Commit, then register. The two step process for registering ENS domains.

The Ethereum Name Service (ENS) smart contracts implement a two step process for registering a domain name.

These are:

• A commitment step. The user submits a signed transaction indicating that they specifically are interested in registering a particular domain name.
• A registration step. The user submits a signed transaction saying "OK, register that domain name that I previously expressed interest in".

Why? To prevent front running.

Were the registration process to be a single step process where the users transaction says 'Register xyz.eth for me', a front running situation could occur whereby the entity including your transaction in a block instead gives preference to their own transaction to register xyz.eth for themselves instead.

By requiring a commitment step this is not possible.

Well.. the commitment step requires submission of a carefully formed commitment signature. This signature is calculated based on a number of parameters, one of which is the domain name whilst another is a salt (which is essentially a unique passcode that only you know).

This signature does not include a plaintext representation of the domain name that the user is interested in registering - there is no way for a malicious block producer to discern what domain name you are interested in (at this point).

When you submit the registration transaction, one of the parameters is the domain name that you want to register. This value (along with the other parameters submitted in the registration transaction) is used by the ENS smart contract to reconstruct the commitment signature that was previously submitted. It then verifies that a matching signature was previously submitted to the chain. If it was, the domain name is registered.

The block producer can see the domain that you are attempting to register when you submit this second transaction. They can not however front run you because they have not previously submitted a commitment saying that they are interested in registering the domain.

Fun fact: When the current ENS smart contracts were developed back in 2019 the registration commitment didn't include the address of the user who was interested in registering the domain name. Front running was still potentially possible if you had details about the previously submitted commitment - a malicious actor could 'steal' the commitment and submit a registration transaction saying 'register the name to me' instead. This was noted in the audit conducted by Consensys, and remedied by the ENS team.