📝 Add account abstraction content

starknet-edu · Apr 13, 2023 · 2d12456 · 2d12456
1 parent 5f9963c
commit 2d12456
Show file tree

Hide file tree

Showing 5 changed files with 144 additions and 88 deletions.
diff --git a/chapters/modules/chapter_7/nav.adoc b/chapters/modules/chapter_7/nav.adoc
@@ -1,4 +1,4 @@
-* xref:aa_intro.adoc[Chapter 7:Account Abstraction]
+* xref:index.adoc[Chapter 7:Account Abstraction]
 ** xref:why_aa.adoc[7.1: Why Account Abstraction?]
 ** xref:aa_what.adoc[7.2: What is Account Abstraction?]
 ** xref:starknet_aa.adoc[7.3: StarkNet Account Abstraction Model]

diff --git a/chapters/modules/chapter_7/pages/aa_intro.adoc b/chapters/modules/chapter_7/pages/aa_intro.adoc
diff --git a/chapters/modules/chapter_7/pages/aa_what.adoc b/chapters/modules/chapter_7/pages/aa_what.adoc
@@ -4,86 +4,40 @@
 
 == Account Abstraction - Definition(s)
 
-Let us take a quick look at some popular definition(s) of account abstraction.
+Let's explore some popular definitions of account abstraction:
 
 ____
-Definition 1: AA is when a *smart contract can pay for its own transactions* (https://www.youtube.com/watch?v=Osc_gwNW3Fw[Martin Triay, Devcon 6]).
-In other words, abstract contracts (or account smart contracts) can pay for transactions.
-Note, it is not the same as Externally Owned Accounts or Smart Wallets.
+Definition 1: Account Abstraction (AA) is when a *smart contract can pay for its own transactions* (Martin Triay, Devcon 6)[1]. In other words, abstract contracts (or account smart contracts) can pay for transactions. Note that this is not the same as Externally Owned Accounts or Smart Wallets.
 ____
 
 ____
-Definition 2: AA is *validation abstraction*.
-In L1 there is only one way to validate transactions (retrieve an address from a signature, look at that address in the state, determine if the nonce is OK for the transaction that was sent and if the account has enough balance to perform the transaction).
-With AA, you *abstract the validation process*: use different types of signatures, cryptographic primitives, execution processes, etc.
-(https://app.devcon.org/schedule/9mvqce[lightclient, Devcon 6]).
+Definition 2: AA is *validation abstraction*. In L1, there is only one way to validate transactions (retrieve an address from a signature, look at that address in the state, determine if the nonce is OK for the transaction that was sent, and if the account has enough balance to perform the transaction). With AA, you *abstract the validation process*: use different types of signatures, cryptographic primitives, execution processes, etc. (lightclient, Devcon 6)[3].
 ____
 
-_*Note: In computing, the term abstraction is used to generalize something.
-In this case, we are generalizing smart contracts: from the existence of Externally Owned Contracts (EOA) and Contract Accounts (CA) to simply smart contracts._
+_*Note: In computing, the term abstraction is used to generalize something. In this case, we are generalizing smart contracts: from the existence of Externally Owned Contracts (EOA) and Contract Accounts (CA) to simply smart contracts._
 
-== So what?
+== Application of Account Abstraction
 
-According to:
+AA aims to make self-custody more accessible and more secure by allowing for (among others):
 
-* Martin Triay (Open Zepellin), AA means https://www.youtube.com/watch?v=Osc_gwNW3Fw[huge improvements in onboarding, user experience, and security].
-AA is the future of crypto UX and security.
-* Julien Niset (Argent), AA means scaling self-custody which is https://www.youtube.com/watch?v=OwppworJGzs[a requirement for onboarding the next billion users].
-* Vitalik, https://app.devcon.org/schedule/9mvqce[smart wallets should be the default] and AA is the key step.
-* Yoav (Ethereum Foundation), https://app.devcon.org/schedule/9mvqce[AA is key security].
+1. Hardware Signer: Sign transactions and messages using your biometric identity, with a key generated and protected by your smartphone's secure enclave (Starkware)[4].
+2. Social recovery: Securely replace the key controlling an account in case it's lost or compromised, eliminating the need for seed phrases (Julien Niset, 2022)[5].
+3. Key rotation: Change the keys controlling your account if they're compromised, instead of moving all your assets.
+4. Session keys: Sign in once, and allow websites to act on your behalf without requiring constant approval for transactions. This brings a more familiar web2 experience to web3 applications.
+5. Custom transaction validation schemes: Choose from various signature schemes, multisignatures, and other security rules (Martin Triay, Devcon 6)[1], (Julien Niset, 2022)[5].
 
-== Use cases (some of them, invent one!)
+AA also enhances security by offering:
 
-AA promises to put programmability into every Ethereum wallet, and unlock new frontiers for both developers and users (https://app.devcon.org/schedule/9mvqce[AA Panel, Devcon 6]).
+1. Better key management: Add devices to your wallet, allowing for access even if you lose one device. This improvement in key management enhances security (Yoav, Devcon 6)[6].
+2. Different signature and validation schemes: Implement additional security measures, like 2-factor authentication, for large transactions. This enables better security by adapting to each user's specific needs (Yoav, Devcon 6)[6].
+3. Custom security policies: Tailor security schemes to suit different types of users or devices, and adapt good practices from the banking and web2 sectors (Yoav, Devcon 6)[6].
 
-Among other things, AA allows:
+In summary, AA unlocks new possibilities for developers and users in the Ethereum ecosystem, promising a more secure and user-friendly experience. By enabling various validation schemes and improved key management, AA brings the potential for wider adoption and a better user experience.
 
-* https://medium.com/@starkware/how-starknet-is-revolutionizing-crypto-signing-ba3724077a79[Hardware Signer]: Sign transactions and messages on Braavos wallet using your biometric identity, with a key that is generated and protected by your iPhone/Android secure enclave.
-* Social recovery: In case a user's private key is lost or compromised, AA allows wallets to add mechanisms to securely replace the key controlling the account.
-Never worry about seed phrases again (https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/[Julien Niset, 2022])!
-* Key rotation: If your keys are compromised, instead of moving all the assets, you can rotate the keys and that is it.
-(XXX look more about this)
-* Session keys: Signing with your face or finger to your cellphone or your favorite apps is possible with AA. Session keys are a set of permissions given to a website so, for example, you can sign in once and then the website can act on our behalf without you having to sign each time for each transaction. This is Web2 experience.
-* Guardians
-* Custom transaction validation schemes.
- ** Different signature schemes: You can use Ethereum signatures, Bitcoin signatures, both if you want.
-The user could prefer a more gas-efficient signature, or a quantum-resistant one.
-Use the secure enclave of iOS and Android devices to turn every phone into a hardware wallet (https://www.youtube.com/watch?v=Osc_gwNW3Fw[Martin Triay (Devcon 6)], https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/[Julien (2022)]).
- ** Multisignature: Change who can sign each week.
-Support fraud monitoring;
-inspect every transaction to make sure it complies to defined security rules, and prevent users from sending assets to a scam address or incorrect contract.
-(https://www.youtube.com/watch?v=Osc_gwNW3Fw[Martin Triay (Devcon 6)], https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction[Julien (2022)]).
+== References:
 
-These are just some ideas.
-More is still to come.
-
-== Security
-
-There are many ways AA helps security in Ethereum.
-The following were mentioned by https://app.devcon.org/schedule/9mvqce[Yoav at Devcon 6]:
-
-* Key management: Being able to add devices to your wallet so your wallet is not associated with the seed phrase, but if you lose your phone you can access it with your computer. This improves security,
-* Different signature and validation schemes: You could, for example, spend small amounts freely but if you are sending a large amount the dapp or the wallet could ask for another type of signature similar to the 2 Factor Authorization. This is common in centralized exchanges. 
-* Different security policies for different types of users: With EOAs (L1) we only have a single policy; if you have the key then you can do anything, else without the key you can't do anything. With AA, for example, we could create a security scheme for enterprise accounts and another one for individual users. Again, copy good practices in the banking and web2 sector.
-* Different security policies for different devices: For example, a phone can send a maximum amount of tokens and for a computer, there is a limit unless you validate in some way (2FA). For this to happen we need to be able to implement different signature schemes according to each device (e.g., a computer does not use the same curve as an android phone). The EOAs support only a type of curve that is incompatible with most devices. With AA you can use several devices with the same account. Users will no longer have a different wallet on each device; one for the computer, one for the phone, and one for the Ledger. 
-
-== Why has it not been implemented in Ethereum's L1 yet?
-
-According to Julien Niset (https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/[2022]), the key is to eliminate EOAs.
-No EIP has yet addressed this.
-It is understandable since this would implicate multiple changes to the heart of the protocol;
-and day by day, as the value secured by Ethereum increases, implementing AA gets more difficult due to the coordination required (https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/[Julien Niset, 2022]).
-
-If it is so important, then why does Ethereum already supports it?
-This is an example of the limitations of the EVM that can be surpassed by a new Virtual Machine such as the Cairo VM.
-Proposals to implement AA have been made since the early days of Ethereum and they have constantly been "repeatedly pushed back in favour of more urgent changes." (https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/[Julien Niset, 2022]).
-It is uncertain whether it will be implemented in next Ethereum versions even after the Merge.
-
-The creation of new L2 VMs focused on scalability allowed for advances in its implementation;
-Starknet and ZKSync have native AA inspired by EIP4337, considered the best proposal by experts such as Argent's Julien Niset (https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/[2022]).
-It seems as if key proponents of AA, like Julien, have lost hope that EOAs are eliminated and AA is implemented at the core of Ethereum;
-Argent is now pushing for the widespread adoption of AA through L2s like Starknet.
-
-== Contributing
-🎯 +++<strong>+++STARKer: +++</strong>+++ This book is an open source effort, made possible only by contributions from readers like you. If you are interested in making this resource better for other users - please suggest a change by following the instructions https://github.com/starknet-edu/starknetbook/blob/main/CONTRIBUTING.adoc[here].
-🎯
+[1] Martin Triay, Devcon 6: https://www.youtube.com/watch?v=Osc_gwNW3Fw
+[2] Julien Niset: https://www.youtube.com/watch?v=OwppworJGzs
+[3] lightclient, Devcon 6: https://app.devcon.org/schedule/9mvqce
+[4] Starkware: https://medium.com/@starkware/how-starknet-is-revolutionizing-crypto-signing-ba3724077a79
+[5] Julien Niset, 2022: https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/
diff --git a/chapters/modules/chapter_7/pages/index.adoc b/chapters/modules/chapter_7/pages/index.adoc
@@ -0,0 +1,46 @@
+[id="IntroToAA"]
+
+= Introduction to Account Abstraction
+
+_*Disclaimers: This tutorial cites various stakeholders, any errors or misunderstandings in this tutorial are the fault of interpretation._
+
+The crypto ecosystem is at a critical crossroads. Ethereum, as one of the leading platforms, faces a monumental challenge: embracing Account Abstraction (AA) or risking the very essence of what crypto stands for - decentralization.
+
+AA is a vital and game-changing innovation for Ethereum. It holds the key to improving onboarding, user experience, and security (Martin Triay, Devcon 6)[1]. More importantly, AA is the cornerstone for scaling self-custody, which is crucial for onboarding the next billion users (Julien Niset)[2]. The future of Ethereum, and by extension the entire crypto landscape, depends on the success of AA.
+
+Additionally, quantum computers pose a serious menace to the cryptographic ecosystem, with the potential to break traditional security measures and signatures. Account Abstraction can help us confront this threat head-on by enabling the use of different signature schemes, including quantum-resistant ones, to secure our assets.
+
+Without AA, Ethereum will struggle to offer users the seamless, secure, and empowering experience they deserve. This could lead to a mass exodus of users flocking to centralized exchanges and wallets, which directly contradicts the ethos of decentralization that underpins the crypto revolution.
+
+The dangers of centralized control are all too familiar: censorship, discrimination, and the potential for abuse of power. By ensuring that AA is a central feature of Ethereum's evolution, we protect the core values that drive the crypto community and strengthen the foundation of the decentralized economy.
+
+StarkNet is currently leading the charge in implementing AA at the protocol level, acting as a "proving ground" for what AA will look like in the future. With many brilliant minds from several different organizations working together, StarkNet aims to revolutionize the way we approach security, user experience, and self-custody in the crypto space.
+
+
+== Why has it not been implemented in Ethereum's L1 yet?
+
+Account Abstraction: A Simple Explanation
+
+So, what's holding it back from being implemented in Ethereum's Layer 1 (L1)?
+
+The main issue lies in the removal of Externally Owned Accounts (EOAs). Implementing AA would require significant changes to Ethereum's core protocol. As the value secured by Ethereum grows, the coordination needed to implement AA becomes increasingly difficult.
+
+Although AA is vital, Ethereum hasn't supported it yet because of the limitations of its Ethereum Virtual Machine (EVM). There have been proposals for AA since the early days of Ethereum, but they have been repeatedly postponed in favor of more urgent changes.
+
+The development of new Layer 2 (L2) Virtual Machines focused on scalability has allowed for progress in implementing AA. Starknet and ZKSync, for example, have native AA inspired by EIP4337 – a proposal considered the best by experts like Argent's Julien Niset.
+
+Many AA proponents, like Niset, seem to have lost hope that EOAs will be eliminated and AA will be implemented at Ethereum's core. Instead, they're now pushing for the widespread adoption of AA through L2 solutions like Starknet.
+
+
+== References:
+
+[1] Martin Triay, Devcon 6: https://www.youtube.com/watch?v=Osc_gwNW3Fw
+[2] Julien Niset: https://www.youtube.com/watch?v=OwppworJGzs
+[3] lightclient, Devcon 6: https://app.devcon.org/schedule/9mvqce
+[4] Starkware: https://medium.com/@starkware/how-starknet-is-revolutionizing-crypto-signing-ba3724077a79
+[5] Julien Niset, 2022: https://www.argent.xyz/blog/part-2-wtf-is-account-abstraction/
+[6] Yoav, Devcon 6: https://app.devcon.org/schedule/9mvqce
+
+Other texts:
+* https://hackernoon.com/what-is-account-abstraction-and-why-is-everyone-talking-about-it
+* https://ethereum.org/en/roadmap/account-abstraction/