Paper 2020/1314

Secure Software Leasing from Standard Assumptions

Fuyuki Kitagawa, Ryo Nishimaki, and Takashi Yamakawa


Secure software leasing (SSL) is a quantum cryptographic primitive that enables an authority to lease software to a user by encoding it into a quantum state. SSL prevents users from generating authenticated pirated copies of leased software, where authenticated copies indicate those run on legitimate platforms. Although SSL is a relaxed variant of quantum copy protection that prevents users from generating any copy of leased softwares, it is still meaningful and attractive. Recently, Ananth and La Placa proposed the first SSL scheme. It satisfies a strong security notion called infinite-term security. On the other hand, it has a drawback that it is based on public key quantum money, which is not instantiated with standard cryptographic assumptions so far. Moreover, their scheme only supports a subclass of evasive functions. In this work, we present SSL schemes that satisfy a security notion called finite-term security based on the learning with errors assumption (LWE). Finite-term security is weaker than infinite-term security, but it still provides a reasonable security guarantee. Specifically, our contributions consist of the following. - We construct a finite-term secure SSL scheme for pseudorandom functions from the LWE assumption against quantum adversaries. - We construct a finite-term secure SSL scheme for a subclass of evasive functions from the LWE assumption against sub-exponential quantum adversaries. - We construct finite-term secure SSL schemes for the functionalities above with classical communication from the LWE assumption against (sub-exponential) quantum adversaries. SSL with classical communication means that entities exchange only classical information though they run quantum computation locally. Our crucial tool is two-tier quantum lightning, which is introduced in this work and a relaxed version of quantum lighting. In two-tier quantum lightning schemes, we have a public verification algorithm called semi-verification and a private verification algorithm called full-verification. An adversary cannot generate possibly entangled two quantum states whose serial numbers are the same such that one passes the semi-verification, and the other also passes the full-verification. We show that we can construct a two-tier quantum lightning scheme from the LWE assumption.

Note: Minor typo fixing and publication information. Fixed minor issues in Sec 1.5 and 3.2.

Available format(s)
Publication info
A minor revision of an IACR publication in TCC 2021
secure software leasinglearning with errorsclassical communication
Contact author(s)
ryo nishimaki @ gmail com
ryo nishimaki zk @ hco ntt co jp
fuyuki kitagawa yh @ hco ntt co jo
takashi yamakawa ga @ hco ntt co jp
2022-02-21: last of 4 revisions
2020-10-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fuyuki Kitagawa and Ryo Nishimaki and Takashi Yamakawa},
      title = {Secure Software Leasing from Standard Assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1314},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.