Tumblebit Puzzle Contract

Tumblebit puzzle transaction as proposed in the Tumblebit white paper.
Alice can insert a 0 (false) in the scriptSig to choose to enter through the else branch and recover her money after the expiry date, if Bob has not been paid.
Tumbler can insert a 1 (true) in the scriptSig to choose to enter through the if branch and send the money to Bob, Bob having supplied the solution to the puzzle.

Use case:
Alice wants to send money to Bob via Tumbler, an untrusted anonymous payment hub.
In the escrow phase, Alice sends money to the P2SH Tumblebit Puzzle address.
The contract contains the hashes hi of 15 secret preimages (ki) that must be revealed by Tumbler for Tumbler to get paid.
Bob can collect his payment by using the solution to the Tumblebit puzzle found by Alice.
The solution is in the form of a symetric encryption key used by Tumbler to encrypt his signature over a transaction paying Bob.
If Tumbler fails to collect his payment before the expiry time, Alice can collect her refund.

scriptPubKey::
IF
RIPEMD160 <h1> EQUALVERIFY
...
RIPEMD160 <h15> EQUALVERIFY
<TumblerPubkey> CHECKSIG
ELSE
<expiry time> CHECKLOCKTIMEVERIFY DROP
<AlicePubkey> CHECKSIG
ENDIF

scriptSig (before expiry): <Tumbler signature> <k15>..<k1> TRUE
scriptSig (after expiry): <Alice signature> FALSE

Example:

k1-secret: "a", k2-secret: "b", ..., k14-secret: "n", k15-secret: "o"
ki = RIPEMD160(ki-secret)
hi = RIPEMD160(ki)

Expiry: 2016-11-24 08:56:00 UTC

Alice Public Key: 023927B837A922696836E26399F759965328437F93AAFAF3E02767D22860C0FBA7

Tumbler Public Key: 02259B57015E60DE464E1D83C375BDD01D272290C51CEDE0B794301DE1B7770C7B

Tumblebit Puzzle Contract Address: 36mVdtCTQz2dMbHEUAAMYkX6UjZq5u2xLG