I think we should ban tx malleability with the following approach:
1. Make anything except P2KH and multi-sig P2SH non-standard
2. Change the transaction version to 2.
3. Define the most significant bit of transaction version as "malleability bit"
4. If malleability bit = 0 AND version = 2, the following new rules are applied (with soft-fork). For other combinations, existing rules apply (ie. malleability is allowed.)
5. Use "low S" as malleability breaker in signature (e.g.
https://github.com/bitcoin/bitcoin/commit/e0e14e43d9586409e42919f6cb955540134cda2a )
6. For P2KH, the scriptSig must and must only push 2 values to the stake, without any other actions
7. For P2SH, the scriptSig must and must only push n values to the stake (in addition to the serialized script), for a n-or-m multisig.
8. Malleability is allowed for any non-standard tx even the malleability bit = 0.
Therefore, the user can choose whether they want to allow malleability. Any future protocol upgrade will use a new transaction version so the anti-malleability rules will not apply.
(p.s.
If I have learnt bitcoin earlier, I would have proposed a similar approach to the P2SH migration. The P2SH has created a permanent exceptional case in the interpretation of OP_HASH160, and that's now irreversible without a hardfork. I think a better way is to define a "P2SH bit" in the transaction version and let people to choose Sorry this won't work without adding further complexity. btw this is off-topic.)
