Which means infinitely better security than PoW. PoS is resistant to nothing at stake attack as long as at least one smallest stake is indefinitely honest in each block. It doesn't have to be the same, just so that there's no way for an attacker to achieve 100% at any one point. That's because the stakes of true owners have the same voting power, so they cancel.
To not cancel, the attacker has to own something in all histories, but now the cost is real. Even 0.1% of bitcoins is worth more than what ~17 days of mining power costs. He needs to own more than minimum stake of honest parties over all blocks.
The practicality of that is another matter, as is quality of existing implementations, but that's a much much more realistic requirement than using >half of all worldwide available energy for PoW.
If someone still thinks PoW is more secure, consider this: two countries are at war. One uses PoW currency, another one PoS, owned overwhelmingly by citizens from its creation.
Which currency system gets destroyed by the enemy country, wrecking their economy as a result?
Related point: which one is likely to be wealthier?
P.S. I think in practice all cryptocurrencies are driven purely by social consensus, with pow/pos/other as false rationalization for it. If bitcoin had serious problems due to the current pow algorithm (like: China nationalizes Chinese miners and starts enforcing some regulation worldwide, eg. only state-registered addresses allowed) users would fork fast, thus proving it's not really PoW. Same with PoS, but it's better as it avoids waste.
You completely misunderstand the security model if you think one honest stakeholder can prevent these attacks.
There is no concept of an honest stake holder in the eyes of the network, best they can do is try to estimate which history is the "true" history, however it is free to write a new history.
>To not cancel, the attacker has to own something in all histories
Why do you think this is difficult?
>Which currency system gets destroyed by the enemy country, wrecking their economy as a result?
This is a question of whether attacking PoW through expending energy is more expensive than attacking PoS through designing a program that takes advantage of known PoS flaws.
>P.S. I think in practice all cryptocurrencies are driven purely by social consensus
I'm sorry, but you clearly don't understand even the basics of distributed consensus if you think only social consensus and not a blockchain is necessary. I recommend looking into
Unfounded assertion. The security model is that the chain with most stake is valid. Whether it's stochastic or direct is only an implementation detail.
>There is no concept of an honest stake holder in the eyes of the network
Honest doesn't mean trusted. It just means he never uses that old stake to attack.
>Why do you think this is difficult?
Because owning enough to attack a large currency would be most likely impossible. A small one with few owners would cost at least orders of magnitude more than attacking pow for equivalent size.
>you think only social consensus and not a blockchain is necessary.
That's apples to oranges. Consensus here concerns order of data, not its organization as blockchain.
Regarding algorithm, in fact given how centralized bitcoin in practice is, you could replace all mining by a small set of signers - Gregory Maxwell. He timestamps blocks and everyone trusts him, as long as no contradictory or wrong blocks appear. If they appear, users are to go to r/bitcoin, r/btc and bitcointalk to find out what to do. Which is what happened and is going to happen in case of problems and major upgrades anyway.
There's no negative difference in security; miners' investment costs could be emulated by a collateral deposited in a Swiss bank by the bitcoin users. Which would be way safer than collateral in the form of hardware under direct control of Chinese government. Greg would get interest on that sum as long as he signs and not contradicts.
Actual bitcoin's energy costs are so small as to be worthless for security. 10 blocks cost at most $50k. Just multiply block reward by 10 and rationally assume miners don't mine at loss. 10 blocks is more than enough to deposit, exchange for something else and withdraw that. PoW's supposed energy-based security is so broken it's hilarious. Even shitty actually implemented PoS (ie. Nxt) are like aes to pow's rot13. Bitcoin is really proof-of-collateral, the collateral being asics.
There's a potential positive difference to timestamper-proof however - it's in principle possible to delete keys used for older blocks, so if they were really deleted, the chain upon that point would be eternally safe (assuming signing mechanism itself isn't broken).