You completely misunderstand the security model if you think one honest stakeholder can prevent these attacks.
There is no concept of an honest stake holder in the eyes of the network, best they can do is try to estimate which history is the "true" history, however it is free to write a new history.
>To not cancel, the attacker has to own something in all histories
Why do you think this is difficult?
>Which currency system gets destroyed by the enemy country, wrecking their economy as a result?
This is a question of whether attacking PoW through expending energy is more expensive than attacking PoS through designing a program that takes advantage of known PoS flaws.
>P.S. I think in practice all cryptocurrencies are driven purely by social consensus
I'm sorry, but you clearly don't understand even the basics of distributed consensus if you think only social consensus and not a blockchain is necessary. I recommend looking into
Unfounded assertion. The security model is that the chain with most stake is valid. Whether it's stochastic or direct is only an implementation detail.
>There is no concept of an honest stake holder in the eyes of the network
Honest doesn't mean trusted. It just means he never uses that old stake to attack.
>Why do you think this is difficult?
Because owning enough to attack a large currency would be most likely impossible. A small one with few owners would cost at least orders of magnitude more than attacking pow for equivalent size.
>you think only social consensus and not a blockchain is necessary.
That's apples to oranges. Consensus here concerns order of data, not its organization as blockchain.
Regarding algorithm, in fact given how centralized bitcoin in practice is, you could replace all mining by a small set of signers - Gregory Maxwell. He timestamps blocks and everyone trusts him, as long as no contradictory or wrong blocks appear. If they appear, users are to go to r/bitcoin, r/btc and bitcointalk to find out what to do. Which is what happened and is going to happen in case of problems and major upgrades anyway.
There's no negative difference in security; miners' investment costs could be emulated by a collateral deposited in a Swiss bank by the bitcoin users. Which would be way safer than collateral in the form of hardware under direct control of Chinese government. Greg would get interest on that sum as long as he signs and not contradicts.
Actual bitcoin's energy costs are so small as to be worthless for security. 10 blocks cost at most $50k. Just multiply block reward by 10 and rationally assume miners don't mine at loss. 10 blocks is more than enough to deposit, exchange for something else and withdraw that. PoW's supposed energy-based security is so broken it's hilarious. Even shitty actually implemented PoS (ie. Nxt) are like aes to pow's rot13. Bitcoin is really proof-of-collateral, the collateral being asics.
There's a potential positive difference to timestamper-proof however - it's in principle possible to delete keys used for older blocks, so if they were really deleted, the chain upon that point would be eternally safe (assuming signing mechanism itself isn't broken).