Evil signing peers may only propagate to their evil CNPs. Thus you've solved nothing.
Except that it solves the propagation weakness. Now there *are* two defined chains, regardless of any evilcorp shenanigans. The second chain will not be lost. If evilcorp controls 90% of the CNPs, that means 1 in 10 of them is carrying the honest chain. It won't take very long for any non-network node to find the missing portion of consensus.
You keep shuffling around some details which are just repeating the same flawed logic. There is no possible decentralized metric for peers to know which one of these forks is the honest one.
You have presented no algorithm for deciding which fork is the honest one.
How long are you going to play this shell game with us?
We can require in the protocol that signing peers are not allowed to propagate to other signing peers, thus they can not withhold. All communication must be done through these other CNP-type peers. But we can't stop them from controlling the CNPs they wish to propagate through. And there is no way to require them to propagate through every CNP.
But as long as they can't prevent the fork, they can't take control, so none of this is necessary or worrisome unless you expect evilcorp to control the entire view of the network. With the efficiency of the system, this borders on completely impossible. Even peers who only maintain SH sigs (that 1kB/s for 5 million SHs figure I previously described) will know who caused the fork. On a sufficiently large network, evilcorp will have to fool the entire world.
Agreed the system can record multiple ledgers. This is irrelevant. You must address the fundamental issue above.