Most recently, I talked to the community about Account Abstraction. In this article, we'll figure out what it is and try to cover the topic in detail. The format of the article is answers to questions that were sent to me on the Newton.so website, as well as questions that I asked speakers on the 101 Account Abstraction podcast.

Account Abstraction is not just another chat topic. It's something that will allow crypto to go from geek love to mass use.

When the Internet first appeared, to create an account on a site you had to ask a moderator to create a login-password record in a database. A little later people thought of doing this automatically, then there were emails and the opportunity to reset the password if you forgot it.

The same development can be seen in Web 3.0. In this article, I'll try to get different people's theses about Account Abstraction (AA). Newton is a web3 Stack Overflow. As a dev there, I asked questions about AA to the community. We aired with pioneers who are implementing AA: Julien, co-founder of ArgentX, representatives of StarkNet, zkSync, and the owner of security company Ginger Labs. We asked them many different questions about AA.

What is AA in one sentence?

Abstraction means every account is a smart contract that can contain logic and implement flow, such as Social Recovery, Fraud Monitoring, Multi-calls, and so on. So really every account is a smart contract. Julien Nisel (Co-founder at Argent)

To me, it's about moving user authentication from the network to the smart contract and letting wallet designers decide how to authenticate their users. Henri (Dev Advocate at StarkWare)

For me, this is simply the future of blockchain and what will bring mass adoption. For me, account abstraction is the greatest thing that happened to crypto since smart contracts, and I really do believe it. Gershon Ballas (Founder at Ginger Security)

What is an abstract account?

Account abstraction is a new paradigm to make blockchain accounts programmable. To first understand AA, you need to understand how things work today. Then I will explain what’s unique and new about account abstraction.

The Status Quo

• Today there are two account types on Ethereum: Contract Accounts and Externally Owned Accounts (EOA, basically that last one is regular user accounts).
• For anything to happen on-chain a transaction must be initiated and paid for by an EOA.
• The way you control an EOA is through its private key. You use this private key to create a signature that proves to the blockchain it’s your account.

Why it doesn’t work

1. In this setup, your private key makes you vulnerable. If you lose it, you lose your account and all your funds. Recently, a friend of mine inadvertently uploaded his main private key to a public GitHub. A scanning bot instantly picked it up and drained his account of all his savings. $15,000 worth of tokens.

2. The main issue is that the system is rigid and hard-coded. You can implement multi-signature smart contract wallets like Gnosis Safe, but the default is this: you get an account with a key and if you lose your key, you're screwed.

3. The alternative of custodial accounts like Coinbase is not ideal. If they get hacked, you have the same problem. It's even worse than when many credit card numbers are exposed after a hack. Because you cannot implement maximum transaction amounts on a classic EOA account, the hacker could drain all your funds in one transaction. It's a single point of failure and makes it super easy for governments to seize or freeze all your money arbitrarily, like Canada's Justin Trudeau recently did by cutting protestors he didn't like out of the financial system.

   How does AA improve everything?

• Account Abstraction unifies Contract Accounts and EOAs. It makes user accounts more ‘programmable’. You remove the logic of signing transactions from the account, and you “abstract” it out, hence account abstraction.
• This unlocks much more flexibility, you could code an account for multi-sig, 2-factor authentications, withdrawal limits, and expiration on keys… It is a bit similar to what Revolut Virtual Cards brought to credit cards.
• This is very very exciting because it allows the non-custodial blockchain UX to scale. (Can you really imagine the security risk of letting your parents manage their private keys when their email password is “Miami1973”, they always forget it, and wrote it in on a desk post-it?)

Victor Forissier, Founder at Newton

How do abstract account wallets interact with private keys?

Account abstraction is a paradigm for blockchain systems where assets are held by smart contracts exclusively, not by externally-owned accounts (EOAs).

As such, any kind of account contract can be coded, and your question may have as many answers as there are account contract implementations.

There are a few key questions about key storage in a new "Account Abstraction" paradigm:

1. Can I recover my key if I lose it? A properly generated key cannot be recovered if it is lost. However, your smart contract can implement specific logic in case you lose it. For example, it could be set up to allow another key to take over if the original key does not interact with the contract for a certain period of time.
2. Can I have a keyless wallet? If you can find a way to authenticate the user safely without using a key, you can implement it in your smart contract. Communal wallets, where anyone can perform any action, are also possible with this paradigm.
3. Can I easily create new wallets like in Metamask's "Add Account" feature with only one seed phrase? Yes, it is possible to easily create new wallets with only a single seed phrase, similar to the "Add Account" feature in Metamask.

This information is based on the answers from the thread.

Why do we talk about Account Abstraction right now?

Well, we've been talking about it for the past five years. But more seriously, I think the reason is that it is gaining momentum and traction now. Blockchain is a technology that is still under development and is constantly evolving.

You need to have a solid foundation, and you want that technology to support a large number of users. So we've really been focused on the core technology and scaling. And of course, if you look at the narrative of Ethereum, it has been about proof of stake and scaling for the past two years. Now it is clear that billions of users need to use the blockchain. The next question is, "OK, but how are users going to interact with that blockchain?"

The current model of interacting with the blockchain relies on EOAs, which means that users need to protect a password. It's never going to scale, and that is something we realized four or five years ago. Right now, the ecosystem is reaching that point. We've solved the scaling problem, so the next problem is, "OK, now we can on board people, but they are realizing that there needs to be a paradigm shift and that we need to find different ways for users to manage their self-custody." Something I usually say in my talks about account abstraction is that account abstraction is really about scaling the UX of self-custody.

Finally, we are at the stage where Account Abstraction is the next technological challenge on our road to bringing this technology to billions of users.

Julien Nisel (Argent)

What are great examples of our account abstraction in the enterprise world?

I think it opens up so many possibilities. For example, imagine Netflix or Disney Plus where you can have an account for your family and sub-accounts within your account where you have larger control. This can be easily done with account abstraction, where you have the permission to configure the sub-accounts and determine what they are allowed to watch.

This concept can also be applied to the physical world. Imagine a family going to a theme park, where everyone has their own account and the parent can control which attractions the children are allowed to go to. I think account abstraction really opens up a lot of incredible possibilities for bringing blockchain technology to a larger-scale use case.

Right now, in the current bear market, people are not just talking about making more money. It's opened up space to discuss more interesting things, more innovations, and how we can build something that will get us to a bull market again. I think enterprise applications are one of the things that will really help us achieve large-scale adoption.

Ramon Canales (Product at zkSync)

Why do companies such as StarkNet support Account Abstraction?

We're standing on the shoulders of giants. You know, account abstraction is not a very new idea. As Julien said, they've been working on it for a few years now. The thing is, like a lot of things in the blockchain space, once a network is deployed, it is hard to evolve and maintain backward compatibility.

Introducing something like account abstraction years after launching is much harder than introducing it from the beginning. So, we took advantage of coming after established networks like Bitcoin and Ethereum and implemented account abstraction from the start. Hopefully, we'll make some contributions to the space and, in a few years, when a new network arrives, they'll build on our shoulders too.

Henri (Dev Advocate at StarkNet)

What’s the difference between zkSync and StarkNet regarding Account Abstraction?

I think the main difference is that zkSync is EVM-compatible, meaning it is tailored for developers to build with Solidity code. This is one major difference for sure, and there are probably many other smaller ones. The single implementations are different, and so are the underlying apps. For example, the language used is Solidity in zkSync vs Cairo in StarkNet.

But the main concept, that every smart contract or EOA is a smart contract account, is similar.

I think this is the most important thing for developers to understand, and the ability for any kind of account to initiate transactions is the coolest thing about account abstraction, in my opinion.

Ramon Canales (Product at zkSync)

Is it secure to use Account Abstraction?

In terms of the security benefits of account abstraction, we are working on a project in the ideation phase that does not want to follow FTX. They want their users to know their funds are secure and to self-custody them, but they also want to have an easy sign-up process like that of a CEX. In short, they want the ease of use of centralized exchanges with the security of a DEX.

They asked for possible solutions, and we discussed different options. But I think what they need is account abstraction. With this, a person could sign up for an exchange using their email or any other method, and the exchange could be made custodial but provable in such a way that, when the user wants full custody of their funds, they could simply do it and have it implemented over account abstraction in a provable manner.

This is just a very simple use case that I saw from my work this week, but it shows how account abstraction is already leading to advancements in security. I think this is especially relevant right now, as we are hopefully moving from centralized crypto CEXs to real decentralized crypto. With the advances in account abstraction and UX, this will hopefully become possible.

Gershon, Founder at Ginger Security

Additional resources about Account Abstraction

• 101 Account Abstraction: answers to dev and non-dev questions
• Julien Niset - Why account abstraction on L2 matters
• Julien Niset: WTF is Account Abstraction: Part 1, Part 2, Part 3
• Can you explain what is Abstract Account?
• Does Account Abstraction work on Mobile?
• What’s the difference between Account Abstraction (AA) and Externally Owned Accounts (EOA)?
• How will work an account abstraction wallet with the key?
• Newtonso thread about Account Abstraction

About projects

Argent – a cryptocurrency smart-contract wallet that allows users to securely store, manage, and interact with their digital assets. It is designed to be user-friendly and it is one of the first wallets which has native support for Account Abstraction

zkSync – Short for zero-knowledge (zk), it is an EVM-compatible Layer 2 scaling solution (ZK-Rollup) on Ethereum that offers low gas and fast transactions, without compromising on security

StarkNet – StarkNet is a permissionless decentralized Validity-Rollup (often referred to as ZK-Rollup). It operates as an L2 network over Ethereum, enabling any dApp to achieve unlimited scale for its computation – without compromising Ethereum's composability and security

Ginger Security – white-hat web3 security company providing security advisory, end-to-end penetration testing, and smart contract audits

Newton – The place to share knowledge. A tokenized platform to ask and answer questions about blockchain and web3 where you can put bounties for your questions and improve the speed of software development

About the author

Aleksandr Malyshev is a software engineer and entrepreneur, who specializes in backend development and growth hacking. He is an experienced lead at Open Innovations who hosts and organizes well-known Eastern Europe software competitions. Aleksandr is the former Executive Officer at Steinbeis Consulting Center AI (STAI) in Stuttgart. Currently, he is working in Web3 and is involved in researching new technologies.