Secure key leasing (a.k.a. key-revocable cryptography) enables us to lease a cryptographic key as a quantum state in such a way that the key can be later revoked in a verifiable manner. We propose a simple framework for constructing cryptographic primitives with secure key leasing via the certified deletion property of BB84 states. Based on our framework, we obtain the following schemes. - A public key encryption scheme with secure key leasing that has classical revocation based on any IND-CPA secure public key encryption scheme. Prior works rely on either quantum revocation or stronger assumptions such as the quantum hardness of the learning with errors (LWE) problem. - A pseudorandom function with secure key leasing that has classical revocation based on one-way functions. Prior works rely on stronger assumptions such as the quantum hardness of the LWE problem. - A digital signature scheme with secure key leasing that has classical revocation based on the quantum hardness of the short integer solution (SIS) problem. Our construction has static signing keys, i.e., the state of a signing key almost does not change before and after signing. Prior constructions either rely on non-static signing keys or indistinguishability obfuscation to achieve a stronger goal of copy-protection. In addition, all of our schemes remain secure even if a verification key for revocation is leaked after the adversary submits a valid certificate of deletion. To our knowledge, all prior constructions are totally broken in this setting. Moreover, in our view, our security proofs are much simpler than those for existing schemes.

翻译：安全密钥租赁（又称密钥可撤销密码学）允许我们以量子态形式租赁密码学密钥，并能在事后以可验证方式撤销该密钥。我们提出一种基于BB84态可验证删除特性的简单框架，用于构建具备安全密钥租赁功能的密码学原语。基于该框架，我们实现了以下方案：- 基于任意IND-CPA安全公钥加密方案、具备经典撤销机制的安全密钥租赁公钥加密方案。现有方案均依赖量子撤销机制或更强假设（如误差学习问题的量子困难性）。- 基于单向函数、具备经典撤销机制的安全密钥租赁伪随机函数。现有方案依赖更强假设（如误差学习问题的量子困难性）。- 基于短整数解问题量子困难性、具备经典撤销机制的安全密钥租赁数字签名方案。本方案采用静态签名密钥，即签名前后密钥状态几乎不变。现有方案或依赖非静态签名密钥，或需借助不可区分混淆来实现更强的复制保护目标。此外，即使攻击者在提交有效删除凭证后获取撤销验证密钥，我们所有方案仍保持安全性。据我们所知，所有现有方案在此场景下均完全失效。我们认为，本方案的安全性证明较现有方案更为简洁。