That's a very different attack than I was looking for; you've described a second preimage attack, which would be considered a fundamental weakness of the hash. I was looking for a protocol where a comparatively small amount of signed data (let's say less than 90 bits) is kept secret, but can potentially be brute-forced on an appropriate supercomputer.