I haven't really taken time to look into PoS, but it sounds extraordinarily stupid to me: if I were a botnet operator who insert millions of nodes into the network to broadcast my fake PoS blockchain, which can be easily made because there is no requirement on the amount of work, how do you know which chain is real? Also what if several people controlling large stakes are kidnapped and forced into give their private keys?
PoS needs some kind of boot-strap. Most of the current systems are hybrids. PPCoin has POW and POS blocks. They aren't exactly clear on what their system is though (at least last time I checked).
You can get a mint reward by finding a POW block and you can get a POS reward by consuming coin-age.
When comparing 2 forks, only POS from before the fork should be considered. If the fork point is at the genesis block, then POS cannot be used to distinguish between the chains.
A release strategy for a "pure" POS coin might be
- coin starts as a POW coin
- assume 50,000 blocks per year
- after 60,000 blocks have been found (14 months)
-- snapshot the 50,000th block as a checkpoint
-- release new client with that checkpoint hardcoded
-- broadcast checkpoint digitally signed by devs/trusted people (N of M rule)
- after 70,000 blocks have been found (17 months)
-- initial client will not accept blocks unless it has received the checkpoint
This generates a base of stake for the POS system. A year should be enough time so that no one person has a large portion of the stake.