Pure Proxy Accounts
Pure proxies are very different from other proxy types. The proxies we described so far are existing accounts assigned as proxies by a primary account. These proxies act on behalf of the primary account, reducing the exposure of the primary account's private key. Remember, the more often we use an account's private key to sign transactions, the more we expose that key to the internet, increasing the visibility of that account. The purpose of a proxy is thus to draw the attention of potential attackers away from the primary account, as proxies' private keys will be used most of the time to perform actions on behalf of the primary account.
Pure proxies are new accounts that are created (not assigned) by a primary account. That primary account then acts as any proxy on behalf of the pure proxy. Pure proxies are keyless non-deterministic accounts as they do not have a private key but they have an address that is randomly generated. Also, in some sense, nobody owns a pure proxy as nobody has a private key to control them.
Pure proxies are not anonymous because they have an address that is spawned by a primary account acting as any proxy. Even if any proxy changes, it is still possible to find who generated the anonymous proxy by going backward using a block explorer. There was thus the need to change the name of anonymous proxy. People suggested keyless accounts since they do not have a private key and are proxied accounts. However, multisig accounts are also keyless (but deterministic). Moreover, even if anonymous proxies are proxied accounts, they can still act as proxies and control other accounts via proxy calls (see multisig example below). Thus, the name that has been chosen is pure proxy. If you want to know more about the reasoning behind renaming of pure proxies, see the discussion in this PR or the discussion on Polkadot forum.
Use of Pure Proxy
The use of the pure proxy is strictly bound to the relationship between the pure proxy and the any proxy. Note that the any proxy does not necessarily be the one who created the pure proxy in the first place. Hence, pure proxies are not really owned by somebody, but they can be controlled. Once that relationship between the pure proxy and its any proxy is broken, the pure proxy will be inaccessible (even if visible on the Polkadot-JS UI). Also, pure proxies are non-deterministic, meaning that if we lose one pure proxy, the next one we create from the same primary account will have a different address.
Pure proxies cannot sign anything because they do not have private keys. However, although they do
not have private keys and cannot sign any transaction directly, they can act as proxies (or better,
proxy channels) within proxy.proxy
calls (proxy calls). For example, it is possible to have pure
proxies within a multisig. Using proxy calls, it is possible to use the any proxy to call the
pure proxy, which in turn will do a multisig call. More about this later on.
Once you remove the relationship with any proxy, the pure proxy will be inaccessible. Also, pure proxies cannot sign for anything.
Why Pure Proxy?
Pure proxies have important benefits that we discuss below:
- Enhanced Security: Pure proxies cannot be stolen because they do not have private keys. The only accounts that have full access to the pure proxies are any proxies. Security can be further increased if the any proxy is a multi-signature account.
- Simplified and Secure Account Management: Pure proxies can simplify the management of complex account relationships at a corporate level.
- Multi-signature Account Management: Pure proxies are useful to efficiently manage multi-signature (multisig) accounts. In fact, multi-signature accounts are deterministic, which means that once a multisig is created the signatories cannot be changed. If one of the signatories wants to leave the multisig, a new multisig must be created. This is inconvenient, especially at corporate-level management where the chance of replacing someone within a multisig can be high. Pure proxies allow keeping the same multisig when the signatories change.
If you are an advanced user, see the Polkadot-JS guides about pure proxy accounts.