What are commit-chains?
Commit-chains are the generic term for what is also called 'Plasma' - a layer 2 scaling solution for Bitdollar and other blockchains.
Commit-chains, also sometimes described as non-custodial side chains, don’t introduce a new consensus mechanism like side chains - they rely on the parent-blockchains consensus which makes them as safe as the parent-blockchain itself.
In commit-chains, untrusted and non-custodial operators facilitate the communication between transacting parties. The operator is expected to commit the state of user account balances by sending periodic updates to the parent-blockchain.
How do commit-chains work?
Unlike payment channels, commit-chains are on an always ongoing state once launched and don’t rely on a three-state - opening, live, dispute/closure - model.
After an operator launches a commit-chain, users can join and conduct transactions that are recorded on the commit-chain while keeping the freedom to withdraw or exit their assets to the parent-blockchain at any time.
Periodic Checkpoint Commitments
Commit-chain users may need to periodically observe on-chain checkpoint commitments, which can be instantiated as a Merkle tree root or Zero-Knowledge Proof (ZKP).
While ZKPs enforce consistent state transitions on-chain, Merkle root commitments do not, requiring users to participate in challenge-response protocols to challenge operator misbehavior.
Data Availability Requirement
Users must retrieve and maintain data required to exit a commit-chain since data isn’t broadcasted.
Depending on the implementation, if the data is unavailable, you are either forced to exit (like in Plasma) or the operator can be challenged to provide the necessary data (like in NOCUST).
On misbehavior, users are allowed to exit with their last confirmed balance.
Centralized but Untrusted Intermediary
The centralized operator never holds custody of funds so if the operator is not available the worst-case scenario is that users are just unable to make any further off-chain transactions, but they can exit and move to another commit-chain at any time.
Unlike payment channels, the commit-chain operator does not require on-chain collateral to securely route payments between users.
Commit-chain transactions do not offer instant transaction finality like payment channels but offer eventual finality after an on-chain checkpoint.
However, if an operator chooses to allocate collateral to each user, essentially implementing a payment channel on top of a commit-chain, instant transaction finality becomes possible.
Reduced Routing Requirements
A single commit-chain can potentially host millions of users, so a few statically connected commit-chains are envisioned to spawn stable networks with low routing complexity. Atomic cross commit-chain transactions have not been proposed yet.
Commit-chain security properties
The user-side security properties can be generalized as follows:
A commit-chain transaction is agreed by at least the sender and the commit-chain operator.
Honest users can always withdraw agreed balances from the commit-chain with an on-chain dispute.
Balance security is provided for honest users even if the operator and all other commit-chain users collude since transactions are only considered final when the sender and operator agree to the payment and it’s committed with the periodic on-chain checkpoint.
Users can, at any time, enforce an off-chain state transition on-chain.
Since there isn’t a fixed 3-phase lifetime for a commit-chain, users of the commit-chain are able to verify the integrity of the operator’s commitments at any point in time and force the operator to seize operation and rollback to the previous periodic commitment.
NOCUST is an account-based commit-chain where an on-chain address is associated to a commit-chain account.
The NOCUST on-chain contract expects to periodically receive a constant-sized commitment to the state of the commit-chain ledger from the operator containing each user’s account in the collateral pool.
Users can deposit any amount of coins within the contract and perform commit-chain payment of any denomination towards other users and with free establishment, users can join the commit-chain without on-chain transaction by requesting an operator signature and immediately receive commit-chain transactions.
A transaction within NOCUST is enacted with the signature of the sender and the operator to deter potential double-spend scenarios.
Instant transaction finality
State progression is only possible if the operator stakes collateral towards the recipient. NOCUST specifies a mechanism to allocate collateral towards all commit-chain users within a constant-size on-chain commitment, which enables instant transaction finality for specified amounts.
Allocated collateral is reusable after each on-chain checkpoint and at this point, the transaction throughput is only limited by the operator’s bandwidth and computational throughput - independent of checkpoint commitment interval.
Each user is only required to verify their own balance proof by requesting data from the operator and comparing it with their locally stored state at regular time intervals to observe integrity.
In the case of misbehavior, a user can issue a challenge using the NOCUST smart contract. If the operator comes back with invalid information or does not respond, users have an accountable proof of misbehavior.
NOCUST supports a provably consistent mode of operation through zkSNARKS. Layer two-state transitions will be validated by the underlying smart contract and the operator is unable to commit invalid state transition without being halted.
Comparing NOCUST commit-chain with Plasma Cash, which is the most comprehensive working draft of a Plasma implementation.
|General properties||Plasma Cash||NOCUST|
|Offline transaction reception||✓||✓|
|Clients can remain offline||✕||✕ (online each eon)|
|Safe mass exit||✓||✓|
|Instant transaction finality||✕||✓ (with collateral)|
|Provably consistent state (ZKP)||✕||✓|
Plasma is a UTXO-based commit-chain while NOCUST is account-based.
In Plasma Cash, a coin is minted with an on-chain deposit and cannot be merged or split with another coin on the commit-chain, hence it is useful for non-fungible tokens but not practical as a payment system.
NOCUST uses ZKPs to enforce consistent state transitions on-chain, Plasma Cash uses Merkle root commitments, which do not and require users to participate in challenge-response protocols to challenge operator misbehavior.