This appears to be essentially how Noise works too. The sender creates a shared MAC key using ECDH in a way that allows the receiver to obtain it and confirm it came from the genuine sender (assuming the proposed protocol works as intended). That shared MAC key is then used to authenticate the ciphertext. Since only the sender and receipient can obtain that key, the receipient can verify the message is signed so long as they know their private key isn't compromised, but they can't prove it to anyone else because they have all the information needed to fake a valid message of their choice.