Why accounts and not UTXOs
Bitcoin, along with many of its derivatives, stores data about users’ balances in a structure based on unspent transaction outputs (UTXOs): the entire state of the system consists of a set of “unspent outputs” (think, “coins”), such that each coin has an owner and a value, and a transaction spends one or more coins and creates one or more new coins. A user’s “balance” in the system is thus the total value of the set of coins for which the user has a private key capable of producing a valid signature.
Blacknet jettisons this scheme in favor of a simpler approach: the state stores a set of accounts where each account has a balance (as well as specific internal data), and a transaction is valid if the sending account has enough balance to pay for it, in which case the sending account is debited and the receiving account is credited with the value.
The benefits of UTXOs are:
- Higher degree of privacy: if a user uses a new address for each transaction that they receive then it will often be difficult to link accounts to each other. This applies greatly to currency, but less to arbitrary dapps, as arbitrary dapps often necessarily involve keeping track of complex bundled state of users and there may not exist such an easy user state partitioning scheme as in currency.
- Potential scalability paradigms: UTXOs are more theoretically compatible with certain kinds of scalability paradigms, as we can rely on only the owner of some coins maintaining a Merkle proof of ownership, and even if everyone including the owner decides to forget that data then only the owner is harmed. In an account paradigm, everyone losing the portion of a Merkle tree corresponding to an account would make it impossible to process messages that affect that account at all in any way, including sending to it. However, non-UTXO-dependent scalability paradigms do exist.
The benefits of accounts are:
- Space savings: for example, if an account has 5 UTXO, then switching from a UTXO model to an account model would reduce the space requirements from (20 + 32 + 8) * 5 = 300 bytes (20 for the address, 32 for the txid and 8 for the value) to 20 + 8 + 2 = 30 bytes (20 for the address, 8 for the value, 2 for a nonce(see below)). Additionally, transactions can be smaller (eg. 100 bytes in Ethereum vs. 200-250 bytes in Bitcoin) because every transaction need only make one reference and one signature and produces one output.
- Greater fungibility: because there is no blockchain-level concept of the source of a specific set of coins, it becomes less practical, both technically and legally, to institute a blacklisting scheme and to draw a distinction between coins depending on where they come from.
- Simplicity: easier to code and understand. Concept of UTXOs is often confusing for new users.
- PoS: Although it is possible to shoehorn proof-of-stake into a UTXO paradigm, such a paradigm is much more complicated and ugly than just using accounts.
One weakness of the account paradigm is that in order to prevent replay attacks, every transaction must have a “nonce”, such that the account keeps track of the nonces used and only accepts a transaction if its nonce is 1 after the last nonce used. This means that even no-longer-used accounts can never be pruned from the account state.