In the blockchain world, users use their accounts to construct and send transactions. To verify transactions, an important step for consensus nodes is to “verify user identity”.

Based on the philosophy of decentralization, in the blockchain world, there is no centralized account management node, instead, users create and manage their own accounts. Account models widely used today are built upon the public-key cryptographic technology. Users generate a key pair locally and use the public key to create an account according to certain rules. When creating a transaction, users use the private key to sign the transaction and add it to the transaction data. The blockchain then verifies the user identity by verifying the signature. Under this model, there is no need for a registration process, accounts can be “instantly created and used”.

In reality, the blockchain technology focuses on “the private key users hold” instead of “the users who hold the private key”.

If someone is unfortunate enough to have lost their private key, they will also lose access to their accounts and the assets therein. This tells us that private key is key to verification, therefore users must keep their private key safe, which is a big difference between blockchain and traditional centralized services.

In centralized systems, user accounts are collectively managed by service providers. These accounts are at heart owned by service providers and users only have the right to use these accounts.

Service providers typically use a combination of “account name + password” to verify user identity. The password is the key information that the user has. When the user loses the password, he can apply to the service provider for a reset. Since the account is actually in the hands of the service provider, it only needs to reset the password and re-authorize the user after using the auxiliary means to verify user identity.

In this centralized environment, users need to believe that the service provider will not abuse their accounts and related data. With blockchain technology, ownership will be kept in the hands of users, and each user is responsible for their own account.

The blockchain model provides the basis for better self-sovereign management and privacy protection. Since users must use their private keys to access their accounts, they must be more careful.

There are several ways to improve this zero fault-tolerant account model. A common multi-signature account that supports threshold control is one of them.

For example, an account with a (t, n) threshold can be verified as long as there are t signatures of n keys. Thus, even if one of the keys is inadvertently lost, the account can be accessed by another key.

However, multi-signature account schemes of blockchain projects today mostly create accounts by n independent keys constituting the multi-signature group according to certain rules and traverses and verifies all the signatures of the transaction to see if the threshold is met. This type of multi-signature account does not support key recovery or updates. When users need to replace the key, they need to create a new account.

One way to improve this is to build an account system using a secret sharing algorithm. The basic idea is to use an algorithm to split the private key into multiple shares and each share can generate a part of the signature. Once a threshold number of shares is reached, a complete signature can be formed.

This algorithm supports the update of secret shares, and the updated shares are not compatible with the old ones, making the old shares invalid. Therefore, the account thus constructed can reset the shares while keeping the account (private key) unchanged when the shares are lost or stolen.

Another simpler and more straightforward method is to decouple the account from the key. The user account is represented by a key-independent string and is bound to the user’s public key on the blockchain through registration. The registered account can then bind and unbind the public key arbitrarily. When operating the account, any signature that can be verified by the public key can be used to verify the account. On top of this, more complex and diverse control logic can be set as needed, and this account system greatly increases flexibility.

ONT ID, Ontology’s decentralized identification protocol, is precisely using this model. Users can generate independent key pairs for different devices and applications and bind them to the same ID. Even if one of the keys is lost, users can still use other keys to unbind the lost key and bind new keys.

Account system is a major challenge when developing and promoting blockchain technology. From algorithms to product design, only a secure and user-friendly account system can draw more users.