BMS: Secure Decentralized Reconfiguration for Blockchain and BFT Systems
It addresses critical security vulnerabilities in decentralized systems, offering a practical solution for both permissioned and PoS blockchains, though it appears incremental by building on existing protocols like Mir-BFT.
The paper tackles the security challenges of reconfiguration in blockchain and BFT systems, such as long-range attacks in PoS blockchains and 'I still work here' attacks in permissioned systems, by proposing BMS, a secure and dynamic reconfiguration service that can reduce PoS stake unbonding time from weeks/months to minutes.
Reconfiguration of long-lived blockchain and Byzantine fault-tolerant (BFT) systems poses fundamental security challenges. In case of state-of-the-art Proof-of-Stake (PoS) blockchains, stake reconfiguration enables so-called long-range attacks, which can lead to forks. Similarly, permissioned blockchain systems, typically based on BFT, reconfigure internally, which makes them susceptible to a similar "I still work here" attack. In this work, we propose BMS (Blockchain/BFT Membership Service) offering a secure and dynamic reconfiguration service for BFT and blockchain systems, preventing long-range and similar attacks. In particular: (1) we propose a root BMS for permissioned blockchains, implemented as an Ethereum smart contract and evaluate it reconfiguring the recently proposed Mir-BFT protocol, (2) we discuss how our BMS extends to PoS blockchains and how it can reduce PoS stake unbonding time from weeks/months to the order of minutes, and (3) we discuss possible extensions of BMS to hierarchical deployments as well as to multiple root BMSs.