🔮💸🌊 Plasma Cashflow

⚠️⚠️⚠️ WORK IN PROGRESS ⚠️⚠️⚠️

• 🔮💸🌊 Plasma Cashflow
• Introduction
• 🏦 Deposit
• 🔀 Transact
  • Transaction Format
  • Defragmentation
  • Validity Proofs
• ⬛ Plasma Blocks
  • Transaction Tree Structure
    • Constructing a transaction tree
• 🚪 Exit
  • Exit spent token, exit double spend, & exit invalid history
  • Atomic Swap Force Include
    • Force include procedure
  • Token Withdraws
    • Exit Withdrawn Token Challenge
  • [TODO] Smart Contract
    • Constants
    • Storage
    • Functions

Introduction

Plasma Cashflow is an adaptation of Plasma Cash, draws from Plasma Debit, and is based around Plasma Cash defragmentation.

This document describes the process of depositing, transacting, and exiting the Plasma Cashflow chain. Throughout this process it will provide details regarding how each component can be implemented.

🏦 Deposit

The Plasma contract will live on the Ethereum mainnet. Tokens can be transferred to be owned by this contract. Upon transfer the Plasma contract will issue new tokens on the Plasma chain.

Issuance of Plasma chain tokens is done in two steps:

1. Record the deposit to be processed at the beginning of the next block:

deposits[next_block_number] += [token_type, start, offset, owner]

2. Increment total deposits for the particular token (eg. ETH, MKR, etc):

total_deposits[token_name] += amount_deposited

🔀 Transact

Transaction Format

Send

['send', [[[parent_hash, parent_block],...], start, offset, recipient], signature]

Send transactions can specify a number of transaction input ranges & send them to a single recipient. Note that all of the input ranges must be contiguous & owned by the same address.

Swap

['swap', [
  [
    [[parent_hash, parent_block],...], start, offset, recipient],
    [[[parent_hash, parent_block],...], start, offset, recipient],
    ...,  # n-party swaps are allowed
    timeout
  ],
  [signatures,...]
]

Swap transactions are comprised of a number of unsigned send transactions. All owners of all tokens must have signed the swap signatures.

Defragmentation

Any number of contiguous tokens owned by the same private key can be exited without extra storage required. Exiting tokens (100-500) is the same gas cost on Ethereum as exiting tokens (100-5000000). However, when tokens are not contiguous each segment adds significant gas usage. For example, exiting (0-500) and (1000-1500) is two times more expensive than exiting (0-1000).

Defragmentation refers to the process of shifting tokens which are owned by a particular owner such that they are contiguous. Strategies can be developed (client-side) to 1) increase the number of contiguous tokens, and 2) avoid creating unnecessary fragmentation of tokens ownership.

To reduce fragmentation we must reduce the number of adjacent tokens. However, while transacting we will often increase the number of adjacencies. The growth of adjacencies can be modeled with:

Alice sends to Bob

If Alice & Bob...           | Change in total adjacencies
  - have no adjacent tokens | +1
  - have 1 adjacent token   | +0
  - have n adjacent tokens  | -(n-1)

An example of this can be seen here:

Alice: $$$$$
Bob: *****
Charlie: ^^

State 1: $$$$$*****^^

Alice sends 3 tokens to Charlie

State 2: ^^^$$*****^^

+1 adjacency.

We can also use atomic swaps to route payments as a way to avoid creating more adjacencies. eg:

Alice: $$$$$
Bob: *****
Charlie: ^^ 

State 1: $$$$$*****^^

Alice sends 3 tokens to Charlie using an 3 person atomic swap with Bob

State 2: $$*****^^^^^

+0 adjacency.

Validity Proofs

Like in Plasma Cash, token histories grow linearly with the number of blocks. This means that validating a particular token can get extremely expensive. Some ways to address these concerns are zkSNARKs, Plasma XT-style checkpointing, and block validity bonds

⬛ Plasma Blocks

Transaction Tree Structure

As with Plasma Cash, transactions are periodically merklized and then committed on chain. However, the structure of the merkle tree has been updated for simplicity and efficiency gains.

The tree is structured as a merkle-sum-tree where the leaf nodes are separated into ranges which have either been effected by a transaction or remained untouched. Then within each leaf, there is a list of transactions which effect that leaf's range. The merkle-sum-tree guarantees that these ranges are positioned correctly & include all tokens.

Constructing a transaction tree

The following is how one might construct a transaction tree:

1. Arrange all transactions ordered by their start field. From this, produce the minimal list of ranges which have been altered by the transactions, while making sure to cover every token. For instance:

# reference: ['send', [[[...], start, offset, recipient], signature]

# With a total_deposit size of 10,
# The following transactions:
[
tx1: ['send', [[[...], 0, 3, 0x...], 0x...],
tx2: ['send', [[[...], 6, 3, 0x...], 0x...],
tx3: ['send', [[[...], 7, 2, 0x...], 0x...],
]

# Would produce the following buckets:
[ (0-2), (3-5), (6), (7-8), (9) ]

2. Create a merkle sum tree of buckets with the relevant transactions at the leaves. The sum is the number of tokens which each bucket covers. eg:

                       ______(10, 0x...)_____
                      /                      \    
            ____(9, 0x...)______            (9)
          /                      \          []
     (6, 0x...)             (3, 0x...)
   /           \           /           \ 
(0-2)        (3-5)        (6)        (7-8) 
[tx1]         []       [tx2]   [tx2,tx3]

🚪 Exit

Exits can be submitted to the Plasma contract. They must simply specify a range of tokens they wish to exit, an owner & pay a bond to pay for challenges.

Exit spent token, exit double spend, & exit invalid history

Same as Plasma Cash (see the spec here); however, challenges must provide a particular token within the range attempting to be exited that is invalid. Proving one token is invalid cancels the entire exit.

Atomic Swap Force Include

In order to handle atomic swaps, we must add the ability to force include swap transactions. This game is required when an operator is withholding blocks & users are not able to determine if their swap transaction was included. Users can thereby force the withheld atomic swap transaction to be posted to the main chain. This lets them enough information to exit their new tokens as well as cancel any invalid exits.

Signatures from phase 1 of the atomic swap transaction are required for force includes to be accepted. This prevents a malicious atomic swap counter-party from griefing by submitting undesired atomic swap force includes.

Force include procedure

User submits a swap transaction to the mainchain. It must have attached to it all Phase 1 signatures. An exit bond must be paid for every token in the swap. If it is a 3-party atomic swap, then 3 exit bonds must be paid.

The force include will go through and cancel any exits of subsequent tokens unless someone shows 1) the atomic swap was already included, or 2) there is a spend of one of the inputs to the atomic swap already.

If the force include goes through without fail, then any exits of tokens that are between the force included swap & the previous token the swap references are canceled.

Token Withdraws

If an exit succeeds, a record of the token ranges which have been withdrawn is made. These tokens can never be transacted again.

Exit Withdrawn Token Challenge

If a user attempts to exit tokens which have already been withdrawn, they may be challenged, pointing to the record of withdrawn tokens.

[TODO] Smart Contract

Constants

Storage

Functions