Can anyone link me to some criticism of these claims by qualified people? I'm especially interested in a rebuttal to the claim that long range NaS attacks are not possible in the system that kushti has defined in his and his group's research.
I think long range is not possible because rolling checkpoints. Also when downloading a new chain there is a trust system so you download from a trusted source. Rolling checkpoints are nice but create the risk of dividing the network. A fork larger than the largest allowed reorganization would not be resolved and the network would split.
I remember Bitcoin itself was using checkpoints at one time, not too long ago too. Haven't heard much about that in a while. Do you or anyone else know if they are still in use at all?