Account abstraction: The background and working principle of the resurgence

What is the background of the resurgence of account abstraction? How to understand the definition of abstraction in account abstraction and how does it work? With these questions, we specially invited Muzat, the co-founder of DroneLink, to start this podcast topic with everyone.
Introduction
The concept of account abstraction was first proposed in the protocol EIP-86 in 2017, with the goal of achieving "abstraction of transaction sources and signatures". The improvement of human accounts is a multi-year experiment. The wallet address that requires self-custody is both the user's "account" in the on-chain world, but also a major obstacle to users entering the Web3 world.
Account abstraction enables us to use smart contract logic to specify the effects of transactions, fee payments, and verification logic. This provides many important security advantages, including multi-signature, smart recovery wallets, the ability to change keys without changing wallets, and quantum security.
What is the background of the resurgence of account abstraction? How to understand the definition of abstraction in account abstraction and how does it work? With these questions, we specially invited Muzat, co-founder of DroneLink, to start this podcast topic with everyone: account abstraction, Ethereum account, and a new path to decentralization.Host: Kevin
(C3-Community Leader)
Guest: Muzat
(Co-founder of DroneLink, deeply involved in the financial technology field)
text
Q: Before we talk about account abstraction, we can start with the existing account types in Ethereum. What are the existing account types in Ethereum? How do they work?
The wallets that everyone holds are called EOA (Externally-owned account) in the Ethereum white paper, which is an external account for short. This is an account of a normal user and is held by an external entity of the Ethereum main chain. EOA accounts are created by Metamask or hardware wallet Ledger.
The corresponding account is called a contract account, abbreviated as CA. CA can only be created within Ethereum through other EOAs or other CAs, such as the commonly used DeFi protocols Uniswap, Compound, Aave, etc. Users can interact with protocols or contract accounts and perform a series of operations on tokens.
However, the more commonly used one is the EOA wallet.
Q: What are the advantages and disadvantages of EOA wallet for ordinary users like us?
Let me first explain the working characteristics of EOA. When users use traditional encrypted wallets to generate wallet addresses, they will receive a set of 12 or 24 mnemonics, from which a corresponding private key or multiple private keys are derived. This is essential when generating and importing wallets. This is called an EOA wallet in the Ethereum system. Depending on the operating environment, there are browser plug-in wallets, such as Metamask and Solana's Phantom. There is Tokenpocket on the mobile side, and hardware wallets also include Ledger, Treasure, etc., which are all EOAs, that is, the private key uniquely determines the public key, and the public key calculates the account address, and controls one's own account through the private key. The technical implementation relies on asymmetric encryption algorithms. This technology was relatively mature before the birth of Bitcoin, and today's e-commerce also uses this encryption method. The realization of the entire effect is still very convenient. As long as you use a computer or mobile phone on the user side, you can generate a pair of public and private keys.
But there is a bigger problem, that is, the account is hard-bound to your private key. To some extent, your private key is your account. If you lose your private key, your account is also lost. For example, suppose you have a luxury house in Tomson Yipin, and your private key is your home key. If your home key is lost, you will not be able to access the house. Or if your key is leaked and someone else knows what your key looks like, he or she will have the same permissions as you and can also access your house. You cannot change your private key. This is the biggest problem with today's traditional wallets or EOA wallets.
At the same time, the means of keeping private keys are not very convenient. If you write down your private keys or mnemonics on paper and put them somewhere, there is a possibility that the words on the paper will fade due to fire or long-term storage. Of course, you can buy private key steel plates online to store private keys, but these methods are not very friendly to novices or ordinary users, and there is a certain threshold for entering Web3.
Although several other types of wallets are not yet widely used, they are closely related to today's topic. They are called Smart Contract Wallets, which are wallet solutions built using CA. There are older smart contract wallets such as Argent and Gnosis Safe, as well as Chinese team projects such as UniPass Wallet. This part can be discussed in detail later.
Another wallet is called MPC (multi-party computation) wallet, which is also an EOA wallet in essence, because for blockchain, its account is still an EOA account, but its signature method is different from the traditional method. Its private key is not signed on the user side. In fact, the private key is divided into several fragments, and the user saves multiple backups or saves them together with the wallet provider, and multiple parties complete the calculation. Because MPC is a cryptographic concept, all parties participate in the calculation and get the result without revealing their privacy. In simple terms, the private key should be broken into two or three pieces, each party holds one, and they can calculate together without letting the other party know, and complete the same effect as the traditional EOA wallet signature. Well-known products such as Fireblocks, ZenGo, including Coinbase, which launched their semi-custodial solution in May last year. The user has one copy and Coinbase has one copy. If the user loses the backup, he can contact Coinbase to confirm that "you are you" and then let Coinbase help you restore it, but this is equivalent to giving up some autonomy, and Coinbase will know the specific identity of the wallet holder.
These are roughly the following solutions, which are also EOA types in nature, including traditional, MPC, and smart contract wallets built based on blockchain smart contract accounts.
Q: This reminds me of when I first entered this field. I applied for a Metamask wallet because I was still an "old bird" in the Internet field. However, I found that it took some time and effort to operate the wallet, including understanding the mnemonic phrase. What impressed me most was that I didn't take the mnemonic phrase seriously at the time. Later, I really lost it. I also found that it was really gone and could not be retrieved.
In fact, many people around me have lost their private keys or mnemonics, including some practitioners or technicians. Fortunately, you lost yours early, so you were alert. Because the security and convenience of the wallet are in conflict, everyone tends to prefer ease of use when they first use it, unless one day you lose your private key or it is stolen, then you will be alert.
Let me give you a few other examples. In December last year, distributed boss Shen Bo invested 500,000 OG in Ethereum as early as 2015. When he was transferring coins, his wallet private key was leaked and was monitored by hackers. He lost his wallet and the tokens were transferred away as soon as they arrived, resulting in a loss of approximately US$40 million in assets. There is another incident that happened in early January. A Bitcoin Core developer had some problems with his operation and lost about 200 bitcoins. Therefore, even if you invest in Bitcoin or Ethereum so early, or in technology developers like Bitcoin Core, you may lose your coins.
Because the private key of a traditional wallet is like a single point of failure, even if you make a small mistake, the property in your wallet cannot be recovered. For example, a few days ago, the founder of the Moonbird community was socially engineered and accidentally clicked a link, which resulted in the authorization of the wallet to hackers, and dozens of NFTs worth millions were transferred away.
So I think the current wallet security problem is still quite serious, especially the FTX incident that happened last year. Everyone realized that exchanges can also run away, so everyone wants to keep their assets in custody as much as possible. Although practitioners certainly hope that everyone will do so, and everyone has heard of the sayings of Not Your Keys, Not Your Coins, it is actually very difficult to do it as well as possible. For example, the "veterans" or senior practitioners mentioned above have lost coins. In the future, the new users who will enter the market in the next bull market have no corresponding theoretical basis and operational practice at all. Even if 10% of the assets are lost, it is very scary, so this problem must be solved. This is also the reason why abstract accounts are frequently mentioned today.
Q: I noticed that the concept of account abstraction actually appeared in 2015, but it seems that it has never attracted as much attention as it does today. Why has account abstraction suddenly become a hot topic in the industry? What is the background of this phenomenon?
This is a very good question, and I will talk about it from several aspects. First of all, I want to talk about the overall environment. We just talked about the problem of traditional wallets, which still has a great impact on users. There are also other issues, such as the gas fee model. In fact, most new users still find it difficult to understand this. For example, if you want to buy an NFT of the Polygon chain on OpenSea, you cannot do it if you don’t have Matic. You need to find a way to get Matic, which is still a relatively large threshold for many new users.
In addition, everyone knows that account abstraction actually corresponds to smart contract wallets. It is not a new concept. In fact, it has existed for a long time. Popular ones such as Argent actually started in the last bull market, in 2017 and 2018, but it did not become popular. In addition, smart contract accounts are actually "second-class citizens". They still have a series of problems. At present, they are only used in the fields of DeFi and NFT. At present, there is actually no way to implement asset management operations through smart contracts.
From the development history of Ethereum, people represented by Vitalik have had a vision for a long time, that is, they hope that users will have a smart account, and can operate everything with more than just a simple signature. As early as 2015, EIP101 had envisioned the design of the future version of the Ethereum account system. Its main idea is that each account should have its own code (business logic), but because this plan required a lot of changes and was not very compatible with the Ethereum transaction model at the time, it was not implemented.
However, relevant discussions are held every day, including the Ethereum Foundation proposing different EIPs. The more well-known ones are EIP4337 in 2021 and EIP2938 in 2020. It hopes that the smart contract account can pay the gas fee and execute transactions by itself, which is impossible to operate in the EVM, because in the design of Ethereum, there must be an external account to initiate transactions and pay gas fees before the transaction can be completed. But because Ethereum's goal at the time was to complete the ETH2.0 upgrade first, this EIP was shelved. It was not until 2021 that Vitalik proposed a more clever solution. This solution did not require modification of the protocol layer. It utilized the architecture generated by the popular Flashbots, and then used a customized Mempool to build an infrastructure, which realized the extraction of account abstraction transaction verification from the protocol layer and placed it in the application layer. This application layer is actually a standard initiated by the Ethereum Foundation. If you want to make a new smart contract wallet, you must follow this standard. So I think the Ethereum Foundation has always done a good job in setting standards, just like ERC20 (token standard) in 2017, ERC721 for NFT, and EIP4337 for account abstraction. In fact, it should be called ERC4337 now because it has entered the next stage of implementation.
This is the general historical background. First of all, there is the big environment. Traditional wallets are difficult for ordinary users and are not safe. Second, the Ethereum Foundation has long hoped that users' accounts can be able to execute some logic, which can be selected by users or implemented by application developers to achieve more possibilities. So this plan is not popular recently, but after many years of continuous discussion and continuous technological changes, it finally fell into EIP4337.
Q: If account abstraction is understood as two phrases, account and abstraction, then how do we understand the definition of abstraction?
In computer science, abstraction means extracting relevant parts from a large block and dividing them into small parts. It would be easier to understand if we use another word to explain it, which is actually modularization. Let me give you an example. TCP/IP, which is the network protocol, is the foundation of the Internet. It is actually a four-layer protocol. Earlier, there was a seven-layer protocol called OSI. They are typical examples of abstraction. It does not complete all the codes in one place, but each layer completes a part, and there is a clear interface definition between them. If you don't have a technical background, you can understand it as modularization.
Q: What advantages does a modular account like this have compared to existing accounts?
It may be easier to explain if we go back to the question we just talked about. The functional logic of EOA (traditional wallet) is written "dead" in the Ethereum virtual machine (EVM), and then makes a judgment. The first judgment is to determine whether the transaction is signed by the private key holder, that is, to confirm whether the signature is "correct". The second is to confirm whether there is enough gas fee in the account. The third judgment is Nonce, which can be understood as a counter to prevent replay attacks. These three logics must be judged and checked. Only when they are completed will it be determined that this is a reasonable transaction, and the package is sent to the block to complete the transaction.
Account abstraction can abstract the judgment just mentioned and hand it over to developers, that is, let developers define what the account does, which is actually a programmable way to set the standard for verifying the validity of transactions. With this function, developers can verify by verifying non-private keys and implement more "cool" functions.
In addition, the abstract noun of account may sound very "high-end" at first glance, but in fact it is a smart contract wallet. So from a certain perspective, we still have to admire Vitalik's ability to create words. Let me give you another example, which is SBT (SoulBound Token) proposed last year. In fact, it is a non-transferable NFT, but if it was called non-transferable NFT at the time, everyone might think it is "boring", but if it is called SBT, soul-bound token, the pattern is completely different.
So account abstraction, in a sense, is the ability to manage accounts using smart contracts. Don’t think about it too complicatedly.
Q: So what are the actual use cases for it? What actual scenarios will it be combined with?
A wallet account with account abstraction capability can actually be understood as a Turing-complete code. Just like why people say that Ethereum is a "transcendence" of Bitcoin, it is because the Ethereum blockchain can run smart contracts. In addition to the transfer activities that Bitcoin can also carry out, it can also make many business judgments. It is Turing-complete. However, the accounts on the Ethereum chain today do not have Turing-complete capabilities, only the contracts have Turing-complete capabilities. So if account abstraction can be implemented on Ethereum, then our accounts will have Turing-complete capabilities and implement a series of business logic that smart contracts can implement. So what can be done? Let's look at them one by one: We mentioned earlier that traditional wallets have relatively large security risks. If the private key is lost, the assets will disappear. It is a single point of failure, and a small mistake will lead to great losses. At this time, we can introduce multi-party authentication, just like in the traditional Internet, if we want to log in to a bank account, we need to enter the verification code received on the mobile phone, which is called MFA (multi-factor authentication). By introducing this method, we can upgrade the account, such as authorizing other private keys to operate our wallet for transactions; there is also a function called social recovery, which allows you to contact these people to help me recover if you lose your commonly used private key (you can set who or how many people) before the loss. Just like the example we gave earlier, if you lose your luxury house key, you can "change" the key in this way, and you still have the right to use the luxury house.
But this is still very different from the semi-custodial solution of the centralized exchange mentioned above, that is, the example of Coinbase, because this function is realized through account abstraction, no matter who you authorize, you can still take back the granted permissions, and the entire asset is still ultimately controlled by the user. Although many users enter Web3 through the path of centralized exchanges, and their experience is indeed very good at this stage, it is still impossible to completely rule out the possibility of their malicious behavior. After all, it is the centralized exchange that controls your assets, not running on smart contracts. By upgrading traditional wallets to account abstract wallets, it can be more secure.
The second scenario is that accounts can be configured to different roles or different spending strategies, and different people can achieve joint management. For example, in a company or DAO organization, different roles have different spending permissions, such as the finance department or ordinary cashiers, with different spending limits. The CFO can spend as much as he wants, but if the amount exceeds a certain amount, a higher-level person's authorization is required. The cashier may need to pay wages once a month, or the DAO organization needs to vote, and the vote can be taken in Snapshot, but it cannot be used to transfer money, and so on.
Another scenario is the gas fee we just talked about. The original model may affect the user experience and create a threshold. The introduction of account abstraction can support multiple payment methods, that is, you do not need to have the native tokens on the chain in your wallet account, and you can directly deduct other assets in your wallet. Or the other party can pay on your behalf, which may be a game developer or a social network, which greatly lowers the threshold.
In addition, there are scenarios for batch authorization and transactions. If you have interacted with the DeFi protocol on the chain, you know that to complete the tedious operations step by step, for example, if you want to pledge and borrow in Compound, you have to complete at least three steps. First, you need to authorize the Compound contract, then pledge the tokens, and finally borrow and lend according to the pledge rate. Each step requires confirmation and transaction operation, which consumes gas fees. But if the three steps can be packaged, you only need to sign once to correspond to three transaction operations, which is convenient and saves gas fees.
The functions mentioned above have been well implemented in an application, Lens Protocol, which is a decentralized social graph protocol that mainly runs on Polygon. It has an interesting innovative design, that is, through the design of the scheduler, users can sign and authorize another account, and Lens Protocol will also advance the gas fee for this account, so there is no need to pay gas fees when using Lens Protocol for some social functions, and your interactions will also be written to the chain. At present, Lens Protocol has processed more than 4 million transactions.
In addition, if you don’t want to be interrupted in a game scenario, you may want the game developer to help you with all interactions within 10 minutes or an hour, because the game play process does not involve the operation of a large number of assets. In this case, you can set a time period, make a temporary session, and generate a session key so that you will not be interrupted.
The last usage scenario is also often mentioned by the Ethereum Foundation, which is to upgrade the Ethereum signature algorithm through account abstraction. If a quantum computer comes out one day, its powerful computing power can break the ECDSA (elliptic curve signature) currently used by Ethereum. After implementing account abstraction, the signature algorithm can be upgraded modularly.
Q: So how can you explain how account abstraction works in a simpler way without using too many technical terms?
The principle of account abstraction we are talking about is actually discussed around the ERC4337 protocol standard. This standard was proposed by Vitalik and some developers of the Ethereum Foundation. Its biggest feature is that it does not require changes to the underlying protocol or the EVM.
It uses a customized Mempool (memory pool), which you can think of as a transaction that has not been packaged yet, staying somewhere, a bit like taking a train (blocks one by one). Getting on the train means that the block is "dead". Before you get on the train, you must wait in the waiting room. The Mempool can write a smart contract, and the user can then operate through the User Operation standard and call the developer-customized modular verification method just mentioned to confirm whether the transaction is reasonable. If it passes, the transaction will be written into the block.
The specific technical implementation is quite complicated, you can read some popular science articles I wrote before. In short, there is no need to change the EVM, but there is still a lot of work to be done, and to some extent it is run with the help of the EVM.
Q: Since we are talking about account abstraction and multi-party secure computing, we have also covered Cover-related topics in previous podcasts, including MPC, privacy computing, and DAOrayaki is also engaged in research on quantum computing. So we have also discussed whether quantum computing will break the bottom layer of the entire blockchain when it is truly promoted to the civilian stage. So what do you think of the combination of account abstraction and multi-party computing technology?
We have just briefly talked about the definition of MPC wallet. Let me repeat it here. In essence, it is still an EOA wallet, but the private key is not signed on the user client. In fact, the private key is broken into multiple fragments. The user or the MPC provider holds a part of the fragments, and finally multiple parties complete the calculation and encryption. When you need to sign, several fragments are pieced together to complete the calculation of the entire private key. The core idea here is to disperse control, thereby achieving the purpose of dispersing risks and avoiding single point failures.
For example, if a private key is divided into three pieces, then the hacker has to break into three pieces separately, and the difficulty increases suddenly. So the core principle is decentralization, and the way to achieve it is through algorithms. In fact, there are different algorithms. Some algorithms were developed earlier and are now more mature. They will really be divided into pieces, and then a private key can be reconstructed. This private key will remain intact in a certain computing environment for a certain period of time.
There is another method that has been mentioned a lot recently. It actually uses threshold signature (TSS). It will not reconstruct the private key. It uses more advanced cryptographic principles. The private key will not maintain a state in a certain computing environment. You can think of it as a network in which multiple parties perform rounds of calculations. This method is more secure, but there will be some problems with computing time.
In fact, MPC has been quite popular recently because everyone has realized a big premise, that is, wallets are really not safe. Either go in the direction of smart contracts or go in the direction of MPC. I just gave the example of Coinbase. In fact, there were many mature companies before Coinbase. There is a company called Fireblocks that has been in business for many years and has a certain market share.
In fact, MPC wallets and smart contract wallets have their own advantages and disadvantages. Let’s talk about the disadvantages of account abstraction first. The biggest disadvantage is the compatibility of account abstraction wallets, because it relies on smart contracts, and smart contracts are deployed to a certain chain, so it is bound to this chain. If it is deployed on Ethereum, then BTC and Solana cannot be supported. There are also many types of EVMs, such as Arbitrum and Polygon on Layer 2. If they are not deployed properly, there will be some security issues.
The second problem is the account abstraction wallet. Its operation logic runs on the chain, so it comes back to the issue of gas fees. Because its calculation consumes on-chain computing resources, its gas fee is definitely higher than that of traditional wallets. Therefore, the account abstraction wallet may take some time to develop on the Ethereum mainnet, because the gas fee of the Ethereum mainnet is currently relatively high. At the current stage, there is still a lot of work to be done, so it will definitely be developed on Layer 2 first.
MPC solves these two drawbacks. First, because its private key is completed off-chain, it naturally supports different chains. It only needs to support the corresponding encryption curve algorithm, most of which are supported by ECDSA elliptic curve signatures, so it has better compatibility. Second, it does not consume gas fees during the calculation process because it completes the calculation off-chain.
But this also leads to a big problem, that is, you need to trust the MPC provider and the computing power provided by the third party. For example, ZenGo itself said that if their server fails, the service will not be able to continue. If Coinbase receives a notice from the government one day saying that it wants to block a certain account, it may also stop. So this method sacrifices decentralization to some extent.
At this point, I would like to introduce our project AstroX, because after analyzing these situations, we think there will be a better solution, which can combine the advantages of account abstraction and MPC. Our innovation is to use the second chain to complete the entire cryptographic process. In fact, it is to use the advantages of MPC to run smart contracts on an independent chain to complete cryptographic calculations. At the same time, because it is independent of the target chain, it is still an EOA for the target chain, which can ensure compatibility. In addition, we also support smart contract wallets and realize composability on the public chain. So our solution is to select some public chains with strong cryptographic capabilities and build a set of computing models on them to support private key management of different chains, while realizing the ability of cross-chain account abstract wallets.
Q: Finally, let’s talk about an open topic. What do you think about the impact of account abstraction on the future development of the Web3 industry?
I think account abstraction is not just for the sake of narrative, because as mentioned earlier, this concept has appeared as early as 2015. I think this solution is actually the basis for Web3 applications to gain a larger number of users. Because Web3 can achieve self-control of assets, but the user experience is not good, while Web2's experience service is very good, but the data assets do not belong to you. So I think if account abstraction can be achieved, the advantages of both can be combined. For example, before the emergence of smartphones, the Internet has existed for many years, but it was not until the emergence of smartphones that everyone could access the Internet anytime and anywhere that there was a real opportunity to push the Internet to a larger scale of social applications and change human society. So I think we are still in a "Nokia era" where traditional wallets have limited functions.
Or to use another metaphor, for example, cars were not very safe in the early days because they did not have those safety standards, seat belts, airbags or ABS systems, but cars actually put the safety responsibility on the user, and then there may be many accidents later, so now there is a legal requirement to wear seat belts. The same is true for wallets. We can control our own assets, but the responsibility is too great, so with account abstraction, we can continue to add social recovery, multi-signature settings, and make them "standard". With standards, the industry will develop better. So we think this is a big opportunity.
Another thing I feel is that the competition in the field of wallet products is still very fierce, even as fierce as the competition in Layer 1 public chains. The competition in public chains is the competition on the underlying infrastructure, while wallets are user-oriented. Recently, there are also reports that Opensea and Uniswap are going to make their own wallets, which means that they are considering expanding their audiences after acquiring existing users, which will also squeeze the market space of traditional wallets.
But we also think the future is bright, because we are still in the "Nokia" era, and once the Ethereum Foundation launches standards like EIP4337, everyone will be back to the same starting line. For example, now everyone often uses Metamask. If they don't make progress, they may be surpassed by latecomers, so there are still many opportunities for practitioners. So I also look forward to communicating with friends and peers in the community to explore and build new scenarios. I think it is good to be a Builder in a bear market, so in a bear market, everyone should stick together and do more things.
Summarize
Thank you Teacher Muzat for sharing.
The reason why account abstraction is worth looking forward to is not only because it will significantly increase the number of users on the chain, but also because it will give developers a high degree of freedom to solve the pain points of the current account system and create new applications, gameplay and imagination space.
Although compromise solutions like EIP-4337 still have practical problems such as high gas prices and poor compatibility, vigorously promoting EIP-4337 is also an option for concept promotion and consensus enhancement.
As the concept becomes more popular, account abstraction and contract wallets will move from niche to mainstream, driving protocol compatibility based on user needs and forming a new account paradigm. Ultimately, under broad consensus, Ethereum has the conditions to directly change the underlying code to achieve account abstraction. This new account system will be more conducive to attracting new users and traffic to web3, stimulating the vigorous development of the ecosystem, and thus forming a virtuous circle.
C3-Community is a global, mutual data community where members use visualized data to create insights that spread. In C3, you can get help, build links, and exchange learning and research on blockchains such as Web 3, Metaverse, GameFi and DeFi. Many active, diverse, and highly engaged members inspire and support each other through the community, and a global user base is established to contribute data, share insights, and drive community development.