DRAFT: interactive tx construction protocol

In a discussion on the Lightning-dev mailing list, ZmnSCPxj commented on the inclusion of UTXOs in Schnorr signatures for Lightning Network transactions. The motivation for including the UTXO is likely to avoid address reuse, as having two UTXOs with the same address and wanting to make two different channels with different peers could otherwise cause issues. However, having 2 UTXOs locked to the same public key will map to a single H2 value, which is used to flag UTXO reuse. With a PoDLE, a key for a UTXO is proven and the verifier checks that the key provided maps to controlling the UTXO attached to it. The inclusion of the UTXO in the signature commitment doesn't add anything to the security of the verification. At worst, it might leak what other UTXO the initiator controls if they accidentally commit to the wrong one and the peer tries grinding outpoints on the off-chance that one matches.