So, would there be an issue with having otherwise valid blocks referencing additional parents considered as a valid proof-of-work if one or more of their additional parents are invalid? I'd have to think through that...
I thought about it. I couldn't think up any specific examples, but intuitively is just seems wrong. Just like a miner making a block is saying that they completely believe (or should I say, confirm...) that the block's parent is accurate, so should the additional parents. It says, "this block here wasn't wrong, either; it was just unlucky". Thus, the thing that miners should do in this situation is, until they believe that they have enough orphans stored up, don't have them link with the other orphans. Make them all have completely different transactions. Then, when you're ready to take back the chain, merge them all in a single block.
And, now that I click "post"...
But, what if instead of linking the honest blocks with each other, they are just linked to those on the trunk, but every time you add one, you do it many blocks deep, so that the attacker can't cheaply rewrite the header of your parent?
That would clash with your X limit though as these never-merged branches would eventually be more than X blocks behind. I haven't yet processed the need for this limit, I will do it tomorrow.
I honestly haven't put much thought in the X limit. The main thing is to prevent spam blocks from being made at difficulty 1, so maybe instead of blocks, it could be based on the difficulty the block was originally made at. Maybe a combination of both. It might not even need to be handled at the protocol level. I don't know...
Who would do that, though, when they know that as long as the chain is frozen, their coins are useless?
If this counter-freezing system works for a while, those who manage to get things through would have an incentive to cheat. You spend your coins, get something in return because the chain is not really frozen, then you double-spend it.
That's a really good point that I never even thought about. However, thinking about it further, I think you're fine. In order to counter the freeze, you need a bunch of orphan blocks that the attacker REFUSES to merge into their chain. For the sake of example, let's say six. The second that a block is made that does the merge, the honest chain is 6 blocks ahead of the attacker. A double-spend on the attack chain is now completely ignored, since they are no longer the longest chain. This leaves the attacker with three options:
1) Merge enough of the orphans into your own chain so that you can catch up. This will still take out several transactions, true, but the ones that get merged would then be permanent. (Your own empty blocks ensure that!)
2) Give up and start trying to freeze the chain again at the new tip.
3) Wait to catch up, and then double-spend to invalidate the other chain.
Now, if you are up to speed with your Satoshi white paper reading, you'll notice how hard #3 is. This is literally the same thing as rewriting historical blocks. The further behind you are, the more time or hash power you'll need to catch up. Oh, and those orphan that were used to jumpstart the chain? They can be reused again if you
do catch up. But, that shouldn't happen. What happens is the community makes it so that there are enough orphan blocks to cause you to take at least a few hours to catch up, and then they release an update to the client that hardcodes in a checkpoint to their chain. Oh, and by the way, if you continue despite that, since this would be a large reorganization at this point, you would just trigger safe mode on any client that doesn't upgrade immediately. You lose and have to start back over with option #2.
The result is that anything in an honest branch is potentially reversible.
Uhh.... Duh? That's always the case when someone has 51%. This does not solve that issue. All this system does is ensure that every "vote" gets counted.
What do you mean by vote?
Vote as in hash. The system would ensure that the legitimate chain doesn't lose apparent hashing power because of an orphan.
And, if no transaction can be trusted to be irreversible, than there's no point in any of this. Even with a normal, frozen blockchain, people could still deal only with unconfirmed transactions. We must find a way to make older transactions "deeper" and harder to overwrite.
Even with an attacker, transactions can still be irreversible. You just might have to wait longer (days) and depend on manual checkpoints.