> What if 50 different chains are presented in which no private keys are the same?
The chains share state right up until the fork point. Each fork gets resolved by the signatures linked to stakes that were already established in the last shared block.
> What will make them include a transaction proving they've committed fraud?
A staker/miner can chose to not include proof of his own wrongdoing, but that will not prevent others from creating an alternative fork which does have that proof.
> The chains share state right up until the fork point.
I’m not talking about forks. I’m talking about completely different, but valid, chains.
> A staker/miner can chose to not include proof of his own wrongdoing, but that will not prevent others from creating an alternative fork which does have that proof.
This brings us back to the initial problem: how do we agree on which chain is the canonical one?
Also, what’s the timeout on this event happening? Unless there’s a timeout — at which point a fork changing history is ignored — some transactions in the chain remain unsettled because a fork might appear which invalidates them (because they originated from coins that were staked by a now-proven-fraudulent staker).
> I’m not talking about forks. I’m talking about completely different, but valid, chains.
Typically block zero is signed by the developer of the client, so there is no such thing as completely different, but valid, chains, as there is always a fork point.
The chains share state right up until the fork point. Each fork gets resolved by the signatures linked to stakes that were already established in the last shared block.
> What will make them include a transaction proving they've committed fraud?
A staker/miner can chose to not include proof of his own wrongdoing, but that will not prevent others from creating an alternative fork which does have that proof.