Chia Blog

Why Chia Plots Aren’t Portable

by Chia Team

Our previous post detailed why the new plot format will not contain “useful” data. So, you might be wondering whether we could (or should) make the plots themselves portable. This would allow Plotting as a Service (PaaS) providers to create plots for farmers without obtaining any information from them. It would also provide a safe way for farmers to sell their plots. (The reason it is not safe to buy or sell existing plots is because they are not portable.)

Despite the improvements portable plots would afford, they would also introduce significant security risks, which we’ll explore in this post.

When you create a Chia plot, it is permanently tied to a public/private key pair. You can either use your own computer to create your plots, or you can have a PaaS provider create them on your behalf. In the latter case, you will need to send the provider your farmer public key, as well as either your pool public key or your pool contract puzzle hash. Each of these keys is public, so you don’t need to divulge any private information to a PaaS provider. This means that the provider cannot farm with your plots, even though they created them.

Whether you created your plots using your own hardware, or you went through a PaaS provider, only you have access to the private keys from which they were derived. Even though you own the plots, you cannot transfer them to another user without also giving away your master private key, which is never recommended. For this reason, Chia plots aren’t considered portable.

When thinking about the possible changes that would make plots portable, there are a few things to keep in mind:

  • When you form a new block using a proof from one of your plots, separate signatures are required from both your harvester and your farmer.
  • These signatures must come from the same private key that was used to generate the plot.
  • An adversary would need to compromise both your harvester and your farmer in order to create these signatures.
  • As long as your harvester and farmer have not been compromised, when your block is propagated across the network, nobody is able to remove your signatures and add their own.

One way to make plots portable would be to remove the requirement for these specific signatures. However, in that case, an adversarial timelord, or possibly even another farmer, could add their own signatures to your block and then propagate it, thereby stealing your reward. This is why plots need to be tied to specific keys.

In addition, keep in mind the pool’s address is directly encoded into each plot, either using the pool’s puzzle hash (for plots made with a plot NFT), or the pool public key (for OG plots). In both cases, this key/NFT ensures that a plot can only farm with one pool at a given time. If we removed this key/NFT from the plot format, then a given pool could not prevent its members from cheating by farming to multiple pools with the same plots.

Another idea to make plots portable would be to allow the owner to swap out their keys in favor of new ones. In this case, a new block would still require signatures from specific keys, but those keys could be changed at the owner’s discretion. However, this is not technically feasible. The reason for this has to do with how the plots are formed.

A given plot’s contents are generated deterministically from the plot’s ID, which is created by hashing two separate public keys together. If you recreate a plot with the same ID multiple times, the resulting plot’s contents will be identical each time. If you made the plot portable by allowing its owner to change its keys, the plot’s ID would also have to change because it is dependent on the keys. And because the plot’s contents are derived from its ID, the plot itself would need to be regenerated from scratch. This would be no easier than simply generating a brand new plot.

Under the current format, a plot’s ID and its contents are both inseparable from its keys. Removing the requirement to use keys would render the plot unsafe. Allowing the keys to be changed would necessitate replotting. This is why Chia’s plots likely cannot be made portable. While the new plot format will include some improvements such as making compression more difficult, the plots themselves will likely continue to depend on their owners’ keys.

See our documentation for more information on how keys and plot IDs are generated.