Will the next leap of Web3 happen in the "account system"?

On November 13, Vitalik Buterin announced the signing of the Trustless Manifesto, aimed at reflecting on the trust model of Web3 and proposing three laws to determine whether a system is truly Trustless: no key secrets (protocol steps do not rely on the private information of a single actor), no indispensable intermediaries (participants are replaceable and open), and no unverifiable outcomes (state changes can be reproduced from public data).

It is worth noting that on November 18, shortly thereafter, the Ethereum Foundation's account abstraction team proposed the “Ethereum Interop Layer” (EIL) plan, which is built on the ERC-4337 account abstraction standard and the principles of the “Trustless Declaration.”

Although the market has long had its criticisms of the Ethereum decision-makers' non-committal stance, objectively speaking, this indeed goes beyond mere philosophical discussions. If we want Web3 to reach billions of people, is the current account model sufficiently “accessible”? When users permanently lose their assets due to lost private keys, have we really achieved “self-sovereignty”? These questions are crucial.

This article will also start from the “Declaration” and attempt to explain why Ethereum needs Account Abstraction (AA), what the limitations of EOA are, and what kind of next-generation account experience AA represents.

1. What Problems Do Traditional Accounts (EOA) Have?

As we all know, the vast majority of accounts on the Ethereum network are still EOA, which are controlled by a pair of public and private keys, usually converted into a “mnemonic phrase” form of 12 or 24 words. This constitutes the most significant feature of cryptocurrency security in the eyes of newcomers—“private key / mnemonic phrase equals assets”:.

As long as the user holds the private key / mnemonic phrase of that address, the assets completely belong to the user. Neither the exchange nor miners can freeze, confiscate, or operate on your behalf.

However, at the same time, this complete decentralization is also like a double-edged sword, setting extremely high barriers for the large-scale adoption of assets:

• Cognitive threshold: Users must understand basic concepts such as public key/address, private key/mnemonic phrase, and Gas fees;
• Risk of Storage: Under the traditional EOA model, ownership is actually very fragile. Since “private key = account,” once the private key is lost or stolen, your ownership is instantly lost and cannot be recovered. There is no customer service or platform recovery service.

In simple terms, under the EOA mechanism, everyone is the first responsible person for the safety of their own assets. Because of this, new users are often reminded repeatedly that the mnemonic phrase should not be screenshot, should not be stored in a cloud drive, and it is best to write it down by hand and have multiple backups.

In addition, EOA has a typical feature, which is that to send any token, there must be ETH in the account as miner fees (Gas). This leads to many novice users being unable to take any action, even if they have 1000 USDT in their account, because they do not have ETH.

Objectively speaking, the experience of “having to buy one type of money before spending another” greatly hinders the adoption of Web3.

Lastly, it is a cumbersome process that is akin to “signing and sealing”, because the logic of EOA is “hard-coded” on the chain, with very limited functionality.

For example, when you buy and sell tokens on a decentralized exchange (DEX), you often need to click “Approve” once, sign once, and pay a fee; then click “Swap” once, sign again, and pay another fee. The entire operation process is not only cumbersome but also costly.

In the “Declaration of No Trust,” there is an important concept called “Accessibility.” If a system is technically trustless, but is so complex that only geeks can use it, then it is difficult for it to truly serve the public and cannot be called a “trustless public infrastructure.”

It is precisely because EOA has the aforementioned flaws that there has been exploration in directions such as account abstraction (AA).

2. What is Account Abstraction (AA)?

In simple analogy, if traditional EOA accounts are like the single-function “old Nokia”, then AA (smart contract accounts) can be understood as upgraded to programmable “smartphones”.

From the perspective of its development history, the underlying technical standards of AA have gone through multiple rounds of iteration and expansion, including proposals such as ERC-4337, EIP-7702, and EIP-3074. However, as ordinary users, we only need to remember the essence of AA, which is to decouple the account and private key, allowing the account to become a piece of code (smart contract):

Also, because the account essentially becomes code, its logic is no longer rigid, but programmable.

This means we can write various complex logic in the account, such as “who can use it”, “how much can be transferred daily”, “who pays the fees”, which were completely impossible to do in an EOA itself and had to rely on complex external contract wrappers.

Therefore, the gameplay of AA accounts can be diverse. For example, the security of traditional EOAs completely relies on that piece of paper with the mnemonic phrase; if lost, it is truly lost, with no remedy. In contrast, AA accounts support “social recovery,” allowing you to set up n guardians (your other devices, trusted friends, or even third-party organizations). When you lose your keys, you can generate a new key through guardian signatures, regaining control of your account.

At the same time, when a traditional EOA sends any tokens, the account must have ETH as Gas fees, which is a huge barrier for new users. However, AA accounts support Paymaster (a payment mechanism), allowing the application to pay Gas for you, or you can directly use USDT in your account to pay Gas, and even achieve seamless interaction.

So it is said that if EOA is a single-function “old Nokia”, then AA (smart contract account) is a programmable “smartphone”, by decoupling the account from the control logic, the account is no longer solely controlled by a private key, but rather by code (smart contract), which allows for the addition of more functions and security.

After all, for Web3 to reach billions of people, it must enable more actions to be on-chain and must reduce the psychological burden and operational costs for users to go on-chain.

3. What can AA accounts bring to ordinary users?

Overall, for ordinary users, we actually do not need to understand the underlying code logic, we just need to know that after upgrading to an AA account, our Web3 experience will undergo the following qualitative leap:

First of all, it benefits from mechanisms such as social recovery, which is expected to completely say goodbye to mnemonic anxiety.

This is also one of the core values of AA. Because the account is decoupled from the private key, you can set up a more user-friendly security logic, for example, you can set up 3-5 “guardians” (such as another phone/address of yours, trusted friends, etc.).

On this basis, when we accidentally lose our current phone, you can simply generate a “new key” through the guardian to regain control of the original account.

In short, the account is still there, the assets are still there, it's just that the key has changed. This is closer to the experience of modern financial services.

In addition, the AA account supports a feature called Paymaster, which completely breaks the spell of “must hold ETH.”

For example, any project party that wants to promote its offerings can actively help potential customer groups pay Gas fees to attract users, and users can experience it just like using a Web2 app, completely unaware of the existence of Gas.

Of course, if your account only has USDC, AA also allows you to directly pay Gas fees with USDC, and the backend will automatically complete the conversion, so you no longer need to specifically buy a little ETH for transfers.

signature

And since it is atomic trading, it means that either all steps succeed at once or all fail; there will be no gas wasted on chain submission due to a failure in any step, making it safe and efficient.

Finally, due to the built-in smart contract logic, AA accounts can achieve refined permission management, just like our bank accounts.

This means we can assign different levels to accounts and set a “daily limit” based on actual conditions - it can require multiple signatures for amounts over 1000 U, while amounts less than 1000 U can be paid without a password; or set a “black and white list” that only allows interaction with specific secure contracts.

Even if the private key is stolen by hackers, due to the limitations of quotas and whitelists, it is difficult for hackers to transfer all your assets in a short period of time.

Conclusion

As advocated by the “Declaration of No Trust”, a true “No Trust” system should not only belong to cryptographers and geeks, but should be accessible.

Account Abstraction (AA) is not intended to overthrow Ethereum, but rather to return to a “human-centered” approach. It compensates for the inherent weaknesses of humans in key management through the flexibility of code logic, clearing the last hurdle for the mass adoption of Web3.

With the gradual support of AA features by wallets like imToken, we have reason to believe that the future of Web3 will be a free network that not only offers a smooth experience akin to Web2 but also upholds 'self-sovereignty'.

And you just need to enjoy this change.