ERC-1078: Universal Login and Registration Using ENS Subdomains [DRAFT]

The Ethereum ecosystem continues to evolve with innovations that simplify user onboarding and enhance security. One such proposal, ERC-1078, introduces a novel approach to decentralized login and registration—eliminating the need for passwords, seed phrases, or centralized identity providers. This standard leverages Ethereum Name Service (ENS) subdomains and executable signed messages to create a seamless, secure, and user-friendly authentication experience.

By integrating concepts from ERC-725 (Identity) and ERC-1077 (Executable Signed Messages), ERC-1078 enables users to interact with dApps using temporary, device-specific keys while keeping their main identity and assets protected within a smart contract wallet.

This article explores how ERC-1078 works, its implementation steps, and its potential to redefine how we think about digital identity in Web3.

What Is ERC-1078?

ERC-1078 proposes a minimal, native Ethereum solution for replacing traditional login/registration flows. Instead of relying on usernames and passwords or even persistent private keys, it uses ENS names as identifiers and allows users to authenticate via short-term cryptographic signatures.

At its core:

• A user’s identity is represented by a smart contract.
• This contract supports ERC-725 (for identity management) and ERC-1077 (for executing signed messages).
• Users access services using an ENS name (e.g., alice.appname.eth) that resolves to their identity contract.
• Device-generated keys are used temporarily and can be revoked without compromising funds.

This model shifts the paradigm: Ethereum accounts act more like authentication tokens than permanent access keys.

How Universal Login Works

The login process under ERC-1078 is designed to feel familiar—similar to two-factor authentication—but operates entirely on decentralized infrastructure.

Step 1: Request the User’s ENS Name

The dApp prompts the user for their ENS name linked to an identity contract. If they don’t have one:

• The app can offer to create a subdomain under a domain it controls (e.g., user.dapp.eth).
• No duplicate input fields; smart UX detects intent (login vs. register) based on name availability.

👉 Discover how modern dApps streamline onboarding with decentralized identities.

This adaptive interface improves usability and reduces friction—critical for mainstream adoption.

Step 2a: Create a New Identity (For New Users)

When a user lacks an identity, the dApp facilitates creation through these steps:

1. Generate a local private key securely stored on the user’s device.
2. Deploy an identity contract supporting both ERC-725 and ERC-1077 standards.
3. Register the local key as the sole administrator (with optional recovery methods).
4. Assign an ENS subdomain and transfer ownership to the identity contract.
5. (Optional) Set up recovery mechanisms (e.g., social recovery or time-lock reset).

All steps can occur in a single Ethereum transaction, minimizing gas costs and complexity.

To optimize performance:

• Apps can pre-deploy "empty" identity contracts during low-gas periods.
• These placeholder contracts save deployment time when users sign up.

User experience remains smooth: they begin interacting immediately while background processes finalize.

Step 2b: Connect to an Existing Identity

For returning users, the dApp must request appropriate permissions based on functionality needs:

Permission Levels:

• Manager (Level 1): Full control over identity—add/remove keys, upgrade contracts.
• Action (Level 2): Execute transactions on other contracts (e.g., send ETH, swap tokens).
• Encryption (Level 4): Sign non-transactional data (chat messages, game moves).

Once the required level is determined:

1. Generate a new device key.
2. Resolve the ENS name to find the identity contract address.
3. Prepare a call to addKey(publicKey, level).

4. Broadcast the request via:

   • Whisper or peer-to-peer networks,
   • Web3 providers (web3.eth.sendTransaction),
   • Ethereum URI standard (EIP-681).

Example EIP-681 URL:

ethereum:bob.example.eth?function=addKey(address='0x...',uint=1)

5. Display a scannable QR code as fallback—ensuring accessibility across devices.

Users aren’t blocked during confirmation. Background syncing ensures continuity.

Step 3: Requesting On-Chain Transactions

After authentication, the dApp can initiate transactions using the authorized key.

Key Considerations:

• Not all actions require blockchain interaction. Signed messages suffice for off-chain use (e.g., chat, gaming states).

• For on-chain execution, gather:

  • to, from, value, data
  • Required signature count via requiredSignatures(level)
  • Estimated gasLimit (+100k buffer recommended)
  • gasPrice and gasToken (0 = ETH)

Then sign using the ERC-1077 message format.

Deployment Options:

• If only one signature is needed, the dApp backend may submit the transaction.
• Otherwise, broadcast via P2P networks or prompt secondary devices via QR codes.

Monitor the mempool for execution. Listen for the ExecutedSigned event to confirm success.

If a conflicting transaction appears (same or higher nonce), restart the flow gracefully.

Core Keywords

To align with search intent and improve SEO visibility, this article integrates the following core keywords naturally:

• ERC-1078
• ENS subdomain
• universal login
• decentralized identity
• smart contract wallet
• executable signed messages
• Web3 authentication
• non-custodial login

These terms reflect common queries around secure, passwordless access in decentralized applications.

Frequently Asked Questions (FAQ)

Q: Is ERC-1078 live on Ethereum mainnet?

A: As of now, ERC-1078 remains a draft proposal. While not officially standardized or widely implemented, it has inspired real-world projects exploring universal login patterns using ENS and account abstraction techniques.

Q: Does this eliminate seed phrases?

A: Yes—users never handle seed phrases directly. Their primary identity is managed by a contract, and device keys are temporary. Loss of a device key doesn’t compromise funds, only session access.

Q: Can I use my existing MetaMask wallet?

A: Not natively yet. MetaMask doesn’t support ERC-1078 directly, but future integrations with smart contract wallets (like those using ERC-4337 or Argent-style guardians) could enable similar functionality.

👉 Explore next-gen wallet experiences powered by smart contract logic.

Q: How does this prevent phishing?

A: Since each action requires cryptographic signing—and users approve key additions explicitly—the risk of credential theft is drastically reduced. No passwords mean nothing to steal.

Q: Who pays gas fees?

A: Typically, the dApp covers initial setup costs or passes them to the user. Gasless relayers or meta-transactions can also subsidize usage, especially during onboarding.

Q: What happens if I lose all my keys?

A: Recovery depends on how the identity contract was configured. Options include social recovery, time-delayed resets, or backup keys—ensuring resilience without centralization.

Implementation Outlook

While no live dApp fully implements ERC-1078 today, its underlying principles are gaining traction:

• Projects like Argent Wallet use guardian-based recovery.
• ENS-based profiles are becoming standard for social layers.
• Account abstraction (ERC-4337) brings similar UX benefits with broader flexibility.

Future improvements will focus on:

• Standardizing decentralized messaging (e.g., Peer-to-Peer networks).
• Open-sourcing deployment tools for reliable transaction relaying.
• Enhancing cross-device synchronization for seamless sessions.

Conclusion

ERC-1078 represents a forward-thinking vision for passwordless, non-custodial authentication in Web3. By combining ENS subdomains with executable signed messages, it delivers a user experience comparable to Web2 logins—without sacrificing decentralization or security.

As account abstraction matures and infrastructure improves, we’re moving toward a world where:

• Users own their identities,
• Devices act as secure auth tokens,
• And dApps onboard millions without compromising trust.

Though still in draft form, ERC-1078 lays foundational ideas that continue to influence modern identity solutions in Ethereum.

👉 Stay ahead of Web3 innovation with tools built for tomorrow’s decentralized world.