Depends on what the exact goal is. It only has to be derived in a way that's verifiable, so there's ways to shoehorn stuff into there. For example, you could generate a keypair, sign a transformation of the message, then derive the public key that corresponds to that signature and message+pubkey.
The generated keypair here isn't the keypair used for "identity", so it should still follow the original requirements, aside from cheating by "recovering" the public key.
Comments
https://bsky.app/profile/retr0.id/post/3lbfmjfhmpk2z
That said, we're firmly in "rolling our own crypto" territory here. It's probably horribly broken in some way that I don't know how to spot.