Accounts, addresses, private keys & wallets
How ownership is managed on DLTs.
Account Types
In distributed ledger technology (DLT), tokens and assets are assigned to DLT accounts (also known as blockchain accounts) to establish ownership. DLT accounts come in two versions:
- Externally Owned Account: Controlled by cryptographic key pairs.
- Smart Contract Account: Controlled by smart contract code combined with the smart contract's data.
Only Externally Owned Accounts (EOAs) can authorise and sign transactions. These EOAs consist of primarily a public and private key pair generated for use by an asymmetric encryption algorithm. The public key creates a unique identifier for this account. But as public keys are long, it is better to find a more appropriate reference.
Public permissionless DLT networks
In these networks, the owners of each account are not known, so hashing the public key leads to a condensed account reference known as an address. For instance, an Ethereum address is appended with 0x and is followed by the last 20 bytes (in hexadecimal format) of the keccak-256 hash of the public key.
Because no account authorisation is required, users can compute a cryptographic key pair locally on their machine (or outsource this feature to a wallet provider - such as Overledger's Authorise). In public permissionless DLT networks, an individual user can control one or more DLT accounts.
Permissioned DLT networks
In these networks, the owners of each account are more likely to be known so that they can have more personal account references, such as 'Alice Smith' or 'Bob Jones'. A certificate may be required to authorise DLT accounts in a permissioned DLT network.
Because identity is usually more tightly controlled. Even though users can still compute a cryptographic key pair locally on their machine (or outsource this feature to a wallet provider - such as Overledger's Authorise), they may also be required to be certified by a certificate authority before they can submit transactions to change the ledger.
Wallet Types
A DLT account can be stored and or generated in different locations, each with its own security considerations:
- Hardware Wallets: These dedicated devices generate and store the keys securely offline, offering the highest level of protection.
- Software Wallets: Mobile or desktop applications can generate and manage keys, but they require careful security practices to avoid compromise.
- Key Management Services (KMS): Cloud-based services can generate and store keys for users, where they introduce a trusted third party and potential security risks. It is possible to using Overledger for testnets only.
Wherever you store your DLT account, its private key will need to be accessible by a digital signing algorithm when it is required to sign transactions.
Updated 8 months ago