Paper 2023/1640

Quantum Key Leasing for PKE and FHE with a Classical Lessor

Orestis Chardouvelis, Carnegie Mellon University
Vipul Goyal, Carnegie Mellon University & NTT Research
Aayush Jain, Carnegie Mellon University
Jiahui Liu, Massachusetts Institute of Technology

In this work, we consider the problem of secure key leasing, also known as revocable cryptography (Agarwal et. al. Eurocrypt' 23, Ananth et. al. TCC' 23), as a strengthened security notion of its predecessor put forward in Ananth et. al. Eurocrypt' 21. This problem aims to leverage unclonable nature of quantum information to allow a lessor to lease a quantum key with reusability for evaluating a classical functionality. Later, the lessor can request the lessee to provably delete the key and then the lessee will be completely deprived of the capability to evaluate the function. In this work, we construct a secure key leasing scheme to lease a decryption key of a (classical) public-key, homomorphic encryption scheme from standard lattice assumptions. Our encryption scheme is exactly identical to the (primal) version of Gentry-Sahai-Waters homomorphic encryption scheme with a carefully chosen public key matrix. We achieve strong form of security where: * The entire protocol (including key generation and verification of deletion) uses merely classical communication between a classical lessor (client) and a quantum lessee (server). * Assuming standard assumptions, our security definition ensures that every computationally bounded quantum adversary could only simultaneously provide a valid classical deletion certificate and yet distinguish ciphertexts with at most negligible probability. Our security relies on the hardness of learning with errors assumption. Our scheme is the first scheme to be based on a standard assumption and satisfying the two properties mentioned above. The main technical novelty in our work is the design of an FHE scheme that enables us to apply elegant analyses done in the context of classically verifiable proofs of quantumness from LWE (Brakerski et. al.(FOCS'18, JACM'21) and its parallel amplified version in Radian et. al.(AFT'21)) to the setting of secure leasing. This connection leads to a modular construction and arguably simpler proofs than previously known. An important technical component we prove along the way is an amplified quantum search-to-decision reduction: we design an extractor that uses a quantum distinguisher (who has an internal quantum state) for decisional LWE, to extract secrets with success probability amplified to almost one. This technique might be of independent interest.

Note: Minor revisions to improve the parameters used in the construction. Revised the proof for Theorem 10.6; added new section 5.2.1 to help with the proof.

Available format(s)
Publication info
quantum cryptographyunclonable cryptographyuncloneable cryptographysecure key leasingquantum copy protection
Contact author(s)
orestis @ cmu edu
vipul @ cmu edu
aayushja @ andrew cmu edu
jiahuiliu crypto @ gmail com
2024-03-05: last of 5 revisions
2023-10-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Orestis Chardouvelis and Vipul Goyal and Aayush Jain and Jiahui Liu},
      title = {Quantum Key Leasing for {PKE} and {FHE} with a Classical Lessor},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1640},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.