Great work, thanks a lot for this!
To clarify for other readers (this took me a few min to figure out), the X axis of the chart is how many light clients there are, and the Y axis is the max number of light clients that can be fooled (ie. think the block is available) when the attacker is intent on making so much of the block unavailable that the block cannot be reconstructed from the published data.
The standard model says the attacker knows which requests came from which clients, so the attacker can always choose to respond to the queries of a few specific clients and fool them; in the extended model the individual requests are all anonymous (eg. via onion routing) so the only way the attacker can respond to enough requests of any individual validator to fool them is to respond to enough of everyone’s requests, but beyond a certain point that requires leaking enough data to reconstruct the block. Hence, in the extended model, if there’s more than ~2000 clients making requests, the number of clients you can fool (by satisfying all of their requests) without publishing enough data to recover the entire block starts rapidly dropping.