[caf]

I wonder whether it makes sense to define a weaker class of "economically secure" digital cash systems, where it is merely uneconomic to counterfeit and double-spend the currency.

Of course this means that such a digital cash system may be vulnerable to non-economically motivated attackers, and I suspect it is also a class that is harder to precisely define.

[zanny]

This is the argument for btc - even though you could try to fake the transaction chain, you are fighting a losing battle against the active market the second you try to generate one, and the longer chain always wins, and it only takes a bad transaction record to be parsed for your chain to be rejected. And controlling the transaction chain is everything in BTC. It relies on the coefficient of the polynomial of running the hashes to generate coins to add to the chain and the transactions taking place therein to get so large that it is infeasible to contribute the computational power necessary to catch up, and it would just be better to mine bitcoins with that computational power anyway.

[betterunix]

Using the word "infeasible" like this is probably a bad idea, since in the crypto world it refers to problems that cannot be solved in polynomial time. Also, do not assume that controlling the transaction chain is "everything;" there may be some other part of the protocol that can be attacked, even if it is non-obvious.