Hi gmaxwell,

I agree with you that the threat of the 51% attack is not much increased by this weakness, yet the vulnerability to selfish mining is: say there are bad miners whose total hash-power is only 30% of the total network's hash-power. Despite the selfish mining attack being profitable to an attacker having 30% of the total network's hash-power, it is not trivial to actually perform this attack. If one of the bad miners is a traitor (i.e. a good miner), this miner can discretely publish all the blocks that the pool wants to keep secret, and thus preventing the attack – unless the pool miners just don’t know the previous (secret) block. The bad miners will have no problem mining on top of unknown blocks, as long as they receive their (increased…) rewards. So this is not a pure theoretic attack. Yet I agree with you that this is not an immediate threat.

As for the ASICs:  the Bitcoin dedicated hardware can compute SHA-256 really fast. As long as we continue to use the SHA-256 compression function, there is no need to switch to a new hardware – just to modify the program of the ASIC machines. Consider for example my proposal of requiring that the outcome will be close to the (upper 128 bits of the) previous block's hash rather than being close to zero.  

Lear.