Adjustment proposal for DAPOL+ tree

This proposal references the proof of liabilities tree detailed in [Generalized Proof of Liabilities](https://eprint.iacr.org/2021/1350) by Yan Ji and Konstantinos Chalkias (ACM CCS 2021). Regarding the topic of "Privacy of verifier identity" in section 4.4.3 The DAPOL+ tree was intended to be held by the exchange. The problem with the exchange holding this data is that they would know who is requesting inclusions proofs, and over time they might know the set of users who like to do verification which means they can potentially omit other users from the PoL without detection. There is the option of PIR as mentioned in the paper but the time complexity on this operation is high for both parties (actually not sure how high exactly, still need to read the papers on this one.. ). One way to solve the exchange-knows-which-users-verify issue is to make the tree public. With DAPOL+ as far as I can see the only information that would be leaked by a public tree is the number of users of the exchange; even over multiple PoLs it's not possible to track users since the hashes can made different by picking a different master key for each PoL. To solve this then I was thinking the following: - the users are currently bottom leaf nodes only, which puts [to any observer of the tree] an upper bound of `<num_leaf_nodes>` and a lower bound of `<num_leaf_nodes>/2` on the number of users - what if the tree was constructed by assigning users random points in the tree (not just bottom nodes), then peppering the tree with 0-commitment nodes in a random manner the same as the user nodes, and then adding padding nodes (have to assume that the NDM-SMT accumulator here) - the number of 0-commitment pepper nodes could be adjusted at the exchanges will to achieve whatever level of privacy required (the more nodes the more private) - the range proofs would be simpler too: the exchange would only need to give range proofs for all the leaf nodes (as long as the range proof upper bound is sufficiently less than the order of the group), and using Bulletproofs these can be combined into 1 range proof which would minimize proof size