I think you are all missing the point a little. The concern is not cheating but undetectable cheating.
Bad guy can mask his behaviour pretty easily
Really? My guess is that any of these strategies would differ drastically from the typical miner. Your statistics may show differently, but I'm guessing most people who bother to use a mining pool leave their clients running pretty steadily in at least large chunks (if not 24/7), rather than connecting and disconnecting all the time. All of the cheating strategies require disconnecting early, a behaviour that can be distributed but not masked by using multiple anonymous accounts--at any meaningful degree of exploitation, a significant proportion of those clients have to be in at the beginning of each round, with that
same client disconnecting consistently before the end. The only portion of the attack that can be masked through multiple accounts is the obtaining of statistics on the beginning of each round, which is not behaviourally necessary to identify the cheating signature. Detection code consists of the following:
1. Record connected/disconnected periods using getwork requests,
not submitted shares (presumably already done based on your leaderboard's online/offline capability)
2. Implement minimum send threshold of .5 bitcoins, or similar amount of value as the bitcoin exchange rate and network hashrate both grow.
3. On send/payout of any account, calculate the average in and out times across blocks worked on by each worker, compared to the overall average.
4. If times are notably shifted towards the cheating strategy once, send the following email:
Dear user, the server has detected that your worker account "X" is frequently connecting and disconnecting at odd times. Perhaps there is a problem with your client software or internet connection? Since it exists to reduce the variance of the mining process for a large group of people, pooled mining works best when your client is connected for longer periods at a time, or consistently during regular periods of the day and week. If you are unable to connect your client consistently, perhaps pooled mining is not for you. Should the problem persist, the next payout from that worker may be held by the server until you have an opportunity to resolve it. Thank you for your cooperation!
If it happens again, do what you said but be willing to give someone one more chance if they can come up with a reasonable explanation for their mining client's bizarre behaviour.
...and then, because the only way to get around
this method of cheat detection is to use accounts once and then burn them at an incredible rate....
5. Implement captcha on account and worker registration.
Problem solved!
Keep in mind that for any of these attacks to work the cheater has to *consistently* be in at the beginning of each round (and I mean the very beginning, because even a short delay or randomisation will significantly impact the profits through loss of short blocks) and avoid the really long ones at all costs (because going all the way to the end with any kind of consistency, again, wipes out that edge very fast). And I fail to see how this behaviour can be masked across any combination of accounts, because no legitimate user is going to
randomly be connected at the precise beginning of
every single round and then
never stay connected to the end of a long block.
For any given detection code in step 4 above you can calculate both the chance of accidentally catching someone who's not trying to cheat and the maximum margin of cheating possible--you'll see what I mean pretty quickly. As an example, if you're up for it Raulo or Ryo, try calculating these for detection code that flags workers whose average time logging
in a worker for the first time (as opposed to just continuing from the end of a previous block) is < 5 minutes after a round begins, and average time
out for good on a round is < 25 minutes later in it. You'll notice that the cheating edge is blown away by trying to beat the detection filter, yet the probability of a user randomly obtaining these stats by accident is redonkulous. Am I drastically missing a strategy here?
Sincerely,
eMansipater