Litigable Protocols
Motivation
Disclaimer, or Downside
Litigability kills censorship resistance
Proposed Technique
Basic concept
Make Plasma Operator(= op) and Trusted Third Party of Plapps(=TTP) litigable.
Plapps is an abrreviation of "Plasma Applications". It's variety types of smart contracts via Plasma UTXO model.
Under this construction, the op must be singleton (No other ops. No PoS consensus in childchain).
Under this construction, the TTP must be Risk Limited (Never give full control of trusted fund, just cryptographically limited control enforced via incentive)
Litigable means "able to sue", and so these entities and end-users must be in the same nation.
Applicaiton1: 0-conf for smart contract
I warmly explain it here :)
Plasma FF is a smart contract for compensation.
The content is - "This is a signed cheque by operator, regarding a promise between the end-user and the operator. When the op couldn't include corresponding Tx within certain blockheight of childchain, the op must willingly pay back the same amount of fund from L1 collateralized op's fund to the holder of this cheque."
The op gives a signature for only the holders of FF NFT.
FF NFTs are sold on Merchant Wallet. This is a open source Plasma wallet variant. Everyone can be the holder of the FF NFT, and be the acceptee of FF Tx. Here's diagram of the execution of FF Tx
https://gyazo.com/ae6b75083d7c1981e32b885793fff2c4
Tips
The op is the only person who can censor the Tx in childchain.
Even if a miner of L1 tries to update the commited hash of the Plasma, existing data manipulation is impossible and commit contract execution is only permitted for the op.
So, the fraudster is to be always the op
And so, when the op collaterize some fund for fraud, the censorship of "corresponding Tx" is not a big deal for cheque acceptees.
Note: The coercion is colalteral under this for this costruction.
So, what if we change the coercion into "litigability"?
Wait, wat!? this is permissionless publich blockchain, right? Why the heck legal procedure comes in!?
Answers:
Litigability enforce the op as like cryptoeconomic incentives.
We can sue the op if end-users of applicaitons and the op, the TTPs are in the same nation.
Q. How can we prove the op and the TTP are in the same territory?
So, everyone can verify the signature of cheque is correct done by the right party.
Application2: Private key restoration method for lost key and payment mistake
Tips
bank issued hard-peg stablecoin is the best match (Mr. Pomp would be mad for this opinion)
bank issued coin is an ERC-20. It is interoperable with DeFi/DopeFi.
At the socially scaled/mass adopted phase, this coin is just simply bank account.
Regardless you like it or not, this is certain demand of ETH token from real world (via Plasma commitment Tx gas)
Salary account is to be ERC-20
Unstable country cannot directly use this concept, but by choosing other country as litigation place, and choosing main currency as DAI, it would work.
Latency between end-users and childchain is to be minimized.
So the FF speed is to be ~300ms (mainly consisted of history verification time of Plasma Chamber)
Highway Tall, Station Gate, busy fast food restaurant, and E-Commerce are able to gain the benefit of trustless FF payment.
0-conf smart contract execution is also to be ~300ms
Cryptoeconomic/LegalOptimum tuning is very important when you desing a litigable protocol.
$100M P2P lending upon -$1M/month losing trusted third party would definitely be tried to collude to gain fraudulent profit.
The op and the TTP had better to financially audited. Transparency of identity and financial situation helps end-users to make decision.
FAQ
Q. It's not decentralized future!
I clearly admit that this construction is weak for network layer censorship, physical arrest, cyber target attack, and targetted violence.
I clearly insist that none of these attack can steal customers' fund because the litigable protocol never break Plasma protocol.
I warmly suggest that we also interested in anonymous Plasma on the bulletproof server. Just both Plasma.
Q. How can we write smart contract on L2?
Just like Bitcoin UTXO(=I intentionally didn't mention "Script", "TxVM", or "VM" because simple UTXO model Tx is enough for this model), Escrow-ish fund locking Tx + TTP can consist Plasma Compound. Intra-chain swap Tx(2inputs and 2outputs TX) can consist Plasma 0x. Inter-chain atomic swap via HTLC(escrow Tx) can consist cross chain DEX.
Large amount of Transaction must be secured by arbitrary trustworthy TTP.
I clearly admit these in-flight Txs are trusted. But this trust is relatively accountable about its risk.
The wallet balance is simply under Plasma security guarantee. Non custodial.
Q. Does it expand financial unfairness due to its only-trustworthy-corporation setting?
Yes, as like PoW, financial unfairness will expand.
At first it is permissionlessly earnable, but now it isn't due to economics of scale.
PoS is relatively permissionlessly earnable, but still, richman gets richer structure there is.
So, I humbly suggest blockchain technology itself isn't made for shrinking financial gap.
I'm still learning how to shrink it, and in another project I might tackle for it ;)
Q. Even Exit Game isn't required for this assumption.
A. I recommend to assign Law Minimalism attitude for your litigable protocol design Consumer protection is main purpose of financial law. And keep system non-custodial is always center of design principle.
Q. In-flight Txs(L2 smart contracts) are insecure.
A. Transparency of the op and the TTP helps end-users to make better decision to make their funds in-flight.
Huge and slow contract had better to go L1 basically.
Q. Do you take responsibility of lost request of private key?
Under Plasma construction, after certain period of online-requirement(exit game's challenge period), customers' fund is to be withdrawable by the op
So, the op can prepare for a terms&conditions as "if you lost private key, after XXX week/month, we'll restore it".
Sidenotes
I'm looking for the most secure L1 smart contract chain
99% fault tolerant consensus based slow trustless checkpointing seems interesting for me
This is "security per coercion maximization" problem.
Current Plasma is able to work w/o revealing entire Tx data to everyone via block explorer.
In other words, proof publishing is the only duty of the op
The op and you only able to know your Tx history like Alipay, Venmo, Paypal and so on.
We're researching BEAM-esque selective privacy construction for Plasma Chamber (so called audit mode, but BEAM hasn't implemented it yet.)
Disclamer: I'm am eager advocate of non-surveillance capitalism.
Related Articles
Team and Contributions
Author: sg.icon sg
Shuhei Hiya for general implementations and Plasma architectures
Tanu is for FF construction
So many contributions and inspirations from Plasma, Game Theory and especially CryptoLaw community. I'll list them all later.
Community Responses
Japan