Why is this necessary at all? What's wrong with just having every node do its own proof-of-stake on the set of transactions it knows about?
All nodes must AGREE on the next block to make sure the block chain doesn't diverge. Bitcoin uses the lowest hash to decide what to agree on.
What's wrong with arbitrating between two different forks by accepting the one with the "better" proof-of-stake (compare hash divided by target for all competing forks)?
As a result bitcoin is centralized one block at a time.
I see what you're trying to say, but only because I think (earlier in this thread, or maybe somewhere else) you said that a single miner can "dictate" a block. This is true, but it's a strength, not a weakness. If you have some transaction T that a censor wants the network to permanently reject [1] [2] , with UNL it suffices for the censor to control some fraction of the UNL (maybe a majority, maybe a supermajority, maybe less -- need a simulation or detailed mathematical analysis to say for sure). With PoS, we can assume 50% of the PoS-power will accept T [3], so the probability that T is not included in any of the next n blocks is at most (1/2)^n, which of course rapidly goes to zero. Why allow a transaction censorship attack to succeed by compromising the UNL, when we can force them to meet the much higher bar of a 51% attack?
Bitcoin is also centralized by 10 mining pools which approve 90% of the blocks and just 2 or 3 are required for 51% or more of the blocks.
I thought that PoS is supposed to be resistant to this phenomenon, because it's much harder to accumulate a significant fraction of a cryptocoin in circulation than it is to pool mining hardware.
[1] For example, the censor is a democratic government who believes, through due process of law, including good evidence obtained by Constitutionally approved methods and presented to an impartial judge / grand jury, that this transaction should be suppressed because it will be used for some despicable criminal activity.
[2] For example, the censor is an oppressive government whose intelligence service wants to invade privacy on a global scale by data-mining every financial transaction performed by every person in the world, and believes that this transaction should be suppressed because it does not contain sufficiently detailed information for its data mining system to confidently identify the sender, recipient, and nature of the transaction. NB, technology cannot distinguish this case from [1].
[3] If 51% of nodes reject the transaction the censor wants to be rejected, then the censor has successfully carried out a 51% attack. Because a 51% attack on PoS system implies that 51% of the money agrees with the censor, I would say this situation is better described as "the network voluntarily complied with the censor's desired policy" than "the censor launched a successful attack".