Stake grinding [SG] states that you can pre-compute future, or post-compute history, winning chain using small amount of coins- making Peercoin a PoW coin.
PoW is wrong, more PoS * PoW.
The SG assumptions is that computation is cheap - is false, it's diff * price ( old keys also have price: demand / supply ).
* passive - collect set of outputs, don't use them until you find your lucky streak (by searching some limited future)
* active- rewrite at least 30 days of blockchain
** more he re-write - more he controls
What can be done against:
* increase diff (mint, minting wars[capped coinstake reward])
* decrease supply of past keys eligible to attack (coins circulation)
* increase price of past keys by creating (false)demand
Decreasing # of old keys (coins circulation):
Attacker bought 2 keys, A and B, with 100 and 90 PPCs(in the past) respectively.
The issue is that after A key was spent 1 from 100 PPCs landed(probably through many transactions/exchanges/betting sites/mixers) as input of key B value. Attacker cannot use B key because if he want 90 PPCs w/ B - he need to spend A ( include tx spending A in attacking chain ) and lose control over 100 PPCs.
exclude tx X, keep A, lose tx Y and B
include tx X and tx Y, lose A, keep B
Keys with coins that were mixed with coins from other minting stake of attacked chain are useless too.
Coins circulation limits (past)stake eligible to attack.