BMS: Secure Decentralized Reconfiguration for Blockchain and BFT Systems

Reconfiguration of long-lived blockchain and Byzantine fault-tolerant (BFT) systems poses fundamental security challenges. In case of state-of-the-art Proof-of-Stake (PoS) blockchains, stake reconfiguration enables so-called long-range attacks, which can lead to forks. Similarly, permissioned blockchain systems, typically based on BFT, reconfigure internally, which makes them susceptible to a similar "I still work here" attack. In this work, we propose BMS (Blockchain/BFT Membership Service) offering a secure and dynamic reconfiguration service for BFT and blockchain systems, preventing long-range and similar attacks. In particular: (1) we propose a root BMS for permissioned blockchains, implemented as an Ethereum smart contract and evaluate it reconfiguring the recently proposed Mir-BFT protocol, (2) we discuss how our BMS extends to PoS blockchains and how it can reduce PoS stake unbonding time from weeks/months to the order of minutes, and (3) we discuss possible extensions of BMS to hierarchical deployments as well as to multiple root BMSs.