I'm working on a similar DAG based design and it was interesting to read your whitepaper. A few questions/concerns:
1. Could you explain in layman's terms, why capping the amount of work per transaction makes double-spend attacks less likely to succeed? It doesn't sound intuitive.
2. What is the incentive for honest nodes to keep PoW on the legit sub-tangle high enough, so that no single attacker (even ASIC-powered one) can create a fake sub-tangle that has higher cumulative weight and contains his doublespend?
3. The whitepaper says that the subtangle that contains a failed doublespend is discarded. Does it mean that all other transactions that happened to approve the doublespend transaction are also discarded? If so, an attacker would try to inject two conflicting transactions at nearly the same time. Since synchronization is not instantaneous, some users will unknowingly approve one of these two transactions before they learn about the other. If they were unlucky to approve the transaction that eventually dies, their own transactions are also discarded, correct? Then it sounds like poor user experience, since user's transaction can be effectively canceled for reasons that he doesn't control. Next, if the attacker continuously sends penny doublespend transactions, he will split the network into multiple branches, most of them will be discarded, and the network will be effectively stalled. This is DoS attack. Next, observe that when a subtangle is discarded, the PoW invested in its creation is also discarded. Then if the attacker tries to doublespend a more sizable amount at the same time, he will reduce the hashpower of the honest part of the network by DoSing it this way, and he will need less resources to produce a subtangle that overweighs this weak legitimate subtangle.
The author of the whitepaper is in a location with a terrible Internet connection now, I'll try to answer instead of him but keep in mind that I may be wrong.
1. Imagine that you need to do N work to outbalance the rest of the network. A winning strategy is to do number crunching in hope to be lucky and find a solution much earlier than in average. If the network reaches the point where N is not enough to outbalance its work then you simply increase N by some value and keep doing hashing until you find a solution. You may need to move your goal again and again though.
2. Nodes don't need to continue to do hashing once their transaction is accepted, others will do that for them if the majority confirms those transactions that confirm others' ones.
3. If a transaction happens to reference double-spending transactions then
anyone can change the references. More likely it will be the issuer themselves if they hasn't got the purchased item yet, or the merchant who has already delivered the item and now is interested in transaction confirmation because otherwise he will be unable to spend these coins. A DoS attack is possible but iota has inherent protection against it because every transaction needs to do some work (PoW) before it becomes valid. Every transaction has 2 parts - essential data signed by the owner and references to other transactions, - the latter can be changed without transaction resigning.