Document Open Access Logo

Lower Bounds for Off-Chain Protocols: Exploring the Limits of Plasma

Authors Stefan Dziembowski, Grzegorz Fabiański, Sebastian Faust, Siavash Riahi

PDF
Thumbnail PDF

File

LIPIcs.ITCS.2021.72.pdf
  • Filesize: 0.57 MB
  • 20 pages

Document Identifiers

Author Details

Stefan Dziembowski
  • University of Warsaw, Poland
Grzegorz Fabiański
  • University of Warsaw, Poland
Sebastian Faust
  • Technische Universität Darmstadt, Germany
Siavash Riahi
  • Technische Universität Darmstadt, Germany

Funding

This work was partly supported by the FY18-0023 PERUN grant from the Ethereum Foundation, by the TEAM/2016-1/4 grant from the Foundation for Polish Science, by the DFG CRC 1119 CROSSING (project S7), by the German Federal Ministry of Education and Research (BMBF) iBlockchain project (grant nr. 16KIS0902), and by the German Federal Ministry of Education and Research and the Hessen State Ministry for Higher Education, Research and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE.

Cite AsGet BibTex

Stefan Dziembowski, Grzegorz Fabiański, Sebastian Faust, and Siavash Riahi. Lower Bounds for Off-Chain Protocols: Exploring the Limits of Plasma. In 12th Innovations in Theoretical Computer Science Conference (ITCS 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 185, pp. 72:1-72:20, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)
https://doi.org/10.4230/LIPIcs.ITCS.2021.72

Abstract

Blockchain is a disruptive new technology introduced around a decade ago. It can be viewed as a method for recording timestamped transactions in a public database. Most of blockchain protocols do not scale well, i.e., they cannot process quickly large amounts of transactions. A natural idea to deal with this problem is to use the blockchain only as a timestamping service, i.e., to hash several transactions tx_1,…,tx_m into one short string, and just put this string on the blockchain, while at the same time posting the hashed transactions tx_1,…,tx_m to some public place on the Internet ("off-chain"). In this way the transactions tx_i remain timestamped, but the amount of data put on the blockchain is greatly reduced. This idea was introduced in 2017 under the name Plasma by Poon and Buterin. Shortly after this proposal, several variants of Plasma have been proposed. They are typically built on top of the Ethereum blockchain, as they strongly rely on so-called smart contracts (in order to resolve disputes between the users if some of them start cheating). Plasmas are an example of so-called off-chain protocols. In this work we initiate the study of the inherent limitations of Plasma protocols. More concretely, we show that in every Plasma system the adversary can either (a) force the honest parties to communicate a lot with the blockchain, even though they did not intend to (this is traditionally called mass exit); or (b) an honest party that wants to leave the system needs to quickly communicate large amounts of data to the blockchain. What makes these attacks particularly hard to handle in real life is that these attacks do not have so-called uniquely attributable faults, i.e. the smart contract cannot determine which party is malicious, and hence cannot force it to pay the fees for the blockchain interaction. An important implication of our result is that the benefits of two of the most prominent Plasma types, called Plasma Cash and Fungible Plasma, cannot be achieved simultaneously. Besides of the direct implications on real-life cryptocurrency research, we believe that this work may open up a new line of theoretical research, as, up to our knowledge, this is the first work that provides an impossibility result in the area of off-chain protocols.

Subject Classification

ACM Subject Classification
  • Security and privacy
  • Security and privacy → Cryptography
Keywords
  • blockchain
  • lower bounds
  • off-chain protocol
  • commit chain
  • plasma

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Related Versions

References

  1. N. Asokan, Matthias Schunter, and Michael Waidner. Optimistic protocols for fair exchange. In Richard Graveman, Philippe A. Janson, Clifford Neuman, and Li Gong, editors, CCS '97, Proceedings of the 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, April 1-4, 1997, pages 7-17. ACM, 1997. URL: https://doi.org/10.1145/266420.266426.
  2. Vitalik Buterin. A note on limits on incentive compatibility and griefing factors. URL: https://vitalik.ca/files/extortion_griefing_bounds.pdf.
  3. Vitalik Buterin. Scalability, part 2: Hypercubes. URL: https://blog.ethereum.org/2014/10/21/scalability-part-2-hypercubes/.
  4. Vitalik Buterin. Minimal viable plasma, 2018. URL: https://ethresear.ch/t/minimal-viable-plasma.
  5. Vitalik Buterin. Plasma cash: Plasma with much less per-user data checking, 2018. URL: https://ethresear.ch/t/plasma-cash-plasma-with-much-less-per-user-data-checking/1298.
  6. Vitalik Buterin. The dawn of hybrid layer 2 protocols. https://vitalik.ca/general/2019/08/28/hybrid_layer_2.html, August 2019. (Accessed on 02/08/2020).
  7. Christian Cachin and Jan Camenisch. Optimistic fair secure computation. In Mihir Bellare, editor, Advances in Cryptology - CRYPTO 2000, 20th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2000, Proceedings, volume 1880 of Lecture Notes in Computer Science, pages 93-111. Springer, 2000. URL: https://doi.org/10.1007/3-540-44598-6_6.
  8. Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14-17 October 2001, Las Vegas, Nevada, USA, pages 136-145. IEEE Computer Society, 2001. URL: https://doi.org/10.1109/SFCS.2001.959888.
  9. Stefan Dziembowski, Lisa Eckey, and Sebastian Faust. Fairswap: How to fairly exchange digital goods. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, pages 967-984. ACM, 2018. URL: https://doi.org/10.1145/3243734.3243857.
  10. Stefan Dziembowski, Lisa Eckey, Sebastian Faust, Julia Hesse, and Kristina Hostáková. Multi-party virtual state channels. In Yuval Ishai and Vincent Rijmen, editors, Advances in Cryptology - EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19-23, 2019, Proceedings, Part I, volume 11476 of Lecture Notes in Computer Science, pages 625-656. Springer, 2019. URL: https://doi.org/10.1007/978-3-030-17653-2_21.
  11. Stefan Dziembowski, Grzegorz Fabiański, Sebastian Faust, and Siavash Riahi. Lower bounds for off-chain protocols: Exploring the limits of plasma. Cryptology ePrint Archive, Report 2020/175, 2020. URL: https://eprint.iacr.org/2020/175.
  12. Stefan Dziembowski, Sebastian Faust, and Kristina Hostáková. General state channel networks. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, pages 949-966. ACM, 2018. URL: https://doi.org/10.1145/3243734.3243856.
  13. Georg Fuchsbauer, Michele Orrù, and Yannick Seurin. Aggregate cash systems: A cryptographic investigation of mimblewimble. In Yuval Ishai and Vincent Rijmen, editors, Advances in Cryptology - EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19-23, 2019, Proceedings, Part I, volume 11476 of Lecture Notes in Computer Science, pages 657-689. Springer, 2019. URL: https://doi.org/10.1007/978-3-030-17653-2_22.
  14. Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Elisabeth Oswald and Marc Fischlin, editors, Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II, volume 9057 of Lecture Notes in Computer Science, pages 281-310. Springer, 2015. URL: https://doi.org/10.1007/978-3-662-46803-6_10.
  15. Lior Goldberg and Oren Katz. Starkdex deep dive: Contracts & statement - starkware - medium. https://medium.com/starkware/tagged/starkdex-specs, 2019. (Accessed on 02/08/2020).
  16. Lewis Gudgeon, Pedro Moreno-Sanchez, Stefanie Roos, Patrick McCorry, and Arthur Gervais. Sok: Layer-two blockchain protocols. In Joseph Bonneau and Nadia Heninger, editors, Financial Cryptography and Data Security - 24th International Conference, FC 2020, Kota Kinabalu, Malaysia, February 10-14, 2020 Revised Selected Papers, volume 12059 of Lecture Notes in Computer Science, pages 201-226. Springer, 2020. URL: https://doi.org/10.1007/978-3-030-51280-4_12.
  17. Stuart Haber and W. Scott Stornetta. How to time-stamp a digital document. J. Cryptology, 3(2):99-111, 1991. URL: https://doi.org/10.1007/BF00196791.
  18. Russell Impagliazzo and Steven Rudich. Limits on the provable consequences of one-way permutations. In David S. Johnson, editor, Proceedings of the 21st Annual ACM Symposium on Theory of Computing, May 14-17, 1989, Seattle, Washigton, USA, pages 44-61. ACM, 1989. URL: https://doi.org/10.1145/73007.73012.
  19. Harry A. Kalodner, Miles Carlsten, Paul Ellenbogen, Joseph Bonneau, and Arvind Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In 14th Annual Workshop on the Economics of Information Security, WEIS 2015, Delft, The Netherlands, 22-23 June, 2015, 2015. URL: http://www.econinfosec.org/archive/weis2015/papers/WEIS_2015_kalodner.pdf.
  20. Jonathan Katz and Yehuda Lindell. Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series). Chapman & Hall/CRC, 2007. Google Scholar
  21. Rami Khalil, Alexei Zamyatin, Guillaume Felley, Pedro Moreno-Sanchez, and Arthur Gervais. Commit-chains: Secure, scalable off-chain payments. Cryptology ePrint Archive, Report 2018/642, 2018. URL: https://eprint.iacr.org/2018/642.
  22. Aggelos Kiayias and Orfeas Stefanos Thyfronitis Litos. A composable security treatment of the lightning network. IACR Cryptology ePrint Archive, 2019:778, 2019. URL: https://eprint.iacr.org/2019/778.
  23. Georgios Konstantopoulos. Plasma cash: Towards more efficient plasma constructions, 2019. URL: https://www.gakonst.com/plasmacash.pdf.
  24. Rajarshi Mitra. Plasma breakthrough: Omisego (omg) announces the launch of ari. https://www.fxstreet.com/cryptocurrencies/news/plasma-breakthrough-omisego-omg-announces-the-launch-of-ari-201904120245. (Accessed on 02/08/2020).
  25. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2009. URL: http://bitcoin.org/bitcoin.pdf.
  26. Joseph Poon and Vitalik Buterin. Plasma: Scalable autonomous smart contracts, 2017. URL: http://plasma.io/plasma.pdf.
  27. Nick Szabo. Smart contracts: Building blocks for digital markets. Extropy Magazine. Google Scholar
  28. Trustnodes. Ethereum transactions fall off the cliff, three plasma projects close to release says buterin, 2018. URL: https://www.trustnodes.com/2018/07/05/ethereum-transactions-fall-off-cliff-three-plasma-projects-close-release-says-buterin.
  29. Wikipedia. Trusted timestamping. URL: https://en.wikipedia.org/wiki/Trusted_timestamping.
  30. Joon Ian Wong. The ethereum network is getting jammed up because people are rushing to buy cartoon cats on its blockchain. Quartz, 2017. URL: https://qz.com/1145833/cryptokitties-is-causing-ethereum-network-congestion/.
  31. Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger, 2016. URL: http://gavwood.com/paper.pdf.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact