When choosing a trust model for a blockchain, we can think of an Internal Security model as requiring some entity already inside the network to help validate and mark transactions as permanent. Likewise, an External Security model allows those who are not already members of the network to participate in this process and does not take group membership into account when deciding whether or not such work is considered valid. In this case, PoS uses an Internal Security model, and PoW provides an External Security model.
It necessarily follows that a Cryptocurrency using an External Security model must spend substantially more directly on security as you need to include both the upside to cooperation and the downside to defection as an explicit reward for the resources expended. On the other hand, an Internal Security model can decide to spend a smaller amount on the explicit upside of compliance while levying a more substantial downside for defecting.
As long as the upside reward is larger than the opportunity cost of tying up resources in a security bond, the effective security of a properly implemented Internal Security model should both be more effective and less expensive than an equivalent Cryptocurrency with an External Security model.
In addition, it’s entirely feasible to have multiple, viable, smaller networks that use an Internal Security model, while a smaller network that uses an External Security model must rely on not being too threatening to a larger network in order to survive.
As an example, at current hashing prices, you could rent enough power to perform a 51% attack on smaller PoW based Cryptocurrencies for a few hours, for several thousand dollars. However, if you wanted to do the same to an appropriately implemented PoS Cryptocurrency, you would likely spend millions of dollars when attempting to buy up 51% of the available tokens. The end result is that such an attack will wildly enrich more than half of the owners of the PoS Cryptocurrency, likely earning more than the entire previous market cap. On the other hand, the owners of the PoW Cryptocurrency will only be subject to loss of value.
If we can assume a 51% attack is in progress against either type of Cryptocurrency, we can also see what options each type of system has available to them. In a PoW Cryptocurrency you have no fundamental method of determining where hashing power is coming from. There are likely limited ways in which you could try to block a coordinated attacker initially, but you would end up playing “Whac-a-Mole” trying to guess which valid blocks are coming from the nefarious source. On the other hand, in a PoS Cryptocurrency, you can tell to a much greater degree of certainty which parties have been creating and contributing to the malicious blocks.
While it would be unprecedented move in the Cryptocurrency community so far, it doesn’t necessarily seem like it should be controversial to remove obviously bad actors from the system by marking their stake as invalid, assuming they’re preventing the rest of the network from coming to a valid consensus. This would still be done in an effectively decentralized manner because the remaining stakeholders would all have to agree to abide by the new rules.
While it’s a reaction that should never be taken lightly, having the option to blacklist a portion of the network, if they’re actively attacking it, is better than being powerless to stop a sustained attack against a well-funded adversary.
Taking the above as a given, it seems clear that if we can be confident in the security model provided by PoS Cryptocurrencies, we should highly prefer a PoS model to a PoW model, all things being equal. In none of the scenarios presented above, does PoW (in theory) provide a higher amount of security per dollar spent or allow you to be as flexible in the face of an attack.
That isn’t to say PoS isn’t without it’s drawbacks (it’s still an unproven model; more on that in this post by Vitalik Buterin), but it does stand to question that there is potentially huge upside to proving a PoS system in the wild.
The key to all these cases is that we do, of course, need an incentive system in place to garner correct outcomes. This incentive should provide outcomes (in the Game Theory sense) that encourage honest participation. In PoW, you’re providing an incentive to expend resources and attach them to your claim. In PoS, you’re providing an incentive to temporarily park an asset and providing proof of such in your claim. These differences in source of incentive lead to the much different outcomes described above.