Unfortunately, version 0.1 design is broken.  The assumption that Alice's probability of successfully cheating is 1/(n+m choose n) is incorrect.  It's in fact (n choose one), os simply 1/n.  Thanks to gmaxwell for noticing that the use of NUMS points for proving proper execution by alice is irrelevant, since bob will end up choosing a single index 'j' from the remaining n.  What's more, we could forgo the use of NUMS and just use valid Bob pubkeys, as there's no harm to Alice in disclosing {non-}sighash preimages that are not going to be used anyway.
A useful tweak to the protocol would make it so /any/ of the n real tweaked pubkeys are useful for DL disclosure, rather than just one chosen by Bob.