I made some changes to the draft. The merkleblock now has the auxiliary header information too.
There is a tradeoff between overhead and delayed transactions. Is 12.5% transactions being delayed to the next block unacceptable? Would adding padding transactions be an improvement?
Creating the "seed" transactions is an implementation headache.
Each node needs to have control over an UTXO to create the final transaction in the block that has the digest of the auxiliary header. This means that it is not possible to simply start a node and have it mine. It has to somehow be given the private key. If two nodes were given the same key by accident, then one could end up blocking the other.
On one end of the scale is adding a transaction with a few thousand outputs into the block chain. The signatures for locktime restricted transactions that spend those outputs could be hard-coded into the software. This is the easiest to implement, but would mean a large table of signatures. The person who generates the signature list would have to be trusted not to spend the outputs early.
The other end of the scale means that mining nodes need to include a wallets to manage their UTXO entry. Miners can split a zero value output into lots of outputs, if they wish.
A middle ground would be for nodes to be able to detect the special transactions and use them. A server could send out timelocked transactions that pay to a particular address but the transaction would be timelocked. The private key for the output would be known. However, miners who mine version 2 blocks wouldn't be able to spend them early.