Network Security &
Node Architecture
UNP Chain operates on a Proof of Authority (POA) consensus mechanism with 11 enterprise-grade signer nodes, protected by multi-layer security infrastructure including Azure and AWS firewalls, ensuring maximum network integrity and resilience.
Network Architecture
Visual representation of our distributed signer node infrastructure with multi-layer security
Security Features
Enterprise-grade security measures protecting the UNP Chain network
Azure & AWS Firewall Protection
All signer nodes are secured behind enterprise-grade Azure and AWS firewalls. Every port is blocked by default, with only whitelisted signer nodes able to communicate with each other through secured channels.
No Internet Exposure
Signer nodes are completely isolated from the public internet. Communication happens exclusively via P2P protocol, not RPC. Only whitelisted servers can establish connections with the signing infrastructure.
Company-Owned Infrastructure
All 11 block-producing nodes are exclusively owned and operated by our company. This centralized authority model ensures complete control over the signing process while maintaining network integrity and security.
Round-Robin Block Production
Block production is distributed among all 11 nodes using a round-robin mechanism. Each block is produced by a different node, ensuring fair distribution and preventing any single point of failure in the block creation process.
Byzantine Fault Tolerance
With 50%+1 (6 nodes) being completely private and secured, even if all 5 public-facing gateway nodes were compromised, the remaining 6 private nodes can automatically exclude compromised nodes and maintain consensus.
Scalable Architecture
RPC nodes serving users are separate from signer nodes and sit behind load balancers. Block production speed can be increased by adding more signer nodes, allowing the network to scale with demand while maintaining security.
Node Distribution & Attack Resilience
Our node distribution strategy is specifically designed to maintain network integrity even under the most severe attack scenarios. The majority of signer nodes (6 out of 11) remain completely isolated from public access.
- Attack Scenario: Even if hackers successfully compromise all 5 public-facing gateway nodes, the 6 private nodes maintain consensus authority and can automatically reject blocks from compromised nodes.
- Instant Recovery: The system automatically detects and isolates any nodes attempting to produce invalid blocks, maintaining network integrity without manual intervention.
- Transparent Verification: While public nodes cannot be signers currently, any node can verify the blockchain's integrity by validating blocks against the consensus rules.
- Load Balanced RPC: User-facing RPC nodes are separate from signers and operate behind load balancers, ensuring high availability without compromising signer security.
Security Layers
Multi-layer defense architecture protecting the UNP Chain network
Cloud Infrastructure Security
Nodes are deployed across Azure and AWS with enterprise firewall rules. All inbound traffic is blocked by default, with explicit whitelist rules for inter-node P2P communication only.
Network Isolation
Signer nodes communicate exclusively via P2P protocol, never exposing RPC endpoints. Only designated gateway nodes can receive P2P connections from external validators and full nodes.
Cryptographic Security
Each signer node uses unique cryptographic keys for block signing. The POA mechanism ensures only authorized signers can produce valid blocks, with signatures verified by all network participants.
Consensus Redundancy
With 50%+1 majority required for consensus, 6 private nodes ensure network operation continues even if gateway nodes are compromised. Invalid blocks are automatically rejected by honest nodes.
Block Production Flow
How blocks are produced and validated on UNP Chain
Turn Selection
Round-robin selects next signer node
Block Creation
Selected node creates and signs block
Propagation
Block broadcast via P2P network
Validation
All nodes verify signature and data
Finalization
Block added to canonical chain