Interesting, thanks. I see the problem, but this paper takes as a given that individuals can introduce transactions that tilt the system in their favor. I can't immediately see a solution to this, but I don't think it's necessarily impossible.

An additional problem I just thought of, however, is that there will be some number of stakeholders that leave the network, lose their keys, etc., and there is a chance that they are the only ones chosen to sign a given history extension. So there has to be some way to recover from this, while still being resistant to denial-of-service attacks.