More Viable Plasma

shamatar · July 3, 2018, 4:35pm

I’ve made some very rough sketch of how it can work based on @kfichter explainer from above. Will extend it in the next few days, now it’s 90% test-broken and completely not optimized.

iantanwx · July 4, 2018, 4:06am

Thanks, this would be helpful. If time permits, I will help you out.

alexcore · July 11, 2018, 11:34pm

@kfichter if operator creates a “out of nowhere” output (UTXO1), then he spends it and creates UTXO2 and then spends this new one and creates UTXO3. All transactions will be included in the blocks, and these blocks will be withheld. So, the UTXO3 will have a “youngest” valid input (with m.proof), and should it be processed before the rest? How it can be challenged or can be there any competitors?

kfichter · July 12, 2018, 1:32am

If the transaction that created UTXO3 only had one input (UTXO2), then it will be successful processed with a priority based on the position of UTXO2. It cannot be challenged because it appears to be a valid transaction. This is generally the security model of Plasma MVP - we can’t avoid these transactions but we can create conditions so valid exits will be processed before UTXO3.

alexcore · July 12, 2018, 6:53am

@kfichter thank you for clarifying!
Is it right, that after withholding starts, any user started to exit with UTXO in in-flight tx could be grieved with doublespend tx by the user, who sent him funds?
E.g. Alice created tx1 with input1 and output1 to Bob, and it becomes “inflight” due to data withholding.
Then Bob is starts to exit with tx1 and piggybacks to output1. Then Alice challenge him with tx2 with input1 and output2.
Is it possible in this construction?

kfichter · July 12, 2018, 12:06pm

Yes, this is possible. Note that Bob will only lose the “original bond” required to submit the exit and not the “piggyback bond.”

Also, there are alternative versions of this protocol in the case that all outputs are cooperating. In that case, the outputs can relinquish all rights to the transaction and allow the inputs to exit/piggyback. I imagine this will be useful for merchants who want to quickly refund users in the case of withholding.

alexcore · July 12, 2018, 6:35pm

So, it looks like every user, who has a output in inflight tx, could loose his bond and exit nothing. And on other side - every user spending funds in inflight tx motivated to claim honest exiter’s bond

kfichter · July 13, 2018, 11:21pm

There are two bonds here - an exit bond required to start the exit and a “piggyback” bond placed by owners of the inputs/outputs. Only the exit bond is slashed. The output owners will exit nothing but will have their piggyback bonds refunded.

kfichter · August 14, 2018, 10:45pm

Note: Some of the stuff in this post is super confusing. Much of this work is currently being simplified, rewritten, and edited here.

josojo · August 23, 2018, 3:12pm

If the output owner will not be able to exit anything out of this exit-game, then he should always wait for an inclusion of the transaction in a valid plasma block, before handing over any good/ service for this payment.

Especially, the following scenario would be a problem, as Mallory does nothing illegal:

Bob sends a tx1 to Mallory spending his input1 to output1.
The tx1 is inflight. The operator stops publishing blocks, but still submits root hashes.
Mallory tells Bob that he can not see the blocks and that he would not accept the tx1, as he does not know that it is canonical.

Now, how does Bob gets his money back?
If Bob exits tx1 and piggybacks on his input, then the operator(Mallorie’s friend) can make the block available, Mallory can suddenly accept the payment and spend output1 in a new tx2 and challenge Bob successfully.

Is this seen as a concern?
The way around this might be:

But this would introduce another signature.

kfichter · August 23, 2018, 3:40pm

Bob knows that Bob hasn’t spent UTXO1 in any transaction other than TX1. Bob can start an exit (but not piggyback) and ask Mallory to piggyback. Mallory would then receive the funds at the end of the exit period. If Mallory does not piggyback, then this is Mallory’s fault. This is the same as Bob sending funds to Mallory and not receiving anything in return - would need to figure out some other way (e.g. escrow).

bh2smith · August 27, 2018, 4:25pm

Regarding the following paragraph (found at the end of the MoreVP Exit Protocol Specification in morevp.md)

The MoreVP protocol can be combined with the Plasma MVP protocol in a way that simultaneously preserves the integrity of exits and minimizes gas cost. Owners of outputs on the Plasma chain should be able to start an exit via either mechanism, but not both. Implementers can check this whenever an MVP exit is being submitted or whenever a MoreVP exit is being piggybacked. Although the two protocols use different determinations for exit priority, we still need a total ordering on exits. Therefore, every exit, no matter the protocol used, must be included in the same priority queue for processing.

Are there any suggested total orderings that could be used on UTXOs in this context?

kfichter · August 27, 2018, 5:50pm

We use a total ordering based on UTXO position. In MVP this means the position of the UTXO being exited, in MoreVP this means the position of the youngest input to the transaction referenced.

siburu · November 21, 2018, 6:45am

For me, priority queueing based on youngest input doesn’t seem enough for honest exits to be processed before invalid exits.

At first, a malicious operator sees the following two tx’s published by honest users.

tx1: [[UTXO0], [UTXO1]]
tx2: [[UTXO1], [UTXO2]]

Then the operator creates the following invalid two tx’s.

tx3: [[], [UTXO3]] (out of nowhere tx)
tx4: [[UTXO3], [UTXO4]]

Then the operator builds the following block and submits it to rootchain.
At last he immediately initiates an exit of tx4(UTXO4).

block: [tx3, tx4, tx1, tx2]

Now tx4’s youngest input is tx3 and tx2’s youngest input is tx1, the honest exit of tx2 loses to the invalid exit of tx4?

Probably I misunderstand something.
Please correct me if I’m wrong.

kfichter · November 23, 2018, 11:55pm

Hi, you haven’t misunderstood anything. MoreVP doesn’t allow for simple chained transactions for exactly this reason.

siburu · November 26, 2018, 5:10am

Thank you for your response!

Excuse me, still I have a question.

What do you mean by “simple chained transactions” ?
I guess this means that a pair of directly chained transactions can’t be included in a single block, am I correct?
If correct, is this limitation specific to MoreVP and not applied to MVP?

pepesza · November 26, 2018, 10:17am

It means that you can spend only timestamped outputs (i.e. included in the plasma block and committed to root chain). This limitation is true for both MVP and MoreVP.

siburu · November 26, 2018, 11:07am

This point has been a mystery for me for several days, and resolved at last now.
Thank you!

prin-r · November 30, 2018, 10:47am

Hi Kelvin
I think saw a mistake in these statements.

We’ve already shown that:
o ∈ E ( T n + 1 ) ⟹ O ( t n + 1 ) ∩ E ( T n + 1 ) = ∅ ∧ o ∉ d o u b l e _ s p e n t ( T n + 1 ) ----------- (1)
We can negate this statement to find:
o ∉ E ( T n + 1 ) ∧ ( O ( t n + 1 ) ⊆ E ( T n + 1 ) ∨ o ∈ d o u b l e _ s p e n t ( T n + 1 ) ) ---------------- (2)
From my understanding right now (2) is negate of (1), right ?
So let
p is “o ∈ E ( T n + 1 )” ,
q is “O ( t n + 1 ) ∩ E ( T n + 1 ) = ∅” ,
r is “o ∉ d o u b l e _ s p e n t ( T n + 1 )”.
Then rewrite (1),(2) in the form of p,q,r.
p ⟹ (q ∧ r) --------- (1)
~p ∧ (~q ∨ ~r) -------- (2)
but the negation of (1) should be ~(p ⟹ (q ∧ r)) , and I got
~(p ⟹ (q ∧ r)) ≡ ~(~p ∨ (q ∧ r)) ≡ p ∧ ~ (q ∧ r) ≡ p ∧ (~q ∨ ~r).
So I think (2) should be “p ∧ (~q ∨ ~r)” not “~p ∧ (~q ∨ ~r)”.
please correct me if I’m wrong.

kfichter · November 30, 2018, 7:02pm

I believe you’re correct. We noticed a few minor mistakes in the statements and are maintaining an updated (fixed) version here: https://github.com/omisego/elixir-omg/blob/e98c52246cee99ec1631075ff785613bc228b187/docs/morevp.md.