There are two proposals to alleviate this, what do you think of them?
Compression
Most of the coin validity proofs are exclusion proofs, and those can be compressed using SNARKs/STARKs. For e.g. if we use constant-sized proofs this means that a coin validity proof will only increase in size when a coin is spent.
Back-of-the-envelope calculation: if a coin is spent once per day, the proof size becomes 1.2 MB per coin.
Checkpointing
We know that withdrawing and re-depositing a coin will “reset” the length of the coin validitiy proof; this construction allows you to do this at an amortized cost of 1 bit of storage (SSTORE) per coin.
Back-of-the-envelope calculation: if we do this every 3 months would make the proof size is upper-bounded at 0.4 GB per coin at the cost of a few cents per year.
Combinations Thereof
We can combine these two techniques by doing a checkpoint when even the compressed proofs get too big. Analysis: with checkpoints, we can have the coin validity proof grow as O(f(n)) and the per-unit-time cost of owning a coin grow as O(g(n)) with the constraint that fg \in O(n) where n is the total number of plasma blocks (i.e. increases by 1 per minute).
Three points on this tradeoff space are
- Bounded proof sizes, constant rent (e.g. 1 cent/year/coin)
- Constant cost to own a coin, but proof size grows linearly (e.g. 1.7gb /year)
- Both cost and proof size are O(\sqrt n)
By combining them we relax the constraint to fg \in O(s) where s is the number of spends of the coin (i.e. increases by 1 every time the coin is spent).