In Bitcoin, we always have better, more power efficient ASICs. The miner who is first to install a new ASIC, obtains temporary advantage over other miners (assuming all other variables equal). A new ASIC basically redistributes the constant flow of wealth (25BTC/block) among miners, ordinary users don't care.
In Iota, I'm afraid, it'll be profitable to use ASICs against users. If minimal PoW per transaction is small enough then a small battery of ASICs might be enough to outPoW the whole legitimate network armed with CPU PoW.
Bitcoin has constant PoW during a week too, I don't see how constant PoW leads to an insecure state. Would anyone create ASICs for Bitcoin mining if there was no subsidy (25 BTC) nor transaction fees?
Will anyone create ASICs or build botnets specifically to attack Iota users? If Iota token becomes valuable enough, why not?
So you allow to duplicate a transaction as long as PoW is also duplicated.
What about attempts to rewrite history by rewriting the envelopes?
![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fi.imgur.com%2Fncfk7bO.png&t=607&c=kvLgPUuE38ld4A)
In this example from the whitepaper, if I wanted to censor envelope F and the corresponding transaction (because e.g. it contained a spend that I want to roll back), could I "route around" it by spending some electricity and rewriting references in envelopes of E and B so that they no longer point to F but somewhere else? Then there are no references to F in the graph any more, I can safely delete it and share my version of the history with other nodes. How will they know which history is right?
The history with the heaviest tangle is right. To rewrite the history you need to control most of the hashing power.
Min transaction PoW will naturally increase over time mimicking Moore's law when more powerful hardware appears. Multiply this by TPS increase caused by increased popularity.
ASICs indeed will be created.
Satoshi's assumption was shown to be incorrect - http://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf.
Necessity to absorb surplus hashpower is not obvious, also what numbers do you have in mind (1% of not used hashpower, 10%, 99%)?
There is no such thing as rewriting of envelopes, you can only add new ones unless you conducted a global eclipse attack.