Onionbalance Security Analysis

Write a quick threat model / security analysis for Onionbalance, stating what it brings (or does not bring) in terms of security.

One good aspect to highlight is that it can offer a practical solution to reduce the attack surface in the long-term .onion identity key, since only the frontend/publish nodes need to have access to it. So Onionbalance is not just about load balancing, but also separation of concerns/isolation. And until offline keys is supported, that's the best and easier approach to reduce the attack surface on these keys.

The Vanguards' security analysis may be a good source of inspiration for such document, in terms of structure and content.