When interacting with blockchain networks we use a wallet that contains our private key. We sign transactions with this key, using asymmetric cryptography, to verify our identity on-chain and that allows us to interact with virtual currencies or smart contracts.
Account abstraction allows us to pay for transaction fees on behalf of the users, so the blockchain interaction has a better user experience. Each transaction represents an action of what we want to do exactly, however when using account abstractions we have generally think in intents and fulfillment as the users submit partial submissions that represent their intentions and not actual transactions.
Instead of directly using the wallet to create a transaction that instructs the blockchain what to do, we express our intention to do something in a cryptographically secure way and let a solver create the transaction for us and fulfill it, in exchange for some transaction fees.
DebitLlama achieves this using zero-knowledge proofs that contain the parameters of an intent and are linked to a connected account via a smart contract. These invariants power the service and reduce trust. The way DebitLlama works is trustless, however we choose to solve all intents instead of letting the whole market participate, for now.
So for account abstractions generally we still need to interact with the wallet, a wallet abstraction however allows us to completely remove the wallet from the equation. Traditional account abstractions use wallet signatures, we however use secrets verified via zero-knowledge proofs, which are more flexible and allow us to store them outside the wallet.
ZKP Secrets are currently stored on-chain encrypted with an asymmetric key and a symmetric key, which is specified by the user,
The final decryption happens in the browser and DebitLlama has no knowledge about the secrets at any point.
DebitLlama currently implements password based wallet abstraction which only works on the secure checkout provided by the application. It allows the user to create a proof that approves the subscription payments from his connected wallet. After this, the payments will be automatically fulfilled by the DebitLlama service.
The future of wallet abstraction
Currently passkeys or "webauthn" is an authentication protocol built into the browser that allows a user to authenticate without a password by connecting an authentication device like a smart phone or yubi key.
Generally this protocol is not flexible enough for wallet abstractions, however the latest iteration of the protocol available in the chrome browser allows us to write and read a largeBlob object via it's interface, which lets us use the authentication protocol as a secure storage scoped to access credentials.
This will be great in the future as we can store the secrets there and we can automatically sync passkeys with all our devices!
However, right now only the latest versions of the browsers support this largeBlob feature on the desktop and still not available fully for mobile. Adoption is lagging. But we are looking forward to integrate passkeys into our stack!