This reposistory demonstrates that data integrity proof sign and verify operation times are bound to the size of the input data interpreted as RDF.
This is because data integrity proofs require some form of canonicalizaton, most commonly URDNA2015.
A clever attacker can ask a verifier expensive questions.
The verifier will be forced to cannonicalize before checking the signature.
This can cost the verifier a lot of compute time, for a proof that might not even verify.
See this twitter thread: just... sign... the... bytes...