Hi Johnson,
Thanks for the review. I do agree that OP_COSHV (note the pluralization -- it would also be possible to do a OP_COHV <index> <hash> to do specific outputs).
I think the point of OP_COSHV is that something like ANYPREVOUT is much more controversial. OP_COSHV is a subset by design. The IF on ANYPREVOUT is substantial, discussion I've seen shows that the safety of ANYPREVOUT is far from fully agreed. (I'll respond to your other email on the subject too). OP_COSHV is also proposed specifically as a congestion control mechanism, and so keeping it very easy to verify and minimal data (optimizations allow reducing it to just OP_COSHV with no 32 byte argument) suggest this approach is preferable.
In an earlier version, rather than have it be the first input restriction, I had implemented it an an only one input restriction. This makes it easier to work with SIGHASH_SINGLE. This works by having the PrecomputedData have a atomic test_flag. However I felt that the statefulness between verifications was not great and so I simplified it.
There actually is a reason to require minimal push -- maybe we can change the rule to be non-minimal pushes are ignored, because we can later extend it with a different rule. This seems a little error prone. There's also no reason to not just treat OP_COSHV as a pushdata 32 itself, and drop the extra byte if we don't care about versioning later.
Requiring a signature actually makes COSHV less useful. So I'm against that -- such a signature prevents using OP_COSHV for non-interactive setups/uncoordinated setups where the txids are unstable. It also makes building the trees more expensive. If you want this feature, a better thing to do would be to always tweak leaf nodes of the tx tree entropy so that it's unique per key and doesn't impose extra data at every node, only the leafs of the expansion tree.