The problem with proof of work things is that they kind of have the wrong kind of scarcity for this problem.
*someone legit wants to edit, takes them hours to be able to. (Which is not ideal)
Indeed, this isn't ideal, but its better than the current situation, and at least it is only a one-time thing.
*someone wants to abuse the system, spend a couple months before hand generating the work offline, use all at once for thousand strong sock puppet army. (Which makes the system ineffective at preventing abuse)
I mean, I know we have some crazy socks, but "spend a couple months" seems to me to indicate a fairly expensive attack. I imagine that this might be enough of a deterrence. If someone is willing to invest months of effort to sockpuppet on Wikimedia projects, I don't really think that there is anything we can do to stop them.
We could probably reduce this risk slightly as well by providing software that provides a GUI for generating the GPG keys for the user. This software could impose a high-rate limit on how often new keys are made. This could be easily worked around by anyone who knows how to make their own GPG keys, or has access to several computers, but it would stop a lot of would-be-sockpuppeteers.
Thank you, Derric Atzrott