Hello Iain,

great insights from you as usual. I just have one addition. I think that on a theoretical level, it is easier to distinguish attacker's blocks from normal ones than you portray, because the attacker has a particular goal in mind, which is by definition distinct from that of the "good" participants. He cannot reach the goal without exposing the method by which he is reaching it. So theoretically, it is always detectable, and can be mitigated against by the genuine nodes, irrespective of the exact mining algorithm (PoW/PoS/PoB/...).

The question is then more practical, the defence needs to be sufficiently quick, and sufficiently effective to allow the "good" blockchain to continue. It does not need to be immediate or 100% successful, or outcompete on mining. A fork is also an acceptable solution, indeed, it might be a better one than trying to outcompete the attacker on mining. The result would be two competing blockchains, mutually incompatible, which will economically lead to a floating exchange rate between them.

In order to avoid ideology in the block assembly mechanism, my personal recommendation is then to detect deviations from the market equilibrium. This results in greater predictability, as well as providing a reason for people to continue preferring Bitcoin. Even if Cunicula has other plans, all other things being equal, people do not choose a medium of exchange which they themselves would be prevented from using the way they want. If he wants to implement features that screw people over, as long as it is distinguishable from the legitimate Bitcoin (and doesn't have sufficient other advantages, such as liquidity or transaction costs), it would not be able to replace Bitcoin. Some masochists or luddites might use it but that's about it.