Welcome to the resource topic for 2020/175
Title:
Lower Bounds for Off-Chain Protocols: Exploring the Limits of Plasma
Authors: Stefan Dziembowski, Grzegorz Fabiański, Sebastian Faust, Siavash Riahi
Abstract:Blockchain is a disruptive new technology introduced around a decade ago. It can be viewed as a method for recording timestamped transactions in a public database. Most of blockchain protocols do not scale well, i.e., they cannot process quickly large amounts of transactions. A natural idea to deal with this problem is to use the blockchain only as a timestamping service, i.e., to hash several transactions \mathit{tx}_1,\ldots,\mathit{tx}_m into one short string, and just put this string on the blockchain, while at the same time posting the hashed transactions \mathit{tx}_1,\ldots,\mathit{tx}_m to some public place on the Internet (``off-chain’'). In this way the transactions \mathit{tx}_i remain timestamped, but the amount of data put on the blockchain is greatly reduced. This idea was introduced in 2017 under the name \emph{Plasma} by Poon and Buterin. Shortly after this proposal, several variants of Plasma have been proposed. They are typically built on top of the Ethereum blockchain, as they strongly rely on so-called \emph{smart contracts} (in order to resolve disputes between the users if some of them start cheating). Plasmas are an example of so-called \emph{off-chain protocols}. In this work we initiate the study of the inherent limitations of Plasma protocols. More concretely, we show that in every Plasma system the adversary can either (a) force the honest parties to communicate a lot with the blockchain, even though they did not intend to (this is traditionally called \emph{mass exit}); or (b) an honest party that wants to leave the system needs to quickly communicate large amounts of data to the blockchain. What makes these attacks particularly hard to handle in real life is that these attacks do not have so-called \emph{uniquely attributable faults}, i.e.~the smart contract cannot determine which party is malicious, and hence cannot force it to pay the fees for the blockchain interaction. An important implication of our result is that the benefits of two of the most prominent Plasma types, called \emph{Plasma Cash} and \emph{Fungible Plasma}, cannot be achieved simultaneously. Besides of the direct implications on real-life cryptocurrency research, we believe that this work may open up a new line of theoretical research, as, up to our knowledge, this is the first work that provides an impossibility result in the area of off-chain protocols.
ePrint: https://eprint.iacr.org/2020/175
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .