That doesn't help if the longest chain is not yet published, which is a plausible issue for short and medium range attacks and especially if your blockchain is not "the one chain that rules them all".
Agreed.
The current stake holders are not going to accept a long-range attack which double-spends their stake back to a former stake holder's private key. The decentralized objectivity is in the community's unwillingness to build on that attacker's chain.
TaPoS provides this security because although not selling the discarded private keys for the stake is in theory an altruistic-prime incentive for an undersupplied good[Vitalik], it is not plausible for an attacker to obtain the private keys for every historic transaction, so as to not create resistance by the current stake holders to the attackers fork (because otherwise the attackers fork would double-spend the current stake holders stake back to the historical owner of the stake).
I think we must distinguish two things:
#1 Can an attacker obtain enough private keys (for transactions) to forge the block chain?
#2 Will the forged block chain be accepted by the current stake holders?
#1 Despite the game theoretic incentive described by Vitalik, it is not plausible to assume that such an attack can be carried out in practice if the initial coin distribution is appropriately decentralized.
#2 I'm not sure if the resistance is sufficient in any case. What happens if an attacker builds an alternative block chain that rewards the majority of current stake holders with a (somewhat) larger stake, while double-spends the minority to gain an undue advantage? In such a scenario, the majority has an incentive to accept the forged chain.
The weak subjectivity seems more applicable to nothing-at-stake (i.e. without TaPoS) and where propagation makes a difference in terms of which transactions are confirmed and there is nothing other than centralized checkpoints to resolve ambiguity. TaPoS is decentralized checkpointing.
What do you mean by "where propagation makes a difference in terms of which transactions are confirmed"? Ordering by the time when the nodes receive (or hear of) the transactions?
However for the long-term and assuming minting of new money supply tapers asymptotically towards 0, the burned fees will asymptotically approach 100% of the stake (and the current stake holders can not build on an attacker's chain which reverts their stake) so it becomes more and more implausible the longer-range the attempted attack (note this does require that stake being infinitely divisible or practically so).
I'm not sure if I understand this. How can the burned fees approach 100% of the stake? Without new money supply, the money would finally disappear if all the fees are burned. Or are you rather referring to some sort of statistical detection as quoted below?
3.2.2 Statistical Detection
Transactions can reference blocks belonging to the canonical blockchain, thus implicitely signing the chain. An attacker attempting to forge a long reorganization
can only produce transactions involving coins he controlled as off the last checkpoint. A long, legitimate, chain would typically show activity in a larger fraction of the coins and can thus be distinguished, statistically, from the forgery.
This family of techniques (often called TAPOS, for transactions as proof of stake) does not work well for short forks where the sample is too small to perform a reliable statistical test. However, they can be combined with a technique dealing with short term forks to form a composite selection algorithm robust to both type of forks.
Bottom line is I can't imagine any real-time instant microtransactions system functioning without some reliance on community oversight. A key facet in my design is that the oversight should be objectively driven and decentralized. The inertial statistical objectivity of the nodes that are online carries over to those who recently come online, i.e. nodes which recently come online aren't trusting any of the nodes but rather trusting that at least one of them is honest. Which is essentially what you wrote, "you can asymptotically achieve objectivity since the probability that one of them will send you the longest chain will approximate 1 provided that at least one out of all nodes is honest and up-to-date". In other words, the Linus law so modified to our context, that "given objectivity and enough eyeballs, all malevolence is shallow and eventually orphaned". That even defeats a Sybil attack.
That sounds interesting even though I haven't really grasped all the details of your design yet.
Yeah because there is no such thing as absolute objectivity in our universe.
That's certainly true.