Write a proposal for PK handshake that uses more client resources than server.
Our current handshakes (TLS, TAP, ntor, and ) all have resource asymmetries: a client can send junk with very little effort, and thereby cause a server to spend more CPU. We could instead look for ways to make sure that a client cannot force servers to spend X resources without themselves spending something in vicinity of X resources.