A digital signature scheme is proposed in which a signer can sign messages using a one-time pair of signature keys. In this way, the scheme provides the signer with anonymity and untraceability with respect to the signature verifier but not to the certification authority.