You could design your savefile similar to a git-repo. Don't override everything but instead save the whole history. Since you are planing a plausibility check anyway, the single 'commits' could be signed by all participating clients.
When a client joins the network, all other clients get the savefile and judge its validity based on the signatures and maybe some deeper plausibility checks. If they have a doubt, they would refuse the user to join.
There are some disadvantages:
The management of the trust relations. If I have a few clients under control, I could still forge a savefile with valid signatures.
The savefile can grow large. However, you'll only need it when joining, afterwards the last state is sufficient to hold in memory. One could also have some server-signed 'commits' in the chain, then you only have to submit the chain back to this commit.