Welcome to the Kresus Blog, today we’ll demystify the concept of account abstraction. Here at Kresus, we are incredibly excited to be utilizing this innovation as it allows us to provide the user with new levels of flexibility and security. In this article, we’ll break down account abstraction in a way that’s approachable for both beginners and crypto natives alike.
Account Abstraction in a Nutshell
In a nutshell, account abstraction is the unification of externally owned accounts and contract accounts into a single smart contract account. It aims to enhance the flexibility of the Ethereum system by allowing Contract Accounts to verify and execute transactions on behalf of users, eliminating the requirement that they control every aspect of their account. This opens up possibilities for new account services and features, such as programmable EOAs or more user-friendly password recovery systems, thereby improving the overall user experience and security in the crypto space.
The Kresus Super App
- Cutting edge security. Total transparency
- Easy to set up. Impossible to get locked out
- A dynamic place to learn, collect, and connect
Get it now. Scan the QR code
EOA’s vs Contract Accounts
As we explained earlier, account abstraction blurs the distinction between contract accounts and EOA’s, but what does that mean? Before Account abstraction, all EOAs were dependent on a private key and could only be used to initiate transactions. Essentially, they can be thought of as a user interface for chain interactions. Alternatively, Contract Accounts are controlled by a contract code and can be used to interact with transactions initiated by EOAs. Now that we’ve outlined the differences between EOAs and Contract Accounts in broad strokes, we can go into a little more detail.
EOAs are controlled by a private key
EOAs are controlled by a private key, and hence, by the user. Essentially, EOAs serve as the user’s interface with the blockchain. Controlled by the user’s private key, EOAs can send and receive assets using their public key as an address. As an added level of security, an EOA can’t have both a private key and the ability to execute code. This is the core idea behind a decentralized network: no single party can force an execution of code because the executors and the code itself are separate entities. As a result, to facilitate blockchain interaction an EOA has to engage with an impartial keyless third party, a contract account.
Contract accounts are controlled by a contract code
EOAs are excellent for sending and receiving assets, but their functionality is limited—they cannot execute any code. Going back to our original analogy, if we think of an EOA as an interface with the blockchain, we can think of contract accounts as the actual blocks on the chain.
Imagine a user who wants to trade coins for an NFT. For this exchange to occur, both ends of the trade need to verify themselves, and a third party (a Contract Account) needs to execute the exchange. Contract Accounts have a public address and a series of instructions for execution, but no private key, and are incapable of executing code without an EOA initiating them to do so.
By separating EOAs and Contract Accounts, users can securely maintain their assets, and transactions can be anonymous and secure. However, this method has some drawbacks.
EOAs and the Pressure of Sole Ownership:
Because EOA’s are dependent on contract accounts to execute code, they cannot offer many of the common account services linked with web2 accounts. For example, EOA’s don’t service an account recovery program. Consider a web2 based email app, if a user forgets their password, account recovery is relatively simple. The user tells whoever runs the app that they forgot the password, the app asks the user to verify their identity, and once they do so they’re granted access to a password recovery page. However, this flow is dependent on the app owner having constant access to a backdoor to all user accounts. In web3, this isn’t allowed, as having a backdoor opens up security vulnerabilities and limits user autonomy.
Offering a third-party app access to an EOA via its secret key would compromise its security, and therefore the common practice password recovery method cannot be applied. As a result, if a user loses access to their account, they are likely locked out for good.
Similarly, because there is no third-party moderator for EOA’s, there is no fraud detection. If a user accidentally publishes their private key somewhere on the web, they are vulnerable to a malicious actor draining their account.
The burden of complete account responsibility can deter many potential crypto users, preventing them from becoming early adopters in the coming web3 wave. Luckily, there is a solution: this is where account abstraction steps in.
Account Abstraction: Unifying EOAs and Contract Accounts
The distinction between EOAs and Contract Accounts has been foundational to Ethereum’s design, but account abstraction proposes a strategic shift in the way that EOAs and contract accounts communicate. Account Abstraction (AA) allows contract accounts to verify and execute transactions on behalf of users, eliminating the need for users to personally oversee the process. By using account abstraction, we can now make EOA’s ‘programmable’. That is, we can securely attach code to EOA’s then can be coded to execute certain events without needing the user’s private key to sign off on the transaction.
Let’s explore an example of how account abstraction can aid in password recovery.
Account Recovery Using the Kresus Guardian System
Smart contracts introduce a new possibility: naming a guardian account for password recovery. Here’s how it works:
When a new user creates an account, they can designate a guardian who can assist in password recovery. Upon doing so, an Abstract Account (AA) is created. This AA contains code that, when triggered by the guardian’s private key and the user’s email permission, restores access to the user’s account. This process allows secure account recovery without third-party involvement
Account abstraction is an exciting development in the blockchain space, offering new ways to address some of the challenges inherent in the current Ethereum model. By blurring the lines between EOAs and Contract Accounts, it presents solutions that can significantly enhance user experience and security, as demonstrated by the Kresus Guardian System for account recovery. As we continue to embrace and utilize these advancements at Kreusus, we aim to provide a seamless and secure platform for our users, navigating the intricate web3 landscape with confidence. Stay tuned for more insights and updates as we delve deeper into the fascinating world of blockchain technology.