At this stage I don't know enough about the Nxt protocol to comment - but fundamentally what we need to do is make sure that a Nxt tx is signed as a whole (so nothing is outside of what is signed apart from the sig) and that the sig itself cannot have an equivalent (with say leading zeroes).
Nxt transaction has the following format:64 bytes of the header
64 bytes of the signature
X bytes of the attachment
Before signing it looks:64 bytes of the header
64 zeros
X bytes of the attachment
All [64+64+X] bytes r signed and the signature is placed instead of the zeros.
PS: Ordinary payment is the only transaction that doesn't have an attachment.