maybe you could describe how the attacker tries many times and what he does to get different outcomes cause that's the part that's unclear to me in your explanation.
Simple, he just constructs different blocks of different transactions
sending coins to himself. Different addresses, different
amounts, different timestamps, whatever.
Exactly and that's the point I'm trying to make!
Every time an attacker sends coins to himself, his coins must wait
minimum stake age to be able to mine. This will cause a lag that will make it impossible for an attacker to catch up
no matter how many times he tries!
Therefore, to succeed an attacker needs the equivalent of ~50% of the mining coins.
This will be my last post in this thread because you just don't get it or don't want to get it. I've made my points very clear several times. Not saying I'm infallible but we aren't moving forward with a productive discussion.
As I already explained, if he sends coins to himself using an attack chain,
and the chain is not accepted by the rest of the network , then nothing has changed in his UTXOs,
including the stake age, thus allowing him to try again and again until that chain or another chain is accepted.
Those are my criticisms...you had an ample opportunity to address them. The white paper and yourself
seem to miss these known issues with PoS.
Nothing really new here and nothing to prove " Proof-of-stake is more decentralized, efficient and secure than PoW".