@Plasma had never been created to ensure continued execution. Its central promise is more limited and conservative: in case off-chain systems get invalid, the user should still be able to retrieve their money in Ethereum. This design alternative puts fund recovery first before availability, throughput, or execution continuity. Plasma acknowledges that off-chain environments are weak and constructs its guarantees on what can go wrong, and not what can go right.
In the structural way, the implementation is separated at @Plasma with enforcement. The state updates and transactions are executed in child chains that run off-chain and Ethereum is the ultimate ownership and dispute resolution authority. Ethereum does not validate each transition of the state, rather, when users request exits or assert invalid behavior, it interferes. This cuts down on-chain load although this transfers the security model. Correctness is a post hoc, a matter that is imposed by the demonstration and contention, as opposed to being enforced throughout execution.
This movement is the reason why fund recovery is central to the design of @Plasma . Since Ethereum does not witness all off-chain actions, Plasma will need to assume that operators are able to censor transactions, publish invalid state commitments, or not publication whatsoever. Instead of trying to avert such failures, Plasma assumes their occurrence to be normal. The system is designed in such a way that users can react by leaving it even in such a situation as the child chain turns hostile or unresponsive.
There is no need to have exit mechanisms as secondary features to the protocol; exit mechanisms are the backbone of the protocol. Plasma outlines clear steps on the process of moving assets out of the child chain and back to Ethereum, which usually entails challenge steps and evidence of fraud. Any person may appeal against an invalid exit during such windows by showing evidence of a contrary or subsequent state. In case there is no legitimate objection, the withdrawal will be finalized and the money will be emitted on Ethereum. It is sluggish and conservative in nature and ensures that the correctness is put first before speed.
This focus on exits has implications on performance. It is not guaranteed that it will be available continuously. Failure by an operator to produce blocks or provide data can cause users to be unable to make normal transactions. This is not taken as a catastrophic failure in the model of @Plasma . The system goes into an exit phase, which is the process where normal execution is stopped and recovery is initiated. That is, Plasma is not created to work under hostile conditions indefinitely, but on the contrary, to fail under these conditions.
There is the restriction that exits can be proven in Ethereum that further restricts the type of support that Plasma allows. General-purpose smart contracts are hard to model as exit conditions have to be put down in writing and verifiable by limited on-chain data. Most @Plasma constructions thus tend to prefer the construction of simpler state models, including UTXO-like models, in which ownership histories are simpler to establish. These limitations are not by chance restrictions; they are what it cost to be able to make fund recovery tractable over the worst-case assumptions.
The strategy of Plasma is the opposite of scaling models that seek to maintain the continuous execution through adding on-chain verification. Those systems demand less vigilance and protection of funds on the part of users by posting more data to Ethereum or re-executing off-chain transactions on-chain. Plasma instead puts a smaller amount of data on chains in normal mode and defers increased user responsibility in case of failures. This is a trade off, where a reduction in the on-chain overhead is traded off against a security model that is recovery-oriented.
This perspective of @Plasma makes it easy to see its strengths as well as limitations. It is not a system that is optimized to be user-friendly and has continuous application logic. It is a model of how the off-chain scaling does not affect the basic capability to reclaim assets. It is valuable as it is a formalization of a very simple yet important promise: regardless of the actions of an off-chain operator, users still have a way of returning to Ethereum.
The scaling problem is ultimately reflexed in plasma. It does not ask how to ensure systems continue to run and continue to run but how the users are kept safe when the systems are not running. @Plasma characterizes scaling as a matter of survival rather than performance by focusing more on recovering the funds than executing its implementation on an ongoing basis.
