I had gone into elaborate analysis as to why proof-of-stake and reputation based systems are inherently centralizing.
Proof-of-work has the potential be an unbounded entropy (i.e. effectively random and not gameable) up to 25 - 51% (25 - 33% for selfish mining) concentrated control of the hash rate. That is where I agree with smooth's caveat, except if permission-less commerce is the goal even that caveat has another caveat which is you've still got to find sufficient hash rate to push your transaction through without KYC if 51% of the hash rate is regulated for KYC.
You can't push anything through period if 51% is regulated because that 51% will reject unapproved (not signed with a MSB license number) blocks. That's the 51% attack right there.
I wrote if that if the 51% is regulated to require KYC meaning on the transactions in the blocks those miners/pools create. I didn't write that the regulation forced them to also hard fork the chain protocol and reject blocks that don't have KYC along with transaction in the blocks produced by the other 49%. Indeed it is probably likely that if regulation requires the former, then it might require the latter, but as you like to always say "not necessarily so". You see a hard fork might be more difficult political quagmire, so I think my distinction was apropos.
Without that issue, I contend that owning the hash rate yourself is not really necessary to push the transaction through yourself because as long as the system is permissionless you can always find someone to push it through for you for a fee. Anywhere you go in the world, even under the most authoritarian regimes, you can always find a black market if you look for it. Thus such oppression really becomes a question of how much it costs to push a transaction through, not whether you can do it at all.
With that attitude I can see why Monero has gone no where fast. The velocity of money collapses in your solution.
I have a much more superior solution than that! I wouldn't tolerate a solution that forces people to enter the underworld just send a transaction.
Going back to the original case, Bitcoin's security model simply does not work at all if 51% (really >50%, or >25% or >33% or really even a moderately-large smaller share that could easily collude with some other moderately-large smaller share to form such a bloc) of the hash rate is attacking it.
Yeah Bitcoin is dead in the water. Any thing new to say?
It can be a temporary condition though, where users can just sit on their keys and wait it out, like a hurricane. Whether that is effective is a complex political game theory question that you probably agree we can't really answer and is best avoided altogether if you want any kind of strong security model. That requires either a fundamentally different system or a much better distribution of mining than exists today.
Yadayada.