As far as spoofing the time intervals,
lets say you want to start a chain
"from 200 minutes ago". You can have
a computer calculate an alternate
chain that supposedly started 200 minutes
ago in a few seconds, and broadcast
that in realtime right now. Nodes receiving that
would not know that the blocks on
the false chain weren't really
built 200 minutes ago.
Nodes must accept the longest chain,
otherwise you will loose consensus and
risk a fork in the blockchain.
You won't always be able to achieve this,
but occassionally you will, and since
the cost is minimal, why not try it?
The reason this is incorrect is that there is no possibility for a "computer to calculate an alternate chain that started 200 minutes ago" and have it become longer than the main one.
What one has to keep in mind is that
everything is deterministic.
For an attacker to build this fork he must own private keys that give him control over some stakes at the beginning of the attack.
Let's say the attacker has control over 10% of the mining coins. Two possibilities:
- These coins have been used to mine on the main chain. In this case, the stakes will create blocks exactly at the same timestamps then they did when mining on the main chain because since everything is deterministic, the proofs are the same.
Starting our clock at the start of the fork, let's consider the average case (20 blocks mined by the coins the attacker control), the stakes have generated blocks at time 3,7,13,[...],189,198. Then the attacker's fork will consist of 20 blocks created with the exact same proofs.
The important part is that since the fork will always be a subset of the main branch he will never be able to create a fork with more trust than the main chain. A second important remark is that the attacker cannot try his luck many time.
- The coins used to stake were not mining previously and in this case he would need in average 50% of all mining coins to be able to create a longer fork. This corresponds of course to a 51% attack.
You might ask, if he gets his hand on 10% might he win? The probability that an attacker a fork with 10% of the coins will outperform the 90% remaining over a 200 minutes period is ~10^-100 (using formula on p.35 on the white paper). Therefore, this kind of event will never happen no matter how often attackers try.
- A third possibility would be to send coins you own the fork and mine with them. In theory, you could do that a great number of time and you might expect to succeed at some point. That's why the minimum stake age (i.e. the minimum time during which coins have to wait before they can mine) is important. For these coins to be allowed to mine they must wait a significant amount of time and this creates a lag. And this has a consequence on "real time" since the nodes receiving the forks will check if the proofs used to generate the blocks are valid.
You won't always be able to achieve this,
but occassionally you will, and since
the cost is minimal, why not try it?
The important part is that, you will not "not always be able to achieve this", you will actually never be able to achieve this without owning ~50% of the mining coins.
I'm not sure what the 200 minute buffer
zone applies to (new coins staking?),
but that really doesn't solve the issue,
as you can keep trying to attack with
old coins, or you can attack less frequenly
(every 200 minutes) with coins you just
bought and sold. In addition, I believe
it opens additional attack vectors based
on older stake participants rejecting
newer participants.
The reason behind this is that since you cannot "hope" to win be trying to fork a large number of time, the best thing you can hope for is to "grind" through stake modifiers, and to do that you must have control over the current stake modifier and this takes time.
Finally, what do you mean by "additional attack vectors"?
As you said, an attacker can simply use coins that are old
enough and keep trying with them. Those attacks would
be smaller than 200 block reorgs.
As far as the new coins (or any coins), what you are not considering is that the blockchain
MUST find new blocks.
Assume you have a 10 percent stake, so you'd have a
1 in 10 chance of being awarded a block.
Your argument is that you'd have a 10% chance (or .1 probability)
of succeeding at one block, .1^2 for two blocks in a row, .1^3 for
blocks in a row, etc.
However, here's where that argument falls apart:
What if the block found "deterministically"
wasn't broadcast by the chosen stakeholder? Now the network
must choose again, so you get another 10% chance. This
process can continue ad infinitum in a grinding fashion.
).. Or you Daedelus - you're well informed on POS matters ? 
