New account generation for beneficiaries

To ensure secure and automated on-chain transactions, we prefer using Ethereum accounts exclusively. However, many intended recipients may be unfamiliar with Ethereum due to its niche status. We've explored options to strike a balance between security and user-friendliness, and landed on new account generation with the private key stored a QR code.

The web3.eth.accounts.create() API creates a new Ethereum account using a random process to generate a public key and a private key pair.

• When you call web3.eth.accounts.create(), Web3.js uses a source of random entropy (a random string of bits) to generate the private key. Entropy can be obtained from the environment (e.g. from the operating system) to ensure that these random values ​​are truly unpredictable.

• Generate Private Key: The private key is a 256-bit string (64 hex characters) generated from that random number. This key is unique and unpredictable.

• Generating a Public Key: The public key is generated from the private key using elliptic curve cryptography (ECC) on the secp256k1 curve, a standard curve used in the Ethereum system.

• Generating an Address: The Ethereum address is generated by hashing the public key (using the Keccak-256 hash function) and taking the last 20 bytes of the hash value. This address is unique and can be used to receive or send transactions on the Ethereum network.

• Storing the Private Key: When you use web3.eth.accounts.create(), the private key is not stored anywhere by Web3.js itself. It is simply returned as a JavaScript object, and the storage or security of this key is entirely up to the user.