Ethereum Upgrade Could Make It Harder to Lose All Your Crypto
Ethereum developers are hard at work trying to make its blockchain more user-friendly.
One of the downfalls of crypto is the costliness of simple screw-ups. For instance, if a user loses the keys to their crypto account, they could lose access to their crypto holdings forever. In the face of this and other potential pitfalls, it’s vastly easier to lose your money in crypto than in traditional banking.
Blockchain developers increasingly recognize that human error is an inevitability, meaning it will be difficult to push crypto into the mainstream without fail-safes and better ease of use. One of those innovations is a concept called “Account Abstraction.”
Account Abstraction (AA) aims to use smart contracts to execute crypto transactions, by creating certain validity rules. With AA, users won’t need to sign off on every transaction with one’s private keys.
“We're going to be at a point in the future where using an Ethereum account, it's going to be just as simple as using a bank,” said Kristof Gazso, a co-author for an Ethereum Improvement Proposal (EIP) on AA. “People won't have to make that trade off of like, ‘Hey, you know, I like decentralization, but also, it's a pain in the ass to use Ethereum.’”
Ultimately, through AA, developers want to make Ethereum as usable as a traditional fiat bank account, so users can make transactions more easily, program automatic bill payments and more.
But before understanding how AA could change the nature of how one may use crypto, it's important to understand how Ethereum transactions operate today.
Accounts on Ethereum: EOAs and CAs
On Ethereum, users have the ability to create two types of accounts: External Owned Accounts (EOA) and Contract Accounts (CA). The two account types differ in terms of how they initiate transactions over Ethereum’s network.
EOA’s, the typical account-type for Ethereum users, are the type of account you use if you have used a wallet provider such as MetaMask and Coinbase Wallet.
With an EOA, users are given a pair of keys: a public and a private key. Anyone can send funds to an EOA using its public key. But only the account’s owner – whoever has access to the account’s private key, which should be kept secret – can actually initiate transactions from the account.
CA’s, better known as “smart contracts,” are like mini computer programs that live on the Ethereum network. These accounts are controlled by code – not private keys – but they cannot initiate transactions themselves; an EOA needs to send a transaction (which you can think of like a message or instruction) to a CA in order for it to make transactions of its own.
The problem with EOAs comes down to human error. “One key has complete admin control over your account,” said Gazso, the co-author of the EIP 4337. “If you lose it, too bad, you've lost all control over your account forever.”
If you lose a private key to an EOA account, there is no help desk or key recovery process (like a “password reset” button) that can help you regain access to your funds.
“Humans are the biggest security flaw in Ethereum account management,” Gazso added. While there’s no concrete data on how much ETH is lost due to forgotten keys, Bitcoin accounts use a similar private key system to that on Ethereum. According to a Chainalysis report, up to 23% of all bitcoins in circulation (or around 3.79 million BTC) could be lost forever because of forgotten keys.
And forgotten keys aren't the only problem. If someone (think, hackers) gets their hands on a person’s private key, they gain complete control over that person’s funds.
How does Account Abstraction work?
Account Abstraction addresses the shortcomings of EOAs by merging them with CAs – allowing people to create user accounts with built-in fail-safe mechanisms and other special features for verifying transactions.
As Ethereum co-founder Vitalik Buterin described in a 2021 blog post, “instead of [smart contract code] just being used to implement the logic of applications, it would also be used to implement the verification logic (nonces, signatures…) of individual users’ wallets”
Under account abstraction, user accounts could be programmed to include social recovery systems where several people – each with a key of their own – have the ability to return an account to its owner should the owner lose access to the private key.
One could also create “multisig wallets” that hand account ownership over to a group – requiring multiple different parties to sign off on transactions as a sort of extra layer of security.
Accounts under AA could also avoid some of the other hard-coded limitations of EOAs. They could, for instance, define how users pay gas fees. Currently, under EOAs on Ethereum, users have to pay gas in ether (ETH). But with AA one can choose to use a different cryptocurrency to pay gas with (like DOGE), or you can assign someone else (like a parent or friend) to pay gas fees.
All of these systems are possible to implement today using CAs, but with a significant degree of complexity and overhead (i.e., gas costs) due to the requirement that all transactions are initiated by an EOA.
How to achieve full implementation of Account Abstraction?
There are a bunch of proposals that aim to add AA to Ethereum, with the most prominent being EIP-4337. “It really is the first proposal which achieves Account Abstraction without requiring a hard fork,” Gazso said.
The key advantage of EIP-4337 is that implementing it won’t require any changes to Ethereum’s core protocol. The proposal would just add a new account abstraction layer atop Ethereum’s core protocol – enabling wallet providers to create user-owned accounts that use smart contracts to set the rules for initiating transactions.
So if all these tools are currently available, why isn’t account abstraction more widespread?
The answer to that is momentum. It’s obviously not easy to build a new wallet, launch it and ship it to people. “Convincing people to try out new technology, new wallets, is a very difficult task,” Gazso added. That is why people who do initially start their crypto journey turn to something that has been around longer or that has been battle-tested, like a MetaMask wallet.
So finding people to implement these new technologies seems to be the biggest bottleneck for account abstraction. But the tide for that seems to be changing.
What’s cooking with Account Abstraction?
Some layer 2s on Ethereum are leading the way to natively integrate AA. StarkWare, the company behind the StarkNet blockchain, is already live with Account Abstraction. Eli Ben-Sassion, the co-founder and president of StarkWare, told CoinDesk that Account Abstraction could be used in the future to “use your facial recognition or biometrics to basically authorize [crypto] payments,” sort of like how FaceID can activate credit card payments for iPhone users. “The infrastructure for doing this is now possible on Starknet,” Ben-Sasson added.
Last month, Visa also announced its proposal to eventually use Account Abstraction to deploy automatic payments with StarkNet infrastructure. This would emulate automatic payments in a bank account to pay bills, except now it could be done on the blockchain.
Other firms, such as Gnosis Chain, are looking to integrate Account Abstraction into their infrastructure. Gnosis Chain co-founder Stefan George told CoinDesk: “Slowly, interest in AA is increasing as more and more developers and users become aware of the potential.”
Gazso reiterated that 2023 will be “the year for Account Abstraction,” noting that it is currently one of the most widely discussed topics in the ecosystem.