• A new paradigm "The longest chain is the right chain IF it does not suggests to reorganize more than X blocks of the already existing chain" must replace the old "The longest chain is always the right chain" paradigm.

• A new paradigm "An isolated node can not trust itself" must be applied.

It is unfortunate that the author has approached two essentially different issues in the same paper.

The longest/heaviest chain problem
I think one needs to be cautious about the proposed "X blocks" solution not being arbitrarily chosen, there should be some logic behind this value. When a deep re-org happens, different classes of users are at risk:

• 1- Miners of now-orphaned blocks.
• 2- Merchants/users who have received and accepted spent UTXOs created in such blocks(including the coinbase).
• 3- Merchant/users who have received UTXOs from old blocks.
  

Obviously users in group #2 are the most vulnerable because they will be left with no way to (re)claim their funds from the new chain as the utxo is removed from the state machine forever or its existence is conditioned by the possibility of other txn(s) to be mercifully included in the blockchain by the adversary. Notably, there is an incentive for miners (pools actually) to sell their rewards asap if there is a chance for medium/long-range chain rewrite attacks. The recipients have almost no protection measure other than waiting for an unpractical number of confirmations although most of them are not directly targeted by the adversary and the volume of the trade does not trigger any cautious action like waiting for more confirmations, which is the only recommended measure for resisting such attacks.

In practice, PoW coins (including bitcoin) suspend miner access to his/her reward up to a pre-defined period (100 blocks in bitcoin) for it tomature. In bitcoin, it was devised firstly to protect users from unintentional forks still, it sounds pretty absurd for an innocent user to be subject to a not-so-long-range chain rewrite in spite of the fact that s/he is not involved in a high-risk transaction.

So, I'd propose that the problem of "finality in PoW" is better to be merged with the problem of "maturity", IMHO, the basic idea ounf maturity period in POW should be extended to cover the finality problem that the author suggests an X parameter for dealing with it, I suppose this X parameter and the maturity parameter  in current PoW coins are/should be the same. So, I'd propose:

No chian-reorg is acceptable in PoW blockchains that makes a matured coinbase UTXO void.

Obviously, Neither Satoshi Nakamoto nor most of the other PoW designers have put it this way and the maturity period is not considered such a sensitive parameter, not a big deal, with a simple UASF it can be re-adjusted to cover the finality issue as well, according to my own assessments bitcoin can set this parameter to 500 blocks and stay ultra-safe for predictable future.

Another interesting point to be mentioned here:
Once the maturity/finality issue is addressed bitcoin will be ready to launch on the mobile devices with very fast bootstrap time ad limited resource requirement using very old and well-reviewed proposals like UTXO commitment and so on.


Anyway, thank you OP for bringing this up. Good job