Currently, Penumbra tooling uses the following words:
- Wallet: a group of logical accounts, with common spending keys and viewing keys
- Account: a logical bucket of funds with segmented balances
- Address: an opaque pointer to a specific account.
The reason for this terminology was to encourage users to use logical accounts with a common viewing key, rather than creating multiple viewing keys (which requires scanning the chain multiple times). However, this terminology has proved to be somewhat confusing, and introduces UI friction.
Instead, it seems better to migrate to the following terminology:
- Account: the entire collection of per-user state controlled by a given spending key
- Sub-Account: a logical bucket of funds with segmented balances
- Address: an opaque pointer to a specific sub-account.
In other words, what was “account” becomes “sub-account” and what was “wallet” becomes “account”.
This means that supporting multiple keys within Prax would be easier (for instance, supporting a hardware wallet or supporting view-only accounts), since this would map to the existing “account” concept.
This also opens the possibility of distinguishing sub-account 0 in the UI as some other term, like “Main Account”.
2 Likes
To me the strongest argument here is that with different custody backends one naturally will want to manage different “wallets” within the same interface, so this makes sense.
I’m not sure about simply moving things up, mainly because the difference between “account” and “sub-account” seems hard to explain.
Personally, I think the hierarchy should become “wallet” > “vault” > “account” > “address”.
One thing I like about this is that “wallet” can have the usual ecosystem meaning of both denoting a particular piece of software (prax, autc.) and also a particular instance of that software managing the keys you care about.
I like “vault” because it emphasizes how different vaults are focused on providing different security mechanisms (potentially). E.g. “this vault is secured by a hardware device”, “this vault is secured by threshold custody”, etc.
1 Like
Yes, multiple custody backends is a consideration. However, users might assume that they need to create multiple accounts to have privacy, when on Penumbra this isn’t the case and would increase their client-side work.
One motivation for using the term “account” for “everything visible by a given viewing key” is that the “connect wallet” permissions for Prax are scoped that way (to align with the actual visibility scoping in the protocol) and that in other ecosystems, the “connect wallet” permission is also scoped to specific accounts.
Using “account” in this way means that there’s a clearer story about permissioning, disclosure (the FVK discloses an entire account), etc, and it’s more aligned with the rest of the ecosystem.
We shouldn’t use the word “vault” because that’s generally referring to programmatic strategies, something that Penumbra doesn’t do.
2 Likes