How does a node verify the genesis block?
The genesis node is hardcoded in the client.Quote
Is that not exactly the same as verifying an arbitrary block?
No.Quote
Why should nodes discard blocks (and therefore invalides many transactions?)? Especially those nodes running by merchants that can cross-check if their due transactions are on the blockchain already.
Non deterministic behavior of nodes is bad. If some nodes switch to the longest chain and some stay with the shortest chain then the network is permanently forked. That is something to be avoided at all cost. While such behavior may make double spends harder, it makes the money you are trying to protect from double spends worthless. Money can't have value if there isn't a single shared view over who has the money. A permanent fork in the network is a lack of consensus, a disagreement over "who has the money" and it is a worse outcome than the double spend you are trying to avoid.
That line of thinking also assumes that all nodes are online. They aren't. The current longest chain is chain A. Merchant is paid in tx on chain A. Attacker builds a chain B which double spends merchant and chain B is longer. Now lets assume all "legit" nodes disregard chain B because it has double spends. That opens up all kinds of timing and propagation attacks but to keep it simple lets pretend they don't exist. Now a new node connects to the network and is receives chains A & B. Both are valid chains with valid transactions. There are differences between the two chains but neither one is invalid by the rules the node uses to validate transactions and blocks. B is longer. The new node would select B as the "best" chain. Oops the network is now split. Now imagine the attacker pays this new node using outputs only valid on Chain B. You now have a permanent split which can't be resolved except with outside force AND entities on both sides of the split who will lose if the other fork is used.
Quote
Would it not be more intelligent to distribute the raw transactions as broad as possible? All this assumes an extremely well developed network controlled by the attacker, right? And if so, why would this extremely well developed network controlled by the attacker be unable to send the new blockchain in time to the merchant's node? Would this not raise awareness on the side of the merchant?
I don't know what you are asking. However for the last question it indicates a false belief that 100% of nodes receive 100% of blocks in realtime, and have 100% uptime since the genesis block. That is the only way they can know in all cases which chain is the "best" even if it isn't the longest. No such system for consensus like that exists. Sure if the Bitcoin network consisted only of nodes who have been and always will be online and learned of blocks in realtime then forming a consensus would be easy. However most of the time nodes haven't been online with 100% uptime since the genesis block. When there are two competing chains they don't know which one came first or which one has the double spend and which one has the "original" spend. The only thing the node can independently verify is that the two chains are valid but different and one is longer.
Given two chains A & B which are different but equally valid without relying on a trusted third party tell me which one is the "best" chain?
Bitcoin says the longest chain is the best one. Still this has gone beyond just PoS & PoW. The same consensus issues remain regardless of what system is used for proof. The proof forms the longest chain, if nodes can form a consensus on transaction ordering while ignoring the proof then why do you need proof to begin with?
I think we have come full circle.