Vitalik: Sidechain vs Plasma VS fragmentation, blockchain expansion scheme comparison

Special thanks to Jinglan Wang for reviewing and providing feedback on the article.

We often encounter a problem: What is the difference between sharding, sidechain and Plasma ? All three architectures seem to involve a central "backbone" star topology that acts as a consensus pillar for the system, in addition to a set of "child" chains containing actual user-level transactions. . The hashes in the sub-chain are usually periodically posted to the main chain (there is a theoretically non-centralized slice chain, but it has not been implemented so far, this article will not pay attention to them, but the parameters are similar). Given this basic similarity, what is the reason for choosing one of the options instead of the other?

The distinction between side chains and Plasma is simple. The Plasma chain is a non-monitoring sidechain: If there are any errors in the Plasma chain, the error is detectable and the user can safely exit the Plasma chain and prevent the attacker from causing any permanent damage. The only cost to the user is that they have to wait for a challenge cycle and pay some higher transaction fees on the (non-expandable) base chain. Conventional side chains do not have this security attribute, so they are less secure. However, designing a Plasma chain is much more difficult in many cases, and one might say that for many low-value applications, adding complexity and providing better security is not worth it.

Vitalik Buterin

(Photo: Vitalik Buterin, from Duncan Rawlinson)

So, what is the relationship between Plasma and the shards, and what are the advantages? The key technical difference is the concept of tight coupling . Tight coupling is an attribute of sharding, but not a side chain or a property of Plasma, which means that the validity of the main chain (such as the beacon chain in Ethereum 2.0) is inseparable from the validity of the sub-chain. That is, by definition, it is invalid to specify an invalid backbone block as a sub-chain block of an attached item, and more importantly, by definition, a main chain block containing an invalid sub-chain block is invalid.

In a non-segmented blockchain, the definition of a canonical chain (a chain of "real" history accepted by all) is completely available and effective; for example, in the case of Bitcoin and Ethereum, people usually say The canonical chain is the "longest effective chain" (or, to put it more arrogantly, the normative chain is "the heaviest effective and available chain"). In the fragmented blockchain, the most efficient and usable specification chain concepts are equally applicable, and their validity and usability requirements apply to both the main chain and the slice chain. However, the new challenge for fragmentation systems is that users cannot directly verify the validity and availability of any given chain directly because of too much data. The challenge of the engineering sharding chain is to verify which chains are fully available and efficient by giving the user a maximum of distrust and practical indirect means so that they can still determine which chain is normative. In practice, this includes technologies such as committees, SNARKs/STARKs, fisherman programs, fraud and proof of data availability .

If a chain structure does not have such tight coupling characteristics, it can be said that it is not a layer-1 fragmentation scheme, but a layer-2 system located on the non-expandable layer-1 chain. Plasma is not a tightly coupled system: an invalid Plasma block can definitely submit its block headers to the main Ethereum chain because the Ethereum base layer does not know that it represents an invalid Plasma block, or even that it does not know that it represents a Plasma block. It sees only a transaction that contains a small amount of data. However, the consequences of a single Plasma chain failure are limited to the Plasma chain.


However, if you try to analyze how users perform the "indirect verification" process to determine if the chain they are viewing is fully valid and available, and without downloading and executing the entire process, we can find the slice and the Plasma. A more similar way of working. For example, one common technique used to prevent usability problems is fishermen : if a node treats a given part of a block as unavailable, it can issue a challenge that declares the problem, creating a time period for anyone. This data can be published during this time period. If a block has not been questioned for a sufficient amount of time, you can restore the block that is referenced as a dependency. This seems to be basically similar to Plasma. In Plasma, if a block is not available, the user can post the message to the main chain in response to the exit status. Both technologies will eventually yield in the same way under pressure: if there are too many error challenges in a sharding system, then the user cannot track whether all the availability challenges have been resolved; if there is too much in a Plasma system The availability of many challenges, then when the exit fills the block size limit of the chain, the main chain may be overwhelmed. In both cases, it seems that the system has O(C^2)的 scalability (where C is the computational power of a node), but scalability reduces O(C) in the event of an attack. However, sharding is more defensive for this.

First, the current shard design uses a random sampling committee mechanism, so even a committee can't easily do evil (to the extent of generating a false block) unless a committee has a large portion of the chain's entire set of validators. (may be greater than 1/3).

Second, there is a better data availability processing strategy than fishermen: proof of data availability. In a scenario that uses data availability certification, if the block is not available, the client's data availability check will fail and the client will consider the block to be unavailable. If the block is invalid, then even a fraudulent proof will convince them of the fact of the entire block. An O(1)-sized fraud certificate that allows the client to believe that the O(C) -sized block is invalid, so the O(C) data is sufficient for the client to believe that the O(C^2) data is invalid (in In the worst case, the client interacts with the N sister block, and only one of the parent blocks of the sister block is valid; in the more likely case, a single fraud certificate is sufficient to prove the invalidity of the entire invalid chain. Therefore, in theory, the sharding system is less likely to be knocked down by DoS (Denial of Service) attacks than the Plasma chain .

Second, the fragmentation chain provides greater protection against large attackers and most attacks (more than 1/3 or even 1/2 of the set of verifiers). The Plasma chain is always able to successfully perform 51% attacks on the backbone of the review and exit, while the slice chain does not. This is because data availability certificates and fraud certifications occur inside the client, not inside the chain, so the slice chain cannot be reviewed by 51% of attacks. Third, the defense provided by the segmentation chain is easier to generalize. Plasma's exit model requires states to be separated into separate parts, each of which is in the interest of any single participant, and relying on data availability certificates, fraud certificates, fishermen, and randomly sampled slice chains is theoretically widely applicable. .

However, the Plasma chain also has great advantages. First, they can be iterated and new designs can be implemented faster because each Plasma chain can be deployed separately without the need to coordinate the rest of the ecosystem. Second, fragmentation itself is more vulnerable because it attempts to guarantee the full availability and validity of certain amounts of data that must be set in the protocol. If this number is too small, it is not conducive to the scalability of the system. Too much, the entire system is at risk of crashing. The maximum level of security for scalability also depends on the number of users in the system, which is an unpredictable variable. On the other hand, the Plasma chain allows different users to make different trade-offs in this regard and allows users to be more flexible in adapting to environmental changes.

The single carrier Plasma chain also offers more privacy than all data-distributed sharding systems. Even where privacy is not required, they may be more efficient because the total data availability requirements of the sharding system require a large amount of additional redundancy as a margin of safety. On the other hand, in the Plasma system, the data requirements for each data block can be minimized. In the long run, each data block may only need to be copied several times instead of being copied a thousand times as in the fragmentation system. .

Therefore, in the long run, the hybrid system of slice chain + Plasma chain to provide further scalability seems to be the most feasible method . This hybrid model can better serve the needs of different groups of users, not just rely on In one or the other strategy. Unfortunately, Plasma and shards cannot be folded into the same design, which is irreparable in some key respects. But these two scalability solutions (and stateful channels!) have a bright future.