Manager

The PlasmaRifle Root-chain Manager

The PlasmaRifle Root-chain Manager contract manages the bridge between Ethereum and the Gunero network. It creates a public signal that the child-chain follows to manage forced entries and exits from the child-chain that the Proof of Authority consensus participants approve as a group. It also allows network participants the ability to control their assets in the child-chain by exiting from the chain's control and returning their tokens back into their own control if the network is experiencing consensus failure or censorship.

Entry (aka Locking)

The deposit(tokenId) function allows the token's owner to transfer control of the token into the child chain network, where transfer-ability according to the rules of the Gunero network is allowed.

Exit (aka Unlocking)

The exit(tokenId) function allows the token's current owner in the Gunero network to exit their token from the Gunero network, removing it's ability to be transferred according to the rules of the network. Due to the "Zero Knowledge" property of Gunero it is not possible to know who the owner is of the token directly, but thanks to the usage of the Simple Merkle Tree (SMT) data structure for the database that Plasma Cash uses (which Gunero is derived from) to manage the current state of token ownership, finality is a reliable property and we can leverage that in the exit procedure to prove that a an exit is valid via a Merkle Proof against the current root hash stored for the last published block from the child chain. This means that transfer-ability is restricted such that only one transfer can be performed per tokenId between each child-chain block publishing, which is currently every 7 days.

Thanks to the "provable computation" property of the of Gunero zkSNARK transactions, it is cryptographically unlikely that anyone besides the owner can submit actually an exit transaction. This means we can eliminate the "challenge period" required in Plasma Cash exit procedures.

A primary use case of the exit procedure in PlasmaRifle is actually an attestation of loss or theft of the physical firearm. This allows a user to declare their token unspendable, and blacklist their firearm from future minting. This also creates a signal for law enforcement and other interested parties to follow the status of the firearm. Any exit will be cancel-able by the attestor within the checkpoint threshold, which is currently 30 days.

Hot Potato! Exit (aka proof of non-ownership) [MVP Only]

In PlasmaRifle, we introduce the concept of "Hot Potato" exits, which are defined as an exit with a proof of that party spending a specific tokenId and transferring it to someone else, which they publicly announce. This exit is backed by submitting their original transaction, which shows that the transaction was conducted correctly, and no false information was submitted. The "hot potato" exit can only start with the original party who tokenized that firearm by revealing the transaction immediately following the minting of that token. The current "owner" of the token will then have until the checkpoint time period to submit another "hot potato" exit, thereby showing re-transmission of the tokenId to another party and resetting the timer. If the exit is shown to be "final" aka a merkle proof can be submitted against the current root hash that reflects the token is included in the current, the timer is stopped and the last "owner" is now the owner of the token.

This property can allow law enforcement the tools necessary to track down the ownership chain of the firearm in the case of an incident by appealing to the original party who tokenized that firearm, either through a court order or that party's own volition. This is the only way to uniquely determine the current owner of a firearm of interest, and since it is transparent and on-chain can be a mitigating factor against the possibility of "mass surveillance" by law enforcement, since it is not possible to determine overall ownership without private information from each participant in every transaction, information that GunClear does not know.