in the Discord discussion where I found this forum thread (and which I hope you’ll copy here ), @str4d was unsure whether this is the case. (unless your plausible conjectures include that a quantum adversary can’t gain advantage in “singe-target many-base situations”.)
also note that in practice, addresses largely won’t remain secret. even if the parties take the effort to use end-to-end encrypted channels (Element, Signal, Threema, etc.) instead of regular channels (email, Twitter DM, etc.) to communicate the address, the encryption of the former is the same encryption a quantum adversary can break. right now all the adversary needs to do is capture internet traffic and store it until they gain quantum computational capabilities. once that happens, they can recover Zcash addresses from the traffic, and combine this knowledge with the contents of the Zcash blockchain to recover transaction information. according to str4d (see the above link), even with this they can only recover the output note value and memo field content of incoming transactions, which is insufficient for deanonymizing the transaction graph.
but if you want to make the work of a future quantum adversary harder, not publishing addresses is not enough. you have to communicate addresses either:
- in person/offline, or
- through an online channel that’s end-to-end encrypted with post-quantum encryption (almost non-existent for now).