This leads to fun outcomes like old stake holders can exit the system (sell their coins) and then sell their old keys to people go fork off the chain at a point in the past, at no cost to themselves. Someone who is later handed two histories— the real one and the simulated one— cannot distinguish them, they can tell— perhaps— that someone was naughty, but that doesn't help them decide which chain is the good one.
That's not true, as in that's not a characteristic of PoS. It's a characteristic of flawed PoS.
A transaction in block x has to be equivalent to signing it by stake held in inputs (or accounts, whatever the design of the system is).
Transactions have to be valid in only one blockchain, as to not be replayed.
If A has 30% of stake, the fake empty block created by A has the same validity as a block generated by A with A's selling transaction to someone. Now the buyer and A can both create their equivalent blockchains. However, all it takes to make one blockchain one valid is another stake signing one block in one of the blockchains in the future.
Fake block stake validity, all by A:
30%, 30%, 30%
True blockchain stake signed:
30% (A's stake, selling), 30% (buyer), 30% (buyer) + 1% (someone else, B)
By signing third block, B effectively validates all blocks before him. So now first fake block has 30% of stake behind it, and true block (with selling transaction) 31%.
There are a number of other related implications. A number of different modifications have been proposed, but so far all of them seem to be obfuscation and not actually fix the underlying issue, which seems a bit fundamental.
You can read more about this in Section 5 of
https://download.wpsoftware.net/bitcoin/asic-faq.pdfIt's trivial to create a rule which makes one block with identical stake better than another, like a comparison of hashes. This would lead the honest nodes to completely ignore the worse block. To break that would be equivalent to acting directly against self financial interest,
for no reason, and as long as all people in control of a currency don't act against their interests, everything works.
It's no different to PoW. If I own serious money in a specific cryptocurrency, I'm not going to endanger that, because that would be very costly, although indirectly, just as mining forks in PoW is costly.
Most people living in skyscrapers don't steal and destroy bricks from foundation.
Note that it takes just one person with one coin to behave correctly, even if literally everyone else is signing all forks, and everything works.
Why for no reason? Because this shouldn't be profitable, if it is, it's a design error. I don't think it's that important though.
