Account abstraction allows a contract wallet to initiate transaction execution. Thus, account abstraction is useful for preserving the privacy of externally owned accounts (EOAs) because it can remove a transaction issued from an EOA to the contract wallet and hides who issued the transaction by additionally employing anonymous authentication procedures such as ring signatures. However, unconditional anonymity is undesirable in practice because it prevents to reveal who is accountable for a problem when it arises. Thus, maintaining a balancing between anonymity and accountability is important. In this paper, we propose an anonymous yet accountable contract wallet system. In addition to account abstraction, the proposed system also utilizes accountable ring signatures (Bootle et al., ESORICS 2015). The proposed system provides (1) anonymity of a transaction issuer that hides who agreed with running the contract wallet, and (2) accountability of the issuer, which allows the issuer to prove they agreed with running the contract wallet. Moreover, due to a security requirement of accountable ring signatures, the transaction issuer cannot claim that someone else issued the transaction. This functionality allows us to clarify the accountability involved in issuing a transaction. In addition, the proposed system allows an issuer to employ a typical signature scheme, e.g., ECDSA, together with the ring signature scheme. This functionality can be considered an extension of the common multi-signatures that require a certain number of ECDSA signatures to run a contract wallet. The proposed system was implemented using zkSync (Solidity). We discuss several potential applications of the proposed system, i.e., medical information sharing and asset management.

翻译：账户抽象允许合约钱包发起交易执行。因此，账户抽象对保护外部拥有账户（EOA）的隐私十分有用，因为它可以移除从EOA发送至合约钱包的交易，并通过额外采用匿名认证流程（如环签名）隐藏交易发起者身份。然而，无条件的匿名在实际应用中并不可取，因为当问题发生时无法揭示谁应承担责任。因此，在匿名性与可追责性之间保持平衡至关重要。本文提出了一种既匿名又可追责的合约钱包系统。除账户抽象外，该系统还利用了可追责环签名（Bootle等人，ESORICS 2015）。该系统提供：（1）交易发起者的匿名性，可隐藏谁同意运行合约钱包；（2）发起者的可追责性，允许发起者证明其同意运行合约钱包。此外，基于可追责环签名的安全需求，交易发起者不能声称他人发起了该交易。这一功能使我们能够明确发起交易的相关责任归属。同时，该系统允许发起者将典型签名方案（如ECDSA）与环签名方案结合使用。该功能可视为通用多重签名的扩展——通用多重签名需一定数量的ECDSA签名才能运行合约钱包。我们基于zkSync（Solidity）实现了本系统，并探讨了其在医疗信息共享和资产管理等领域的潜在应用。