# Input: <signature> <pubkey> <preimage> <serialized_output>
# Stack: [<signature>, <pubkey>, <preimage>, <serialized_output>]

1. OP_DUP                     # Duplicate serialized_output
2. OP_HASH160                # Hash to get address (RIPEMD160(SHA-256))
3. OP_DUP                    # Duplicate address hash
4. <secure_prefix>           # Push prefix for secure (e.g., PQC) address
5. OP_CAT                    # Concatenate address hash with prefix
6. <secure_full_hash>        # Push expected secure address hash
7. OP_EQUALVERIFY            # Verify output is secure
8. OP_ROT                    # Bring preimage to top
9. OP_HASH256                # Apply SHA-256 twice
10. <vulnerable_hash>        # Push expected double-SHA-256 of vulnerable data
11. OP_EQUALVERIFY           # Verify preimage matches vulnerable origin
12. OP_SWAP                  # Bring pubkey to top
13. OP_CHECKSIG              # Verify signature OP_DUP OP_HASH160 OP_DUP <secure_prefix> OP_CAT <secure_full_hash> OP_EQUALVERIFY OP_ROT OP_HASH256 <vulnerable_hash> OP_EQUALVERIFY OP_SWAP OP_CHECKSIG