Can a user exit if they lose their proofs?


Let’s say I’m a user of a Plasma chain (MVP or Cash, doesn’t matter) and my HDD dies. I’ve permanently lost my UTXOs/coins history/branches…

(How) can I exit?


So it depends on exactly what Plasma implementation you’re using. In Plasma MVP, lots of peers have the chain and can provide you with the missing information.

In Plasma Cash, things are a little harder. If you completely lose your coin history/branches and the operator isn’t behaving, you’re pretty much out of luck. Of course the “solution” here is to try to mitigate this as much as possible - backups and replication, and maybe even incentivized third parties who store the data on your behalf.


Trying to build intuition on this.

Let’s assume the operator is not malicious, or the operator is a PoA chain that can provide the history of spent UTXOs (e.g. coin history).

You’re out of luck only due to losing the key for the UTXO that proves the final ownership for the exit, correct? All txns from 0 to N-1 are still available.

Does that mean if the owner of the UTXO prior to you knows that you lost your keys, they can exit unchallenged? Or can anyone challenge that?


I’m a bit confused now - does everyone need to store the whole blockchain in Plasma MVP or only to validate it? :no_mouth:

Exactly as I thought. Thanks. :slight_smile:


Technically only validate it and keep their own witness data. Efficient implementations will have full nodes store the entire blockchain so they can gossip information and decrease load on the operator.


Even if you lose your keys the operator will challenge the exit (assuming they’re not malicious). However, you’re still out of luck in that you can’t actually withdraw the funds without the private key.


Can I get more info about this somewhere? How will these nodes be incentivized? I’m working on a solution where such “nodes” will always exist, they will be bonded and incentivized and they have to confirm that they have received the data (via Proof of Custody) before a main chain checkpoint can be created. I hope that can solve both the problem of lost proofs and the data availability problem…


If your threat model implies “I must personally be able to protect my money, without relying on anyone else’s incentives” don’t you need to keep around other people’s witness data as well? It seems to me that you need to prevent successful exits of spent TXOs whose child TXO has earlier (i.e. numerically lower) priority than yours.


Yes, definitely. In this case you would also probably run multiple nodes and regularly back up the chain somewhere else.