[RC5] Do not forget about the cheaters :)

Décio Luiz Gazzoni Filho decio at revistapcs.com.br
Wed Jan 7 16:42:57 EST 2004

Hash: SHA1

On Wednesday 07 January 2004 19:24, groovyr at comcast.net wrote:
> >You can't base your calculation on Stats as of 05-Jan-2004
> >That day's high results were caused by holidays in some countries.
> >
> >Try another day ;)
> LOL so true and lets not forget all the blocks being sent in from hacked
> clients that are not actually doing the blocks but only what is needed to
> get a block accepted.

Indeed, but there is an anti-cheating system in place which should allow, by 
means of some very simple statistics (merely looking at the data, or if you 
want to be scientific, apply the chi-square test), to detect these cheaters 
and invalidate their accounts.

Unfortunately the system is far from fool-proof. Certain shortucts are 
possible which allow short-circuiting the work done by more than half (I'd 
say ~70% of work can be evaded without allowing detection even by the 
chi-square test).

But cheaters don't even need to be that sophisticated: AFAIK, there's no 
automated system to check for cheats, so unless some very blatant cheating is 
going on, it won't be noticed.

> When you see 2000+ units coming from 1 client per day (note: not one IP
> address but 1 client on 1 box) you know something is fishy since no one PC
> is fast enough to that. It makes me wonder why the clients are not
> watermarking the data at that level so we can see what a single client is
> doing.  (use the Ethernet MAC address of that box may be a good place to
> start.  perhaps encrypt it as well to make it not so easy to spot and
> change it in the stream send to proxy servers etc...)
> Because of the cheat clients (and yes they are out there and some have been
> caught but most have not)  There is a chance that RC5-72 will never be 
> solved even after all the key space has been used up  :)
> I think that duplicate keys should go out to different teams/clients in the
> hunt to find bogus blocks and catch the cheaters.  You would still get
> credit for doing the units but at least we would be able to catch cheaters.
> lets face it. RC5-72 is nothing more than a pissing match unlike like say
> folding at home and looking for a cure for cancer.   So people are much more
> inclined to cheat.

It needn't be that way. Some Stanford researchers published a paper at the RSA 
Conference 2001 (which, by the way, was already noticed by the guy who 
released the hacked client back then). It's available at


for anyone who cares about the gory details. For those who don't, in short, 
it's possible to detect cheaters with very high probability and minimal 
overhead. And it's easy to implement too, particularly considering the system 
that is currently in place.

Version: GnuPG v1.2.3 (GNU/Linux)


More information about the rc5 mailing list