for first 12 months), and priority technical onboarding and integration support (dedicated integration engineering during the launch window). Routing itself is never preferential: every route is selected on published quality and price statistics, so no participant - including early adopters - receives routing favouritism.
Goal: Reward risk-taking early adopters and create network effects through quality-first carrier participation.
17. Competitive Landscape & Market Position
VPX operates in a market with established wholesale telecom platforms and emerging blockchain solutions. Understanding competitive differentiation is critical:
17.1 vs Traditional Wholesale Platforms
BICS TrustedRoutes: Centralised platform operated by BICS (Proximus subsidiary). Offers quality-based routing but with: Proprietary algorithms (no transparency), Centralised control (single company operates platform), No shared fraud intelligence, 30-day settlement terms.
VPX Advantage: Decentralised governance, transparent on-chain routing logic, consortium-based fraud detection, real-time settlement.
TransNexus ClearIP: SIP analytics and fraud prevention. Focuses solely on fraud, does not address routing optimisation or settlement. Subscription-based pricing (~$10K-50K annual licensing).
VPX Advantage: Integrated solution (routing + fraud + settlement in single protocol), pay-per-use pricing (no fixed subscription), blockchain immutability for fraud evidence.
Syniverse/Telin/COMFONE: Traditional wholesale carrier aggregation platforms. Hub-and-spoke model with centralised control, opaque pricing, manual processes.
VPX Advantage: Peer-to-peer architecture, programmatic routing, transparent on-chain pricing, no platform rent extraction.
17.2 vs Blockchain Competitors
Blockchain wholesale-voice networks: The most direct comparison is the emerging class of blockchain wholesale-voice projects that pair DePIN node networks with consumer call rewards. Their published models centre on least-cost routing and near-real-time settlement, typically with a token launched ahead of meaningful revenue and fraud handled, if at all, as a later add-on rather than a design principle.
VPX Advantage: VPX treats fraud as the core problem, not an efficiency footnote - routing traffic more cheaply without policing it simply routes the fraud more cheaply, so the integrity layer (real-time fraud consensus, immutable blacklists, slashing) is the point, not a bolt-on. And VPX sits on a regulated, revenue-generating carrier run by an operator with 25 years in wholesale telecom - the token realigns a working business rather than promising to become one.
Helium Mobile: Decentralised wireless network focused on consumer connectivity, not wholesale carrier interconnect. Different market segment.
Chainlink CCIP (Cross-Chain Interoperability Protocol): General-purpose cross-chain messaging, not telecom-specific. Lacks domain knowledge for ASR optimisation, fraud detection patterns, CDR structures.
VPX Advantage: Purpose-built for telecom with domain-specific node types, telecom-native performance requirements (sub-50ms routing), and industry-specific compliance (GDPR, billing regulations).
Pundi X / DENT / other "telecom tokens": Focus on consumer mobile data/minutes, not wholesale infrastructure. Primarily retail-facing, not carrier-to-carrier.
VPX Advantage: B2B wholesale focus, actual carrier integration (not retail speculation), production-ready technical architecture.
17.3 Market Positioning
VPX positions as: "The Telecom Carrier Consortium Network" - emphasising collaborative value creation, not platform rent extraction.
Target customers: Tier 2 and Tier 3 wholesale carriers (too small to negotiate favourable terms with BICS/Syniverse, large enough to operate nodes), VoIP platforms seeking quality-differentiated routing, SMS aggregators requiring fraud protection, Enterprise customers with high-volume international calling needs.
VPX does NOT compete with: Tier 1 carrier networks (these are partners/users, not competitors), Retail mobile operators (VPX is infrastructure layer), Consumer VoIP apps (these are potential customers).
18. Integration with Existing Systems
Carriers operate complex technology stacks with existing vendors for fraud prevention, routing optimisation, and settlement. VPX must integrate with, not replace, these systems:
18.1 Fraud System Migration
Challenge: Carriers already use TransNexus, Neustar, or proprietary fraud systems. They cannot immediately switch to VPX consensus-based fraud detection.
Solution - Dual Operation Mode: Gateway Nodes can query both VPX Fraud Nodes AND existing fraud API simultaneously during transition period. If either system flags a number, call is blocked (fail-safe approach). Over 3-6 month observation period, carrier compares VPX vs legacy system performance (false positive rates, fraud catch rates). Gradual migration to VPX-only once confidence established.
Data Import: Existing fraud blacklists can be bulk-imported to VPX during onboarding (requires consensus validation - prevents single carrier from poisoning shared blacklist).
18.2 Routing Platform Integration
Challenge: Carriers using BICS or proprietary routing engines have existing commercial relationships and technical integrations.
Solution - VPX as Routing Layer Add-On: VPX doesn't replace existing routing engine, it enhances it. Carrier's routing engine makes initial route selection using existing logic. Before committing to route, engine queries VPX for real-time quality data on selected route. VPX returns: Current ASR (last 1000 calls), Current MOS (last 24 hours), Known fraud risk, Recent dispute/blacklist status. Routing engine uses VPX data to validate or override initial selection.
API Bridge: VPX provides REST API alongside blockchain interface, allowing legacy systems to query VPX intelligence without blockchain integration complexity.
18.3 Billing System Integration
Challenge: Carriers use Comptel, Cerillion, or custom billing systems with complex rate tables and reconciliation processes.
Solution - CDR Export: VPX Analytics Nodes provide CDR export in industry-standard formats (ASN.1, CSV, JSON) compatible with existing billing systems. Carrier can continue using existing billing software, simply importing VPX-generated CDRs instead of switch-generated CDRs. Benefit: VPX CDRs include enriched quality data and blockchain proof-of-delivery, reducing dispute resolution costs.
Settlement Option: Carriers can choose VPX blockchain settlement OR traditional invoice-based settlement. Blockchain settlement provides benefits (real-time, immutable records) but carriers with complex invoice requirements (volume discounts, promotional credits) can opt for hybrid: VPX for CDR recording, traditional for invoicing.
19. Disaster Recovery & Continuity Planning
As critical telecom infrastructure, VPX must maintain operation through catastrophic failure scenarios:
19.1 Cloud Provider Failure
Scenario: AWS eu-west-1 (Ireland) suffers extended outage. 30% of validators are AWS-hosted.
Impact: Network continues operating via non-AWS validators. Consensus requires 2/3+ of validators - loss of 30% does not prevent commits. Commit latency may degrade from sub-second to ~800ms during the outage as consensus waits for timeouts on unavailable AWS validators.
Recovery: When AWS restores, validators automatically resync from peers. No manual intervention required. Because finality is deterministic and single-slot, transactions committed during the outage stay final and there is no fork to reconcile - returning validators simply resync committed state from peers.
Mitigation: Validator selection algorithm enforces datacenter diversity (<15% per provider). The design ensures that even total loss of the largest cloud provider does not halt the network.
19.2 Nation-State Internet Blocking
Scenario: Country X implements Great Firewall-style blocking of VPX traffic. 20% of validators are located in Country X.
Impact: Validators in Country X become unreachable to external network. From Country X perspective, they see a network partition (only local validators). From external network perspective, Country X validators are offline.
Consensus Behaviour: External network (80% of validators) maintains consensus and continues operation. Country X network (20%) cannot achieve 2/3+ consensus, so it cannot commit new transactions and enters read-only mode.
Recovery: If blocking ends, Country X validators automatically rejoin and resync the committed history from the external segment, which retained the committing quorum throughout. If blocking is permanent, affected validators eventually unstake and redeploy in accessible jurisdictions.
Mitigation: Validator geographic diversity across multiple jurisdictions. The diversity rules are designed so that no single nation-state controls more than 33% of validators.
19.3 Submarine Cable Cut (Regional Isolation)
Scenario: Submarine cable damage isolates Asia-Pacific region from Europe/Americas. APAC ↔ EU/US latency spikes from 150ms to 2000ms+ (satellite backup routing).
Impact: Consensus relies on low-latency (sub-second) message propagation between validators. 2000ms latency effectively partitions the network into APAC and EU/US segments.
Network Partition Handling: Under a BFT DAG there is no forking. Whichever segment still holds at least 2/3 of validator stake continues to commit; the other enters read-only mode. If neither segment reaches 2/3 (a near-even split), both halt and preserve safety until the partition heals. When the cable is repaired, the halted or minority validators resync the committed history from the segment that retained the quorum. No funds lost, no transactions reversed - safety is never traded for liveness.
Mitigation: Critical routing decisions cached locally at Gateway Nodes. During partition, Gateway Nodes continue operating using last-known-good quality data. Stale data (e.g., 6-hour-old ASR scores) is still more valuable than no data. Fraud blacklist remains accessible (both partitions have full copy).
19.4 VoicePro Plus Operational Failure
Scenario: VoicePro Plus ceases operations (bankruptcy, regulatory shutdown, etc.).
Critical Dependency: VoicePro Plus operates encryption key management service for GDPR cryptographic erasure (Section 11.2).
Contingency - Data Escrow: Encryption keys will be escrowed with an independent third-party data trustee (precedent: source code escrow for enterprise software). Escrow release triggers: VoicePro Plus bankruptcy filing, 90+ day operational cessation, court order. Released keys allow carriers to maintain GDPR compliance independently.
Network Continuity: VPX Protocol itself is decentralised - no VoicePro Plus dependency for consensus, routing, or settlement. Loss of VoicePro Plus does not halt network operation. DAO governance assumes control, elects new entities for administrative functions (if needed).
19.5 Catastrophic Smart Contract Bug
Scenario: Critical vulnerability discovered in routing contract enabling theft or manipulation.
Emergency Response: 7-of-9 multi-sig emergency authority (Section 12.3) can halt affected contracts within minutes of discovery. Network enters safe mode: routing, fraud, settlement contracts paused. Existing calls complete, new calls blocked pending fix.
Recovery: Emergency patch developed, audited (expedited 48-hour review), deployed via emergency upgrade mechanism. If patch is not feasible, DAO votes on rollback to pre-bug state (requires >66% approval). Community retains fork option if emergency response is deemed inadequate.
Financial Impact Mitigation: VPX Treasury maintains an insurance fund, replenished from fee-burn to a 50M VPXN floor (5% of total supply) with a 20%-per-year payout cap, to compensate users in catastrophic loss scenarios. The insurance fund is governed by the DAO, not VoicePro Plus.
20. Regulatory Compliance & Risk Factors
VPX operates in a complex regulatory environment spanning telecommunications, financial services, and blockchain/crypto regulations. Participants must understand compliance obligations and risks:
20.1 VPXN Token Securities Analysis
Regulatory Question: Is VPXN a security under UK FCA regulations or US SEC Howey Test?
VoicePro Plus Position: VPXN is a utility token required to operate network infrastructure and pay for network services. It does not represent equity, debt, or profit-sharing. Token value derives from network utility demand, not company performance.
Howey Test Analysis (US): Investment of money (✓ - users purchase VPXN), Common enterprise (? - decentralised network, not single company), Expectation of profit (? - users stake for rewards, but rewards are service compensation, not investment returns), Efforts of others (? - network value derives from collective participation, not promoter efforts).
Risk: Regulatory classification remains uncertain. US SEC or UK FCA could deem VPXN a security, triggering registration requirements, trading restrictions, or enforcement action.
Mitigation: VoicePro Plus is seeking a preliminary legal opinion (not a final determination) that VPXN qualifies as a utility token, not a security. Final regulatory clarity requires formal guidance or test case. VoicePro Plus will comply with any registration requirements if imposed.
Disclaimer: This whitepaper does not constitute legal or investment advice. Prospective VPXN participants should consult independent legal counsel regarding securities law implications in their jurisdiction.
20.2 Sanctions & AML Compliance
Challenge: VPX is permissionless - any carrier can connect Gateway Node. What if Iranian or North Korean carrier attempts to join (violating OFAC sanctions)?
Compliance Mechanism: Gateway Node operators (not protocol itself) are responsible for sanctions screening. VoicePro Plus-operated Gateway Nodes implement: OFAC SDN (Specially Designated Nationals) list screening, EU sanctions list screening, UN sanctions list screening. Traffic from sanctioned jurisdictions is blocked at Gateway Node layer before reaching blockchain.
Third-Party Gateway Nodes: Independent Gateway Node operators must implement equivalent sanctions compliance. VPX Protocol does not enforce sanctions (impossible at decentralised protocol layer), but failure to comply exposes Gateway Node operator to legal liability in their jurisdiction.
Carrier Responsibility: Carriers using VPX remain responsible for sanctions compliance in their originating/terminating jurisdictions. VPX does not absolve carriers of existing legal obligations.
20.3 Data Localisation Requirements
Challenge: Russia, China, and other jurisdictions require telecom data to be stored within national borders.
VPX Conflict: Blockchain data is globally distributed - CDR data exists on validators worldwide, not in single jurisdiction.
Compliance Approach: Carriers in data localisation jurisdictions can operate private Archive Nodes (Section 10.4) that maintain local copy of all CDRs involving their jurisdiction. On-chain data remains globally distributed (required for consensus), but carrier maintains compliant local copy for regulatory access.
Limitation: True data localisation (data exists ONLY in jurisdiction, not elsewhere) is incompatible with blockchain architecture. Carriers in strict localisation regimes may be unable to participate in VPX.
20.4 Telecommunications Licensing
Question: Does operating a VPX node require telecom carrier license?
Analysis: VPX nodes process signaling data but do not carry voice media. Under most jurisdictions' definitions, VPX is analogous to "telecom equipment vendor" or "software provider," not "telecom carrier."
Risk: Regulatory interpretation may vary. Some jurisdictions could classify VPX participation as requiring carrier license, imposing barriers to node operation.
Mitigation: VoicePro Plus recommends node operators in uncertain jurisdictions consult local telecom regulators before deployment.
20.5 Cross-Border Data Transfer (GDPR)
Challenge: UK and EU data protection law restricts transferring personal data outside the UK or EEA unless an adequacy decision or appropriate safeguards apply.
VPX Approach: As described in Section 11, CDR phone numbers are keyed-hashed and any personal data written on-chain is encrypted before storage, with node operators holding ciphertext only and no keys (Section 11.3). Storing keyless ciphertext across a global node set is designed to fall outside a personal-data transfer, since ciphertext is not personal data to a party that cannot decrypt it. The encryption keys remain UK-based in a key management service with ISO 27001 certification in progress.
Transfer safeguards: Where plaintext personal data must cross a border for network operation, transfers are governed by the UK International Data Transfer Agreement (or the EU Standard Contractual Clauses with the UK Addendum), consistent with the consumer Privacy Statement.
20.6 General Risk Disclaimer
The regulatory landscape for blockchain-based telecom infrastructure is evolving. Laws and interpretations may change. Participants in VPX assume regulatory compliance risk in their respective jurisdictions.
VoicePro Plus provides technical infrastructure but does not provide legal advice. Carriers, node operators, and VPXN holders are responsible for ensuring their participation complies with applicable laws.
Material regulatory changes (e.g., VPXN classified as security, blockchain telecom infrastructure banned in major jurisdiction) could significantly impact VPX viability and VPXN value.
21. Glossary of Terms
Telecom-Specific Terms
- ASR (Answer-Seizure Ratio): Percentage of call attempts that successfully connect. Industry benchmark: 65%+ (ITU-T E.425)
- ACD (Average Call Duration): Mean duration of completed calls in seconds. Benchmark varies by traffic type.
- CDR (Call Detail Record): Transaction record of a completed call including timestamp, duration, destination, quality metrics, cost.
- CLI (Calling Line Identification): The displayed caller ID number. Subject to spoofing in fraud attacks.
- IRSF (International Revenue Share Fraud): Fraud where attackers route calls to premium-rate numbers they control, earning revenue share.
- MOS (Mean Opinion Score): Subjective voice quality rating from 1 (bad) to 5 (excellent). VoIP benchmark: 4.0+ (ITU-T P.800)
- NER (Network Effectiveness Ratio): Ratio of successfully completed calls to total call attempts.
- PDD (Post-Dial Delay): Time from last dialled digit to ringback tone. Industry benchmark: <3 seconds (ITU-T E.721)
- SIP (Session Initiation Protocol): Signalling protocol for VoIP call setup (RFC 3261).
- SMPP (Short Message Peer-to-Peer): Protocol for SMS message exchange between carriers.
- Wangiri (One-Ring Fraud): Attackers place one-ring calls to premium numbers, exploiting callback behaviour.
Blockchain-Specific Terms
- BLS Signatures: Boneh-Lynn-Shacham signature scheme allowing signature aggregation (n signatures → 1 aggregate).
- Byzantine Fault Tolerance: Ability to reach consensus despite up to 1/3 of participants being malicious.
- Delegated-Proof-of-Stake (DPoS) economics: the model by which VPXN holders delegate stake to elect and back the validator set. In VPX this economic layer sits on top of the Mysticeti-class DAG-BFT consensus, which orders and commits transactions.
- Epoch: Fixed time period (1 hour in VPX) after which rewards are distributed and validator set is re-selected.
- Finality: Point at which a transaction is irreversible. VPX reaches deterministic finality in a single consensus step (~390ms commit) under the Mysticeti-class DAG-BFT protocol - there is no probabilistic confirmation wait (Section 3.3).
- Gas: Fee paid for transaction execution. In VPX, gas is denominated in VPXN.
- Merkle Root: Cryptographic hash representing the state of an entire data tree. Used for efficient verification.
- Slashing: Economic penalty (stake confiscation) for provably malicious or negligent validator behaviour.
- Staking: Locking tokens as collateral to operate a validator node. Earns rewards but subject to slashing.
- TWAP (Time-Weighted Average Price): Price averaged over time to smooth volatility. VPX uses 7-day TWAP.
- Validator: Node elected to participate in block production and consensus voting.
22. Conclusion
The VPX Protocol provides a blockchain coordination layer purpose-built for telecommunications. By separating the intelligence layer (routing decisions, fraud consensus, settlement) from the transport layer (SIP/H.323 voice, SMPP messaging), VPX delivers the benefits of decentralised coordination without requiring carriers to replace existing infrastructure.
The architecture is designed for progressive adoption. A carrier can connect a single SIP trunk to a Gateway Node and immediately benefit from VPX routing intelligence and fraud protection - with no changes to their existing switch configuration. As adoption grows, network effects compound: more carriers contributing quality data improves routing accuracy, more Fraud Nodes improve detection coverage and more Analytics Nodes provide richer network intelligence.
With comprehensive hardware specifications, robust disaster recovery procedures, GDPR-compliant data handling, formal smart contract verification, economic attack resistance, quantified business ROI demonstrating £920K+ annual value for typical carriers, bootstrap incentives removing adoption friction, clear integration pathways with existing fraud and routing platforms, competitive positioning against both traditional and blockchain alternatives, comprehensive regulatory compliance framework, and a three-phase launch strategy with realistic performance targets, the VPX Protocol represents the first production-ready blockchain infrastructure for the global telecommunications industry. Mainnet genesis is scheduled for Q4 2026.
This document is published by VoicePro Plus Ltd for informational purposes only. It does not constitute investment advice, a prospectus, or an offer of securities. The VPX Ecosystem is under active development; specifications described herein are subject to change. VoicePro Plus Ltd is registered in England and Wales (Company No. 14520016). Registered office: 128 City Road, London, EC1V 2NX.
This document is published by VoicePro Plus Ltd for informational purposes only. It does not constitute investment advice, a prospectus, or an offer of securities. The VPX Ecosystem is under active development; specifications described herein are subject to change. VoicePro Plus Ltd is registered in England and Wales (Company No. 14520016). Registered office: 128 City Road, London, EC1V 2NX.
Ready to learn more?
Speak to our team about the VPX Ecosystem and how it integrates with your existing infrastructure.
Contact Our Team