You'd want to evolve an ever-changing benchmark that is as hostile as possible to specific hardware acceleration, and that can also be used as proof of work.
With regards to hardware acceleration a lot of people are of the opinion that a PoW function where ASICs can achieve significantly better performance than off-the-shelf computers is obviously superior to a PoW function where that is not true, like scrypt with appropriate parameters.
There are trade-offs with both approaches. ASICs-compatible PoW functions, provided that the 'good guys' have access to them, make it very difficult for an attacker to gain access to a lot of hashing power temporarily or quickly. For instance if you wanted to attack Litecoin you could rent or steal a pile of GPU computing power temporarily for a lot less cost than buying a bunch of Bitcoin ASIC hashing power outright, and renting or stealing Bitcoin hashing power isn't that easy. (although it is much easier than it should be...)
My guess is you only need to perform a temporary attack, like a 100 block deep re-org, to destroy the trust in the system permanently; you don't need to have the ability to sustain the attack indefinitely.