An account is an entity with an ether (ETH) balance that can send transactions on blockchain network. Accounts can be user-controlled or deployed as smart contracts.

Types of accounts

There are two types of accounts:
  • Externally-owned account (EOA) – controlled by anyone with the private keys
  • Contract account – a smart contract deployed to the network, controlled by code.
Both account types have the ability to:
  • Receive, hold and send ETH and tokens
  • Interact with deployed smart contracts

Key differences

Externally-owned account
  • Creating an account costs nothing
  • Can initiate transactions
  • Transactions between externally-owned accounts can only be ETH/token transfers
  • Made up of a cryptographic pair of keys: public and private keys that control account activities
Contract account
  • Creating a contract has a cost because you're using network storage
  • Can only send transactions in response to receiving a transaction
  • Transactions from an external account to a contract account can trigger code which can execute many different actions, such as transferring tokens or even creating a new contract
  • Contract accounts don't have private keys. Instead, they are controlled by the logic of the smart contract code

Fields in an account

Ethereum accounts have four fields:
  • nonce – A counter that indicates the number of transactions sent from the account. This ensures transactions are only processed once. In a contract account, this number represents the number of contracts created by the account.
  • balance – The number of wei owned by this address. Wei is a denomination of ETH and there are 1e+18 wei per ETH.
  • codeHash – This hash refers to the code of an account on the Ethereum virtual machine (EVM). Contract accounts have code fragments programmed in that can perform different operations. This EVM code gets executed if the account gets a message call. It cannot be changed, unlike the other account fields. All such code fragments are contained in the state database under their corresponding hashes for later retrieval. This hash value is known as a codeHash. For externally owned accounts, the codeHash field is the hash of an empty string.
  • storageRoot – Sometimes known as a storage hash. A 256-bit hash of the root node of a Merkle Patricia trie that encodes the storage contents of the account (a mapping between 256-bit integer values), encoded into the trie as a mapping from the Keccak 256-bit hash of the 256-bit integer keys to the RLP-encoded 256-bit integer values. This trie encodes the hash of the storage contents of this account, and is empty by default.
A diagram showing the make up of an account


A cryptographic pair of keys constitutes one account: a public key and a private key. In addition to preventing forgeries, they provide proof that transactions were actually signed by the sender. By signing transactions with your private key, you are granted custody of the funds associated with your account. Cryptocurrency is not actually held by you - you only hold private keys.
A transaction sender can always be verified, so malicious actors cannot broadcast fake transactions.
Alice needs to create a transaction request and send it to the network for verification before sending ether from her account to Bob's account. By using public-key cryptography, Ethereum ensures that Alice is able to prove she initiated the transaction. In the absence of cryptographic mechanisms, a malicious adversary Eve could broadcast a request like "Send 5 ETH from Alice's account to Eve's account," and no one could verify that it wasn't Alice's request.


When you want to create an account most libraries will generate you a random private key.
A private key is made up of 64 hex characters and can be encrypted with a password.
The public key is generated from the private key using the Elliptic Curve Digital Signature Algorithm. You get a public address for your account by taking the last 20 bytes of the Keccak-256 hash of the public key and adding 0x to the beginning.
Here's an example of creating an account in the console using GETH's personal_newAccount
11> personal.newAccount()2Passphrase:3Repeat passphrase:4"0x5e97870f263700f46aa00d967821199b9bc5a120"5 26> personal.newAccount("h4ck3r")7"0x3d80b31a78c30fc628f20b2c89d7ddbf6e53cedc"8 3
It is possible to derive new public keys from your private key but you cannot derive a private key from public keys. This means it's vital to keep a private key safe and, as the name suggests, PRIVATE.
To sign messages and transactions which output a signature, a private key is needed. In that case, others can use your signature to derive your public key and verify who sent the message. Using a javascript library, you can send transactions over the network from your application.


Contract accounts also have a 42 character hexadecimal address:
The contract address is usually given when a contract is deployed to the Ethereum Blockchain. The address comes from the creator's address and the number of transactions sent from that address (the “nonce”).


In Ethereum, there is also another key type introduced with the change from proof-of-work to proof-of-stake consensus. These are called 'BLS' keys and they are used to identify validators. In order to reduce the amount of bandwidth required for the network to reach consensus, these keys can be aggregated efficiently. A validator would have to stake much more if key aggregation wasn't used.
Last modified 11mo ago