Disclaimer: I do not have a security proof for this scheme. Criticisms are welcome.
To simplify the notation, I'm calling the two (private, public) key pairs $(a, A = a\cdot G)$ and $(b, B = b\cdot G)$ on the base point $G$. Lowercase letters are scalars, uppercase letters are EC points. $H_s()$ means hash and reduce (mod the order of $G$) to a scalar. All operations between scalars (such as subtraction and multiplication) are mod the order of $G$.
First, declare $D = a\cdot b\cdot G$.
let $m = H_s(\text{"message being signed"})$ as a one-time message that will prevent reuse of this signature across contexts.
To prove $D$ really is constructed properly, use an extended Schnorr signature:
Signature is $(D, c, r)$ where $k$ is a random scalar, $c = H_s(m \mathbin\| k\cdot G \mathbin\| k\cdot B)$ and $r = k - c\cdot a$.
Signature is verified by checking $c \overset{?}{=} H_s(m \mathbin\| r\cdot G + c\cdot A \mathbin\| r\cdot B + c\cdot D)$ and by checking $D$ is a valid point and not the point at infinity.
This proves both that $a$ is known, and that $a$ is both the private key of the point $A$ on the generator point $G$, and also the private key of the point $D$ on the generator point $B$. Therefore $D$ is proven to be $a\cdot b\cdot G$.
Finally, we need to produce a second signature proving that someone knows both $a$ and $b$. We can do that by proving knowledge of the private key of point $D$ on the base point $G$ (thus proving knowledge of $a\cdot b$).
Signature is $(c', r')$ where $k'$ is a random scalar, $c' = H_s(m \mathbin\| k'\cdot G)$ and $r' = k' - c'\cdot a\cdot b$.
Signature is verified by checking $c' \overset{?}{=} H_s(m \mathbin\| r'\cdot G + c'\cdot D)$.
If Alice were to collude with Eve without Eve disclosing $b$, Alice would have to disclose her private key $a$ to Eve. Knowledge of $k'$ by either colluder would allow that colluder to calculate the other colluder's private key. The security of this scheme depends on it not being mathematically possible for Alice to somehow collude with Eve to construct $r'$ such that either Alice or Eve could then mathematically determine the other's private key.
The overall signature is therefore $(D, c, r, c', r')$ and is $5\cdot 32 = 160$ bytes.