>There are in fact some further issues, to do with making sure it's not cheap for a miner to re-exhibit their proof (of having performed a suitably substantial burn a suitably long time ago) on multiple competing chains. Details to follow.
which kind of seems like a major omission, as this is the one thing a proof of X should protect against.
Seems like that could be defended with Casper's approach: use security deposits, slash them for burn reuse, and reward anyone who provides proof of reuse.
The problem is that the miners -- whose fraud is proven with a transaction -- have the responsibility of including this transaction in the chain they control. Which means the only solution is to fork: now we have two or more chains (any number of valid chains which includes this proof can exist) -- how do we reach consensus on which to follow?
Before the fraud, the miners were allegedly responsible for reaching consensus. And when they commit fraud, it's assumed that the network can reach consensus without the miners (on a single, valid chain which includes the proof of miner fraud). If everyone except the miners were able to reach consensus on a single chain in the first place, why did we need the miners?
Well yeah, you can use any proof of work, proof of stake system to prevent it. However if you've got one of those, what would you need the proof of burn for?
>There are in fact some further issues, to do with making sure it's not cheap for a miner to re-exhibit their proof (of having performed a suitably substantial burn a suitably long time ago) on multiple competing chains. Details to follow.
which kind of seems like a major omission, as this is the one thing a proof of X should protect against.