(no title)

This technically allows for an emergency measure in case ECC is broken by a quantum computer:

The [unknown] public key becomes the private key. The signature becomes a ZKP of this key. I believe this has been proposed before as well.

The signature sizes are going to be a big problem is this scenario however, consensus may actually do something up to alleviate this in extremis. And also the people who have coins in addresses for which the public keys are known will be screwed, but then that's how everyone will know there is a problem - it's unlikely early cryptoraphically-relevant quantum computers (CRQC) will be able to front-run bitcoin transactions.