Ledger Live and Ledger hardware wallets are now compatible with ENS, for a better User Experience.
Things to know:
- Ledger Live and Ledger hardware wallets can now securely use ENS domain addresses thanks to the new Ledger Trusted Name Service.
- Ledger Trusted Name Service is a tech solution that aims to ensure that each ENS / Ethereum hexadecimal address mapping is securely transmitted to your hardware wallet.
- ENS makes managing addresses easier, and simultaneously reduces the risk of transaction mistakes, significantly enhancing security in the crypto field.
- This new compatibility aims at simplifying your experience when managing digital assets through Ledger’s ecosystem. For the time being, we support ENS on the Ethereum blockchain, while more networks will soon be available. Stay tuned.
A key hurdle frequently encountered by crypto enthusiasts relates to the intricacies of managing cryptographic address formats. Take, for instance, Ethereum addresses, which are constituted by a chain of 42 hexadecimal digits:
This not only complicates the user onboarding but also introduces several risks. Errors can easily slip in while copy-pasting an address, and minor yet strategically placed alterations in a series of hexadecimal characters can go unnoticed. Such scenarios create opportunities for hackers to tamper with your address, as demonstrated in this article about ‘address poisoning’ scams.
The current method of exchanging value through hexadecimal addresses is similar to the process of typing an IP address in your browser to visit a specific website. The majority of users find comfort in the conventional “ledger.com” format, which we can certainly agree is more user-friendly.
Our mission at Ledger is to simplify the cryptocurrency user experience without ever compromising on security. Luckily, the cryptocurrency community has already worked on a solution to meet this crucial challenge: ENS.
Understanding Ethereum Name Service
What is ENS?
ENS (short for Ethereum Name Service), is a decentralized domain name system built on the Ethereum blockchain. It aims to enhance the user experience by simplifying complex Ethereum addresses. Instead of using the standard hexadecimal address, an ENS user can define an alias in the form of a simple, human-readable name.
ENS makes managing addresses easier, and simultaneously reduces the risk of errors in transactions, significantly enhancing security in the crypto sphere.
Sounds more simple, right?
How does ENS work?
The first step is to register a name. From a standard Ethereum account, anyone can pay to register a .eth domain name of his choosing, much like you’d register a .com domain name for a website. This is done by using an app such as https://app.ens.domains which allows you to map a name and an address using the ENS smart contracts to store it in the Ethereum blockchain.
When someone uses vitalik.eth to send funds or interact with it in any way, the ENS resolver smart contract takes the human-readable address and matches it with the associated Ethereum address previously stored. In short, it looks up the name in its registry and finds the corresponding address. This address is then used in the transaction.
Since the ENS contract is deployed on the Ethereum blockchain, it is both highly decentralized and secured. The smart contracts maintain the mapping between names and addresses, ensuring that this information can’t be changed without the consent of the domain name owner.
The challenge: displaying ENS on a trusted display
In practice, a wallet can easily obtain the hexadecimal address linked to an ENS (resolution), and vice versa – the ENS tied to a hexadecimal address (reverse resolution). Due to the immutability and decentralized nature of blockchains, if you send funds to the wrong address, you can’t undo that action. Therefore it is capital for users to be 100% sure to whom they’re sending their funds. For that reason, all our hardware wallets feature a display controlled by the Secure Element of the device, making it completely malware or virus resistant and which can’t be controlled by a phone or a laptop. This allows the device to clearly show what the user is about to sign and confidently review his action.
“What you see is what you sign.”
The challenge arises when realizing that the Ledger hardware wallet doesn’t even know what an ENS is. Indeed, the ENS doesn’t exist in the transaction raw data. ENS simply offers a more accessible way to interpret hexadecimal addresses. In reality, the Ethereum protocol operates exclusively using hexadecimal addresses – similar to how the internet relies on TCP/IP.
To allow your hardware wallet to display an ENS, it needs the mapping between a hexadecimal address and a human-readable address. Ledger developed a secure infrastructure solution to facilitate this: Ledger Trusted Name Service.
The solution: Ledger Trusted Name Service
The Ledger Trusted Name Service is a technical solution that we’ve created, to ensure that each ENS / Ethereum hexadecimal address mapping is securely transmitted to your hardware wallet.
Since all ENS registrations and transactions on the Ethereum network are public on the blockchain, Ledger can read those and build an index of names and hexadecimal addresses.
As this data will eventually be shown on the hardware wallet’s trusted display, it’s paramount that the information cannot be tampered. Thus, a digital signature is attached to each mapping. The private key used to sign all the data is securely stored within a Ledger Hardware Security Module (HSM).
This process makes it possible to provide the first secure and tamper proof mapping between ENS and hexadecimal addresses.
Now, whenever the Ledger hardware wallet needs to process a transaction, it also receives, if it exists, the mapping and its associated digital signature. The Ethereum application running on the Ledger Hardware wallet performs a cryptographic verification to authenticate this data, enabling it to safely display the ENS instead of the hexadecimal address.
And voilà… You can easily and securely verify your transactions without the hassle of hexadecimal characters.
Simplify your Ledger Live experience
As stated above, the resolution between ENS and hexadecimal is quite trivial. So it shouldn’t come as a surprise that the send flow in Ledger Live now automatically handles the resolution.
vitalik.eth in the recipient field, Ledger Live will inform you of the corresponding hexadecimal address. Similarly if you type in
0xd8da6bf26964af9d7eed9e03e53415d37aa96045, Ledger Live will inform you that this is mapped to
We are convinced this feature is a much needed first step to simplify the user experience.
📝 Important note : As a user you must always make sure that what you typed in Ledger Live (be it an ENS or an hexadecimal address) matches what’s displayed on your hardware wallet’s secure display.
The first limitation is that you must either be sending to an ENS or using an ENS yourself. An ENS isn’t created automatically.
Other limitations include a maximum ENS length of 30 characters, and a requirement for the ENS to be displayed on the device in lowercase alphanumeric characters. Indeed, it’s very easy to mislead a user by substituting an “
I” (uppercase i) for a “
l” (lowercase L). Similarly, a very long ENS is too hard to verify and substituting one character for another would probably go unnoticed.
By adding these requirements, if someone attempts to trick you by having you send funds to “
vitaIik.eth”, your device will display “
vitaiik.eth” instead. It’s simpler to spot the difference now, right?
Again, this serves as a valuable reminder that ultimately, you are the ultimate shield. Only you can verify what’s shown on your hardware wallet screen and validate or reject it.
“What you see is what you sign.”
For the time being, we only support ENS on the Ethereum blockchain. More networks will be made available in the future. Stay tuned!
Head of Developer Ecosystem