The attacks are possible because the input entropy is controlled by the last TB in a CB and the targeted order is known into the distant future of all CBs. Whereas with Bitcoin's Proof-of-Work, the entropy is reset on each TB and all the peers competing anew on each new TB. That is like night versus day in relative security.
but still the last TB can game this function and knows it a priori.
He can "game" it by spending (hundreds of) thousands of decrits. Then he must do this again at the next CB point.
WTF? He only has to spend the normal deposit transaction to position his SH at a desired ordered choice among the available choices given by your function.
Once he has control over a CB, he then has complete control over the options and begin to target consecutive CBs, then has continuous control.
To get his SH to sign all the consecutive TBs in a future CB, choose one in distance future, so have many CB opportunities interim to target that distance CB.
I am assuming of course that SHs are plentiful and there are 100s or 1000s of CBs before a SH gets a repeat turn (unless he leaves and rejoins).
The attacker only needs to target clustering his SHs in a consecutive order
By spending hundreds of thousands of decrits.
Not!
And then what, denying SHs consensus? We've gone over that.
If you control all the TBs, you control what goes in the consensus (as well as getting all the tx fees).
and then once he has all in a CB or nearly all,
With your pompous presumptions that 100% consensus won't be reached each CB.
If you control all the TBs, you control what goes in the consensus (as well as getting all the tx fees).