@koubiac,
You say that the only way for the attacker to try again
is to change the kernel, but if their attack fails
(chain is not accepted), then why can't they try
again with the same kernel?
Because if he tries again with the same kernel, he will produce exactly the same branch.
I'm not sure if this is clear or not. The hash being deterministic, the only way to try again (i.e. to try to obtain a different outcome) is to change the kernel.