Secure key leasing (a.k.a. key-revocable cryptography) enables us to lease a cryptographic key as a quantum state in such a way that the key can be later revoked in a verifiable manner. We propose a simple framework for constructing cryptographic primitives with secure key leasing via the certified deletion property of BB84 states. Based on our framework, we obtain the following schemes. - A public key encryption scheme with secure key leasing that has classical revocation based on any IND-CPA secure public key encryption scheme. Prior works rely on either quantum revocation or stronger assumptions such as the quantum hardness of the learning with errors (LWE) problem. - A pseudorandom function with secure key leasing that has classical revocation based on one-way functions. Prior works rely on stronger assumptions such as the quantum hardness of the LWE problem. - A digital signature scheme with secure key leasing that has classical revocation based on the quantum hardness of the short integer solution (SIS) problem. Our construction has static signing keys, i.e., the state of a signing key almost does not change before and after signing. Prior constructions either rely on non-static signing keys or indistinguishability obfuscation to achieve a stronger goal of copy-protection. In addition, all of our schemes remain secure even if a verification key for revocation is leaked after the adversary submits a valid certificate of deletion. To our knowledge, all prior constructions are totally broken in this setting. Moreover, in our view, our security proofs are much simpler than those for existing schemes.

翻译：安全密钥租赁（亦称密钥可撤销密码学）允许我们将密码学密钥以量子态形式租赁，并能在事后以可验证的方式撤销该密钥。我们提出了一种通过BB84态的认证删除特性构建具备安全密钥租赁功能的密码学原语的简单框架。基于该框架，我们获得了以下方案：- 基于任意IND-CPA安全公钥加密方案、具备经典撤销机制的安全密钥租赁公钥加密方案。现有方案需依赖量子撤销机制或更强假设（如误差学习问题的量子困难性）。- 基于单向函数、具备经典撤销机制的安全密钥租赁伪随机函数。现有方案需依赖更强假设（如误差学习问题的量子困难性）。- 基于短整数解问题的量子困难性、具备经典撤销机制的安全密钥租赁数字签名方案。我们的构造采用静态签名密钥，即签名前后密钥状态几乎保持不变。现有方案需依赖非静态签名密钥或不可区分混淆来实现更强的复制保护目标。此外，即使攻击者在提交有效删除凭证后获取了用于撤销的验证密钥，我们所有方案仍保持安全性。据我们所知，所有现有方案在此场景下均完全失效。我们认为，本方案的安全性证明相比现有方案更为简洁。