To those with a bit more knowledge, I got just a shower thought: what if you commit, in addition to an ECDSA public key, to a long secret phrase in a P2(W)SH transaction, like in a HTLC? Would this approach also be vulnerable to quantum computing or improve the security? It could be an option for cold wallets if it works. But I probably am missing something because that would be a quite low hanging fruit ...
Not an expert in such particular details. My first thoughts regarding this additional long secret are: you have to validate it to unlock and you can't place the long secret into the unlock condition, so it must be hashed. Now, is the hash function quantum-resistant? If not, you don't gain security, so it doesn't make sense to waste space for the "alternative" unlock condition.
Excessively large quantum-resistant signatures don't make sense and the solution can't realy be to blow up block space by a similar factor. I would expect that a choice would be made rather towards FALCON or similar sized things than towards SPINCS+ or other space-hogs.
How do you check quantum-resistant algorithms when we currently have pretty much very inferior quantum computers with puny numbers of qubits which additionally don't have impressive coherence life times?
This is more a rhetorical question.