Traditional digital signatures guarantee that no one without the private key can sign. We present behavior-bound signatures (BBS), the first signature scheme in which even the private-key holder cannot sign messages that violate a self-imposed behavioral policy -- a paradigm shift from unrestricted signing capability to cryptographically self-restricted signing capability. The core mechanism embeds a zero-knowledge proof inside each signature, attesting that the signed action satisfies a policy constraint delta(x) < epsilon committed at key generation. If the action violates the policy, no valid signature exists -- not because the signer refuses, but because the ZK constraint system is unsatisfiable. We formalize policy-soundness (PS-CMA), a security model strictly stronger than EUF-CMA: an adversary wins by producing either an identity forgery or a compliance forgery (a valid signature on a non-compliant action). We prove PS-CMA security under standard assumptions (Pedersen binding, Poseidon collision resistance, Bulletproofs/PLONK soundness) and show that the compliance filter rejects all non-compliant actions even under full Byzantine control (f <= n-1) -- decoupling compliance safety from honest-quorum requirements. We motivate the framework with autonomous AI agents, providing the first cryptographic guarantee that a compromised agent cannot exceed its authorized behavioral envelope. CCS Concepts: Security and privacy -- Digital signatures; Zero-knowledge protocols; Computing methodologies -- Autonomous agents. Keywords: behavior-bound signatures, policy-soundness, zero-knowledge proofs, AI agent safety, compliance filter
Y.Y.N. Li (Thu,) studied this question.