Seems like this would preclude viability for a soft fork upgrade, as old clients will always need to see the public key and verify an ECDSA signature, correct?
To be soft-fork compatible, you’d need the verifier to require a proof of BIP32 hardened key derivation at least. If the verifier accepts proof of public key knowledge (plus an ECDSA signature), this would be vulnerable to CRQC if instantiated as a soft fork. As soon as the pubkey is revealed any CRQC could forge the same proof and signature.