~
I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches, so was looking to avoid this. Is the simplest method to just hash the revealed components one more time, withholding one of the inputs?
Is there a reason you have to reveal the entire message right away? In your scenario, you could first simply reveal Y (partially) & Z. Then, when proof is needed, you can reveal Y in full, and X to verify and confirm the signature. That way, there is no real chance of an "attacker" finding X ahead of time.