how about this:
sig1 OP_0 sig1 sig2 SEPARATOR 2 pub1 pub2 2 checkmultisig pub1
hash compare checksig OP_CHECKHASHVERIFY OP_DROP
x is all the mess from the separator up to the hash(x)
the pub will be twice as long but at a const. length (the complex script can be as long is it needs)
an old client will always verify at least the first sig
Could use OP_DUP and such instead of the sig twice... but not too bad of an idea, actually! Addresses would end up a little long, but maybe not entirely unmanagable: 8TAwKxdJjw3tjdWJFhLg3PPnhaYFic1rHzDMTqmZukt1d2y8yFwEhAJndKcBM (length 61)sig1 OP_0 sig1 sig2 SEPARATOR 2 pub1 pub2 2 checkmultisig pub1
hash
x is all the mess from the separator up to the hash(x)
the pub will be twice as long but at a const. length (the complex script can be as long is it needs)
an old client will always verify at least the first sig
This is based on 1 byte version (= 5), 20 bytes "script hash", 20 bytes "script hash" XOR "first signature hash" (so you can't change one without changing the other...), and then the usual 4 bytes checksum.
