A Plasma Chain is a separate blockchain that is anchored to the Ethereum mainnet but executes off-chain transactions with its own mechanism for block validation. plasma chains are sometimes referred to as “child” chains, essentially smaller copies of the main ethereum network. plasma chains use evidence of fraud (such as rosy summaries) to arbitrate disputes.
merkle trees allow for the creation of an endless stack of these chains which can function to offload bandwidth from the main chains (including the ethereum mainnet). however, while these chains gain some security from ethereum (through fraud testing), their security and efficiency are affected by various design limitations.
Reading: Ethereum plasma дата
You should have a good understanding of all the fundamentals and a high level understanding of ethereum scaling.
what is plasma?
plasma is a framework to improve scalability on public blockchains like ethereum. As described in the original plasma whitepaper, plasma chains are built on top of another blockchain (called a “root chain”). each “child chain” extends from the root chain and is typically managed by a smart contract implemented on the parent chain.
The plasma contract works, among other things, as a bridge that allows users to move assets between the ethereum mainnet and the plasma chain. Although this makes them similar to sidechains, Plasma Chains benefit, at least to some extent, from the security of the Ethereum mainnet. this is different from sidechains which are solely responsible for your security.
how does plasma work?
The basic components of the plasma framework are:
Ethereum’s current processing speed is limited to ~15-20 transactions per second, which reduces the possibility in the short term of scaling to handle more users. This problem exists mainly because ethereum’s consensus mechanism requires many peer-to-peer nodes to verify each blockchain status update.
Although ethereum’s consensus mechanism is necessary for security, it may not apply to all use cases. for example, alice may not need her daily payments to pay for a cup of coffee verified by the entire ethereum network, since there is some trust between both parties.
plasma assumes that ethereum mainnet does not need to verify all transactions. instead, we can process transactions outside of the mainnet, freeing nodes from having to validate each transaction.
off-chain computing is necessary as plasma chains can optimize speed and cost. for example, a plasma chain can, and more often does, use a single “operator” to manage the ordering and execution of transactions. With a single entity verifying transactions, processing times on a plasma chain are faster than on the ethereum mainnet.
although plasma executes transactions off-chain, they are settled on the main execution layer of ethereum; otherwise plasma chains cannot benefit from ethereum’s security guarantees. but terminating off-chain transactions without knowing the state of the plasma chain would break the security model and allow invalid transactions to proliferate. this is why the operator, the entity responsible for producing blocks on the plasma chain, is required to publish “state commitments” on ethereum periodically.
A commit scheme is a cryptographic technique for committing to a value or statement without revealing it to another party. commits are “binding” in the sense that you can’t change the value or declaration once you’ve committed. plasma state commitments take the form of “merkle roots” (derived from a merkle tree) that the operator sends at intervals to the plasma contract on the ethereum chain.
merkle roots are cryptographic primitives that allow you to compress large amounts of information. a merkle root (also called a “block root” in this case) could represent all the transactions in a block. merkle roots also makes it easy to verify that a small piece of data is part of a larger data set. for example, a user can produce a merkle test to test the inclusion of a transaction in a specific block.
merkle roots are important for providing off-chain state information to ethereum. you can think of merkle roots as “save points”: the operator says: “this is the state of the plasma chain at point x in time, and this is the merkle root as proof.” the operator commits to the current state of the plasma chain with a merkle root, so it is called a “state commit”.
inputs and outputs
In order for ethereum users to take advantage of plasma, there must be a mechanism to move funds between the mainnet and the plasma chains. however, we cannot arbitrarily send ether to an address on the plasma chain: these chains are incompatible, so the transaction would fail or result in loss of funds.
plasma uses a master contract running on ethereum to process user input and output. this master contract is also responsible for tracking state commitments (explained above) and punishing dishonest behavior through evidence of fraud (more on this later).
entering the plasma chain
To enter the plasma chain, Alice (the user) will need to deposit eth or any erc-20 token into the plasma contract. The Plasma Operator, who watches the Contract Deposits, recreates an amount equal to Alice’s initial deposit and releases it to her address on the Plasma Chain. Alice is required to certify that she received the funds on the secondary chain and can then use these funds for transactions.
exit plasma chain
Exiting the plasma chain is more complex than entering it for several reasons. the most important one is that while ethereum has information about the state of the plasma chain, it cannot verify if the information is true or not. a malicious user could make the wrong claim (“I have 1000 eth”) and provide false evidence to support the claim.
To prevent malicious withdrawals, a “challenge period” is introduced. During the dispute period (usually one week), anyone can dispute a withdrawal request using proof of fraud. if the challenge is successful, the withdrawal request is denied.
However, users are generally honest and make correct claims about the funds they hold. In this scenario, Alice will initiate a withdrawal request on the root chain (ethereum) by sending a transaction to the plasma contract.
You must also provide merkle proof verifying that a transaction that created your funds on the plasma chain was included in a block. this is required for plasma iterations, such as plasma mvp, that use an unspent transaction output (utxo) model.
Others, like plasma cash, represent funds as non-fungible tokens rather than utxos. withdrawing, in this case, requires proof of ownership of tokens on the plasma chain. this is done by sending the last two transactions involving the token and providing a merkle proof that those transactions are included in a block.
The user must also add a link to the withdrawal request as a guarantee of honest behavior. If a challenger proves that Alice’s withdrawal request is invalid, her link is severed and part of it is given to the challenger as a reward.
if the challenge period elapses without anyone providing proof of fraud, alice’s withdrawal request is considered valid, allowing her to recover plasma contract deposits on ethereum.
arbitration of disputes
Like any blockchain, plasma chains need a mechanism to enforce transaction integrity should participants start to act maliciously (for example, double-spending funds). To this end, plasma chains use evidence of fraud to arbitrate disputes over the validity of state transitions and to penalize misbehavior.
a proof of fraud is simply an assertion that a particular state transition is invalid. An example is if a user (Alice) tries to spend the same funds twice. maybe she spent the utxo on a transaction with bob and wants to spend the same utxo (which now belongs to bob) on another transaction.
to prevent withdrawal, bob will build a fraud proof by providing evidence that alice spent said utxo in a previous transaction and a merkle proof of the transaction being included in a block. the same process works in plasma cash: bob would need to provide proof that alice previously transferred the tokens he is trying to withdraw.
if bob’s challenge is successful, alice’s withdrawal request is cancelled. however, this approach relies on bob’s ability to watch the chain for withdrawal requests. if bob is offline, then alice can process the malicious removal once the challenge period elapses.
the problem of mass output in the plasma
The mass exit problem occurs when a large number of users try to leave a plasma chain at the same time. why this problem exists has to do with one of the biggest problems with plasma: unavailability of data.
Data availability is the ability to verify that the information of a proposed block has actually been published on the blockchain network. a block is “unavailable” if the producer publishes the block but retains the data used to create the block.
Blocks must be available so that nodes can download the block and verify the validity of transactions. Blockchains ensure data availability by forcing block producers to publish all transaction data on the chain.
Data availability also helps protect off-chain scaling protocols that are based on the Ethereum base layer. By forcing the operators of these chains to publish transaction data on Ethereum, anyone can challenge invalid blocks by constructing proofs of fraud that reference the correct state of the chain.
Plasma chains mainly store transaction data with the operator and do not publish any data on the main network (ie apart from periodic state commitments). this means that users must trust the operator to provide block data if they need to create fraud proofs that challenge invalid transactions. If this system works, users can always use fraud proofs to secure funds.
The problem starts when the operator, not just any user, is the one acting maliciously. Because the operator has sole control of the blockchain, it has more incentive to proceed with larger-scale invalid state transitions, such as stealing funds belonging to users on the plasma chain.
In this case, using the classic anti-fraud system cannot work. The operator could easily make an invalid transaction by transferring Alice and Bob’s funds to their wallet and hide the data needed to create proof of fraud. this is possible because the operator is not required to make the data available to users or the main network.
therefore, the most optimistic solution is to attempt a “mass exit” of users from the plasma chain. mass output slows down the malicious operator’s plan to steal funds and provides some measure of protection to users. Withdrawal requests are ordered based on when each utxo (or token) was created, preventing malicious operators from taking on honest users.
See also: Mine Etherium With Ethminer on Ubuntu
However, we still need a way to check the validity of withdrawal requests during a bulk checkout, to prevent opportunists from taking advantage of the chaos by processing invalid checkouts. the solution is simple: it requires users to post the last valid chain status to get out of their money.
but this approach still has problems. for example, if all users of a plasma chain must exit (which is possible in the case of a malicious operator), then all the valid state of the plasma chain must be dumped into the ethereum base layer at once. with the arbitrary size of plasma chains (high throughput = more data) and the limitations on ethereum processing speeds, this is not an ideal solution.
Although exit games sound good in theory, real-life mass exits will likely cause network-wide congestion on ethereum. In addition to damaging ethereum’s functionality, a poorly coordinated mass outflow means that users may not be able to withdraw funds before the operator depletes all accounts in the plasma chain.
pros and cons of plasma
plasma vs layer 2 scaling protocols
While plasma was once considered a useful scaling solution for ethereum, it has since been abandoned in favor of layer 2 (l2) scaling protocols. l2 scaling solutions solve several of plasma’s problems:
zero-knowledge rollups generate cryptographic proof of the validity of each batch of transactions processed off-chain. this prevents users (and operators) from going through invalid state transitions, eliminating the need for challenge periods and exit games. it also means users don’t have to check the chain periodically to secure their funds.
smart contract support
another issue with the plasma framework was the inability to support running ethereum smart contracts. As a result, most Plasma implementations were created primarily for simple payments or the exchange of ERC-20 tokens.
In contrast, optimistic rollups are compatible with the ethereum virtual machine and can run native ethereum smart contracts, making them a useful and secure solution for scaling decentralized applications. Likewise, plans are underway to create a zero-knowledge implementation of evm (zkevm) that would allow zk-rollups to process arbitrary logic and execute smart contracts.
As explained above, plasma suffers from a data availability issue. if a malicious operator were to promote an invalid transition in the plasma chain, users would not be able to challenge it, as the operator can retain the data needed to create proof of fraud. rollups solve this problem by forcing operators to post transaction data to ethereum, allowing anyone to verify the status of the chain and create proof of fraud if needed.
mass output problem
zk summaries and optimistic summaries solve the mass plasma outflow problem in several ways. for example, a zk-rollup is based on cryptographic mechanisms that ensure that operators cannot steal user funds in any scenario.
Similarly, optimistic rollups impose a withdrawal delay period during which anyone can initiate a challenge and prevent malicious withdrawal requests. while this is similar to plasma, the difference is that verifiers have access to the data needed to create evidence of fraud. therefore, there is no need for cumulative users to engage in a frantic “first out” migration to the ethereum mainnet.
how is plasma different from side chains and fragmentation?
plasma, sidechains, and sharding are pretty similar because they all connect to the main ethereum network in some way. however, the level and strength of these connections vary, which affects the security properties of each scaling solution.
plasma vs. side chains
A sidechain is an independently operated blockchain connected to the main ethereum network via a two-way bridge. Bridges allow users to exchange tokens between the two blockchains for sidechain transactions, reducing congestion on the Ethereum mainnet and improving scalability. Sidechains use a separate consensus mechanism and are typically much smaller than the Ethereum mainnet. As a result, linking assets to these chains carries higher risk; Given the lack of legacy ethereum mainnet security safeguards in the sidechain model, users are at risk of losing funds in a sidechain attack.
In contrast, plasma chains derive their security from the main network. this makes them much more secure than sidechains. Both sidechains and plasmachains can have different consensus protocols, but the difference is that plasmachains publish merkle roots for each block on the ethereum mainnet. block roots are small pieces of information that we can use to verify information about transactions that occur on a plasma chain. If an attack occurs on a plasma chain, users can safely withdraw their funds to the mainnet using the appropriate tests.
plasma vs fragmentation
Both plasma chains and shard chains periodically publish cryptographic proofs on the ethereum mainnet. however, both have different security properties.
chunk chains send “collation headers” to the mainnet containing detailed information about each data chunk. nodes on the core network verify and enforce the validity of data chunks, reducing the chance of invalid chunk transitions and protecting the network from malicious activity.
plasma is different in that the parent network only receives minimal information about the state of the child chains. this means that mainnet cannot effectively verify transactions made on secondary chains, making them less secure.
multiple projects provide plasma implementations that you can integrate into your dapps:
- red omg
- polygon (formerly red matic)
- ethhub on plasma
- learn plasma
- a quick reminder of what “shared security” means and why it’s so important
- chains laterals vs. plasma vs. fragmentation
- understanding plasma, part 1: basics
- the life and death of plasma
Do you know of any community resources that have helped you? edit this page and add it!