Solidity PLASMA withdrawals

[k06a]

Depends on #30

Block structure for solidity

Cut hashes up to 160 bits. It provides us 80bit reliability.

struct MerkleProof {
    uint160 from,
    bytes proof,
    uint index
}

Use following structure of transactions:

Merkle proof index bit map

1. 32 bits for block to tx merkle proof
2. 1 bit for tx netto proof (must be zero for outputs, inputs, max_blockid and must be one for signatures)
3. 5 bits for merkle proof for outputs, inputs and max_block_id
4. 3 bits for merkle proof for signatures.

So, maximal outputNumber is limited by 31 (must checked on the contract for input structures).

Data types encoding

leaf = keccak256(concat(datatype_byte, abi.encode(data))

Simple exit challenges

Use following requests:

struct SimpleExit {
  Input point
}

struct ExitQueueItem {
  uint160 exitHash,
  uint SFT
}


function withdrawal(Input point, address queuePtr) external payable returns (bool);

function withdrawalChallangeSpend(SimpleExit exit, address queuePtr, 
    Input spend, MerkleProof txProof, MerkleProof spendProof, 
    uint32 maxBlockId, MerkleProof maxBlockIdProof,
    Signature sign, MerkleProof signProof) external returns (bool);

function withdrawalChallangeBlock(SimpleExit exit, address queuePtr, MerkleProof proof) external returns (bool);

1. Somebody published exit and the bond. We check the validity of input on the contract and put it into the exit queue with finalization time ordered by SFT = max(now+REP+MFT, input.timestamp+MFT), where REP=MFT=1 week. Also withdrawal emit SFT in event.
2. anybody can challenge the spend of the input.
3. anybody can challenge the existence of input inside the blockchain.

Signer guarantees validity of the transaction (or he have a risk to burn his money). That's why it is enough to check the signature and maxBlockId to run withdrawalChallangeSpend.

2nd, 3rd, 4th merkle proof are short (linked to tx hash, not to block hash).
.

UX for simple withdraw

1. Somebody published exit and the bond. We check the validity of input on the contract and put it into the exit queue with finalization time ordered by SFT = max(now+REP+MFT, input.timestamp+MFT), where REP=MFT=1 week
2. anybody can challenge the spend of the input.
3. anybody can challenge the existence of input inside the blockchain.

If the input is challenged, it must be removed from the exit queue.
After finalization time the exit must be withdrawable in the queue order.

We must not store all information for the exit inside the storage. (hash, SFT) is enough to store, where hash is the hash of Input.

[snjax]

TX signatures must be verified for special exits only. If the transaction is included inside plasma chain, it must be valid, or we have particular case of defect here.

[snjax]

We can verify that TX belongs to some Plasma block during a game (like truebit protocol).
Exiter publish plasma block and index.
Verifier can challenge exit request by prooving that the index is wrong.

[snjax]

We must compute exit finalisation time by formula suggested by omisego for MoreVP protocol.