• Use library with struct and all internal methods
• Allow to add ranges (check order and collisions)
• Allow to remove ranges (check existence)

Structure:

struct Transaction {
    Input[] inputs,
    Output[] outputs,
    uint64 maxBlockIndex,
    Signatures[] signatures
}

Merkelized:

Write first implementation to check transactions

• reliable timer
• efficient tx gathering
• upload to storage
• upload to contract
• make sure that service works reliably even if it fails at any point
• write tests

Try CLI tools to choose a suitable package

Make a stable structure for blocks

Depends from #41

Deposit method for ETH:

function deposit(
    OrderedLinkedListItem depositSlot
) external payable returns(bool);

Deposit method for ERC20+ERC721:

function depositToken(
    OrderedLinkedListItem depositSlot,
    address from,
    uint amountOrTokenId
) external returns(bool);

See exit game method signatures: https://hackmd.io/FaKQ5Jc1Qg6rQ3a8xcPj_Q#Exit-game

function withdrawalBegin(
    Input point,  
    RSAInclusionProof proof
) external payable returns (bool);

function withdrawalChallangeSpend(
    ExitState state, 
    Transaction tx,
    uint64 blockIndex,
    SumMerkleProof[] txProof, // serialized to bytes
    uint8 spendIndex,
    RSAInclusionProof spendInclusionProof
) external returns (bool);

function withdrawalChallangeExistance(
    ExitState state,
    SumMerkleProof txProof,
    MerkleProof inputProof, 
    uint64 maxBlockIndex,
    MerkleProof maxBlockIndexProof
) external returns (bool);
    
function withdrawalEnd(
    ExitState state
) external returns (bool);

try CCCryptorFinal(cryptor, &outBytes + outLength, outBytes.count, &outLength).check()

• Check that transaction is well formed using common go lib
• Write tx to FDB
• add http endpoints
• write tests
• protect from block overflow

find a suitable DB

Make a cli bindings for explorer

• block overflow protection
• tx block index storage

Challenge exits

Create backlog to contract, corresponding this page.

Block Header

{
	blockNumber (uint32),
	previousBlockHash (uint256),
	merkleRoot (uint256),
	signature (65 bytes secp256k1),
	rootMerkleHash (uint256, based on keccak256)
	transactions: Array<Transaction>
}

1. First qu
   merkleRoot (uint256) and rootMerkleHash (uint256, based on keccak256)

The databases in question:

1. levelDB
2. rocksDB
3. BadgerDB
4. forestDB

TODO: Look for benchmarks from 1kkk size map of outputs

For ERC20:

assetId == address

For ERC721:

assetId == keccak256(address,tokenId)

• Maybe need to store recovery for ERC721 assetId => (address,tokenId)

Plasma exit queue is the queue of tuples (uint hash, uint SFT, address next) ordered by SFT.

We need to construct the queue with last element border (tail element's SFT is infinity) and first element border (first element's SFT is zero) and the following methods:

function _insert(address posBefore, uint hash, uint SFT) private returns (bool);
function _remove(address posBefore, address posCurrent) private returns (bool);

The contract must check that the queue is still sorted after element insertion complete.

Depends on #30

• No need to write in smart contract storage who and how many deposited, use events.
• Maybe no need to store even total amounts of tokens

Example impl:

function deposit(address beneficiary) public payable {
    emit EtherDeposited(msg.sender, beneficiary, msg.value);
}

function depositERC20(IERC20 token, uint256 amount, address beneficiary) public payable {
    // ***
    emit ERC20Deposited(token, msg.sender, beneficiary, amount);
}

function depositERC721(IERC721 token, uint256 tokenId, address beneficiary) public payable {
    // ***
    emit ERC721Deposited(token, msg.sender, beneficiary, tokenId, assetId);
}

Create backlog for plasma explorer, corresponding this link.

We need backlog for the offchain part now (no SC interaction).

Write binary data with block structure into LevelDB

In hardcode branch we've started work on infrastructure for plasma prime. We need to add:

1. Add ethereum account private key as a parameter of the app
2. Add gourutine that will periodically request ethereum balance and store it in the internal variable
3. Add Http handler for the client that will return current Ethereum connection status - Should return be set to false and return error description if last get balance request was failed

We need Merkle Tree utils that are compatible with our solidity implementation, the reference implementation is available in plasma-research\software\smartContract\test\helpers\merkletree.js

Triple replication, small cluster

Create backlog for offchain services of plasma operator server, corresponding https://docs.google.com/document/d/19uQakHh6-bniFqDJ_sGwqLdcbe9py9dF2o_4yfibTkE/edit#heading=h.4gh2e9vh5qrt

We will work on 4 projects in 4 branches:

• Verifier
• Operator
• Commons
• Smart contract

Common brach will we be included in other branches as the orphan branch.
All of them will be merged into the branch

Calculate the volume of one block and the number of blocks to write to leveldb and find the most effective property values ​​in leveldb.

Options:

1. BlockCacheCapacity
2. BlockRestartInterval
3. BlockSize
4. WriteBuffer

Connect it to solidity via go geth

Depends on #30

Block structure for solidity

Cut hashes up to 160 bits. It provides us 80bit reliability.

struct MerkleProof {
    uint160 from,
    bytes proof,
    uint index
}

Use following structure of transactions:

Merkle proof index bit map

1. 32 bits for block to tx merkle proof
2. 1 bit for tx netto proof (must be zero for outputs, inputs, max_blockid and must be one for signatures)
3. 5 bits for merkle proof for outputs, inputs and max_block_id
4. 3 bits for merkle proof for signatures.

So, maximal outputNumber is limited by 31 (must checked on the contract for input structures).

Data types encoding

leaf = keccak256(concat(datatype_byte, abi.encode(data))

Simple exit challenges

Use following requests:

struct SimpleExit {
  Input point
}

struct ExitQueueItem {
  uint160 exitHash,
  uint SFT
}


function withdrawal(Input point, address queuePtr) external payable returns (bool);

function withdrawalChallangeSpend(SimpleExit exit, address queuePtr, 
    Input spend, MerkleProof txProof, MerkleProof spendProof, 
    uint32 maxBlockId, MerkleProof maxBlockIdProof,
    Signature sign, MerkleProof signProof) external returns (bool);

function withdrawalChallangeBlock(SimpleExit exit, address queuePtr, MerkleProof proof) external returns (bool);

1. Somebody published exit and the bond. We check the validity of input on the contract and put it into the exit queue with finalization time ordered by SFT = max(now+REP+MFT, input.timestamp+MFT), where REP=MFT=1 week. Also withdrawal emit SFT in event.
2. anybody can challenge the spend of the input.
3. anybody can challenge the existence of input inside the blockchain.

Signer guarantees validity of the transaction (or he have a risk to burn his money). That's why it is enough to check the signature and maxBlockId to run withdrawalChallangeSpend.

2nd, 3rd, 4th merkle proof are short (linked to tx hash, not to block hash).
.

UX for simple withdraw

1. Somebody published exit and the bond. We check the validity of input on the contract and put it into the exit queue with finalization time ordered by SFT = max(now+REP+MFT, input.timestamp+MFT), where REP=MFT=1 week
2. anybody can challenge the spend of the input.
3. anybody can challenge the existence of input inside the blockchain.

If the input is challenged, it must be removed from the exit queue.
After finalization time the exit must be withdrawable in the queue order.

We must not store all information for the exit inside the storage. (hash, SFT) is enough to store, where hash is the hash of Input.

PrimeHash game for Plasma Prime

We need to use the mapping between integers and prime numbers for some cases in Plasma Prime:

• calculating $H_{prime}$ for Wesolowski proof
• calculating prime numbers for each coin

Also, it will be useful if we can use it without any precomputations in lazy mode.
I propose to use something like truebit protocol for deterministic mapping any uint256 number (excluding 0 and 1) to a prime number.

Let's determine
$ Prime(I) := \max(n: 1 < n \leq I; n \in P) $.

We do not use any better computable subsets in the set of prime numbers, because it brings us additional work in the contract, as you can see below. $Prime(I)$ is not complicated to compute offchain for any 256bit I (not only PC but also cell phones are OK).

We can enumerate all plasma dust coins as $Prime(I*offset)$ and use not only $2^{40}$, but also $2^{50}$ or more dust coins and do not need to store the data anywhere.

Also we can use $PrimeHash(x) := Prime(keccak256(x))$ for $H_{prime}$ calculation.

For onchain cases let's use the game:

The game is simply generalizable for calculation with multiple prime numbers (it is enough to challenge one value to reject the calculation).

• Use solidity assembler to gain max performance
• Sample impl: https://github.com/zcoinofficial/solidity-BigNumber/blob/master/contracts/BigNumber.sol

• watch for eth events
• handle deposits
• handle withdrawals
• handle challenges