We didn't lose time during the holidays, and happy to publish recent news & our plans for 2015!
After a lot of research made & few papers published we're understanding attacks on proof-of-stake pretty well. The summary from the BTT topic (
https://bitcointalk.org/index.php?topic=897488.msg10152632#msg10152632)
1. Short-range attack - attacker can offer better chain started few blocks behind current canonical chain. The attack is possible at the moment, the only likely outcome though is just gathered fees increase for an attacker. In our simulations this kind of attack is possible mostly when a long delay occurs due to low target. By the way, the attack has positive aspect for network, as it shorten delays average between blocks. So attacker gets extra fees for a good job done Grin
2. Long-range attack - attacker can start fork hundreds or thousands blocks behind current chain. From our investigations the attack isn't possible.
3. Nothing-at-stake attack - not possible at the moment! Will be possible when a lot of forgers will use multiple-branch forging to increase profits. Then attacker can contribute to all the chains(some of them e.g. containing a transaction) then start to contribute to one chain only behind the best(containing no transaction) making it winner. Previous statements on N@S attack made with assumption it costs nothing to contribute to an each fork possible and that makes N@S attack a disaster. In fact, it's not possible at all to contribute to each fork possible, as number of forks growing exponentially with time. So the only strategy for a multibranch forger is to contribute to N best forks. In such scenario attack is possible only within short-range e.g. with 25 confirmations needed 10% attacker can't make an attack. And attack is pretty random in nature, it's impossible to predict whether 2 forks will be within N best forks(from exponentially growing set) for k confirmations. So from our point of view the importance of the attack is pretty overblown.
4. History attack - attacker can buy whale's private key for $5 and build alternative story. Solved with some checkpoints now, located behind max rollback possible, so the solution is not so scary in terms of centralization etc.
There are also issues we want to resolve e.g. long delays. So we have no any deadly threat, but several annoying issues.
From playing a lot with simulation tools we realized most of problems will be less important with a better measure(than just cumulative difficulty). andruiman finished a new paper with a simple but working proposal, will be sent to investors very soon.
Even with singlebranching pos better measure would be very helpful. Then we'll play with more complicated proposals, including proof-of-stake + proof-of-activity hybrid.
Papers & articlesandruiman has the nice plan for next papers to be published:
1. Comprehensive analysis of the blockchain measure influence on the multibranch forging convergence
2. Theoretical physics and abstract math analogues and inspiration for the world of CC economy (mostly philosophical stuff)
3. Proof-of-Stake "algebra" and its formal Coq specifications (with publishing in truly scientific journals)
SCOREXRegarding multiple-branch forging, it seems promising in theory, but there are some questions regarding effective implementation. As Nxt core is pretty bold these days(40+K lines of code), I worked during few weekends on Qora code simplification. Started with original 24K I have 9K now with 3K in Scala and 6K in Java. Finally I'll have a coin prototype with no production quality but in just 5-6K lines of Scala code. I've chosen SCOREX name for that(SCala&qORa-based blockchain-driven network for EXperiments). So we will use it for experimental multiple-branch implementation, and will invite enthusiasts to set up nodes for the experiment(>10 nodes are enough I guess). Later well-tested results will be incorporated into Nxt core(or not in case of failed experiment

SCOREX also will be outsourced for other researchers need(to make cryptocurrency-related experiments quick to implement).