Verifying the dismantlement of nuclear warheads will require reconciling two conflicting objectives: the desire of the monitoring party to insure that the objects slated for dismantlement are bona fide warheads of the declared type, and the desire of the monitored party to protect sensitive information about the design of the warhead. A possible solution would involve visiting a deployment site on short notice and randomly selecting a given number of warheads for dismantlement. The warheads would then be placed in tagged, sealed containers for transport to the dismantlement facility, where the integrity of the tags and seals would be verified. If the number of warheads to be dismantled is a small fraction of the entire inventory, then the monitoring party would be reasonably sure that the warheads are genuine, for the only way the monitored party could defeat the scheme would be to deploy large numbers of fake warheads. Still, the process of on-site tagging and sealing for each warhead is tedious, and the monitored party would have no assurance that all the warheads were genuine, since the monitored party could easily replace 10 or 20 percent of the warheads slated for dismantlement with decoys. A much better solution would involve gathering only a small sample of warheads during an initial random on-site inspection and establishing a unique “fingerprint” or signature for this warhead type.