@koubiac,
You say that the only way for the attacker to try again
is to change the kernel, but if their attack fails
(chain is not accepted), then why can't they try
again with the same kernel?
Because if he tries again with the same kernel, he will produce exactly the same branch.
I'm not sure if this is clear or not. The hash being deterministic, the only way to try again (i.e. to try to obtain a different outcome) is to change the kernel.
No, you are not clear.
Look, an attacker can build any number
of DIFFERENT "branches" or chains very quickly.
Whether this so-called "kernel" changes
as a result of the various permutations of
transactions and blocks he's put together,
or whether it remains the same because the staking UTXOs
are the same, really doesn't matter.
Why doesn't it matter?
It doesn't matter because if the chain isn't accepted, the attacker
still has his UTXOs and can try again.
So either way, you do not need to change your UTXO set to
try more than once. The only way to force that would be to start having stakeholders
penalizing other stakeholders if they spot a false chain being broadcast, but
that opens a whole new can of worms, issues, and attack vectors.
The bottom line is that if the attack chain isn't accepted, you still
have your stake age, and there's nothing stopping you from trying again.
EDIT: The fact that the "hashes are deterministic" is really saying
nothing at all. That always is the case. How could they be random?
(Who would be generating the random numbers and how would they
be verified?) So yes, you would need to change the attacking
chain to get a different outcome against a different main chain,
but there's nothing stopping you from doing that.