Smooth's point is that in a "segregated witness" block chain design where ordering of confirmations can be ambiguous due to the inability to prove propagation, then any threat of a penalty (e.g. confiscating a deposit) against a provably fraudulent instant confirmation node (which is a masternode in Dash) would be futile because for example the attacker who is in control of that fraudulent node could have shorted the coin and thus be profiting on the attack more than the cost of the penalty.
Yes smooth that is entirely correct. And it guarantees eventual failure for any "segregated witness" design that is vulnerable to double-spending and using only penalties to hope to disincentivize such attacks.
I don't know if your narrowing of the general problem to a specific instance (shorting to profit on an attack) is sufficient. It may be, but it is difficult to enumerate external incentives. For example, in Meni's paper it is pointed out that an attacker can double spend against multiple merchants simultaneously which makes it difficult to reason about the "cost" of double spending attacks (in terms of burned hash rate for a minority attacker). That doesn't directly apply here (because locks are specific to a UTXO), but still other external attacks probably exist.
I predicted you would reply with that point of clarification. I knew I was only providing one example of a general issue. I was keeping it simple for readers. Yes I agree with your point that the general case may not be so concisely contained.
This is why the problem statement of satoshi that assumes <50% (or 30% or whatever -- I will get to that) is important. Because if that condition is well-satisfied, then the system is unconditionally secure. The exponential difficulty of multiple-confirmation attacks make them quickly implausible for any finite payoff. Double spending is impossible up to an exponential difficulty, as is jamming.
As I had argued upthread to you, that logic doesn't hold against the State's incentive to force KYC by regulating 50+% of the mining. The State incurs no ongoing cost, because it charges it to the collective. And that is why if the State is not limited in its power by permissionless individual power, then the State can drag humanity into a Dark Age of death and misery. And that is one of the main reasons I wasn't gullible enough to fall prey to
Satoshi's deception game.
As an aside, the difference between 50% or 30% or 25% or whatever selfish mining thresholds might exist doesn't really matter because security in satoshi's design is greatly reduced if mining is concentrated at all, even well under 50%. In satoshi's paper he gives an example of a 45% attacker which would require waiting 340 confirmations for "just okay" security (even though his assumed threshold is 50%). Nobody does that.
And as I am sure you are aware, the selfish mining paper showed that Sybil attacking propagation on the P2P network can dramatically amplify the attacker's effective hash rate.
Any way, my design removes the attacks due to even up to 99% of the hashrate. Seriously I already described it to monsterer in the past few pages of this thread. The design is not hidden any more.
I have a strong feeling the most secure cryptocurrency will eventually solve this problem with some method of keeping mining decentralized (enough). Maybe that is impossible (as you claim due to economies of scale, state capture, etc.), maybe not. But I have doubts about any other approach. I'll wait for your white paper though.
I have already solved it. The trick was including all chains. Simple. And then a lot of details to prevent ambiguities. See my prior post.
Edit: reminder on our future
The Digital Kill Switch: