We introduce the notion of public key encryption with secure key leasing
(PKE-SKL). Our notion supports the leasing of decryption keys so that a leased
key achieves the decryption functionality but comes with the guarantee that if
the quantum decryption key returned by a user passes a validity test, then the
user has lost the ability to decrypt. Our notion is similar in spirit to the
notion of secure software leasing (SSL) introduced by Ananth and La Placa
(Eurocrypt 2021) but captures significantly more general adversarial
strategies. In more detail, our adversary is not restricted to use an honest
evaluation algorithm to run pirated software. Our results can be summarized as
follows:
1. Definitions: We introduce the definition of PKE with secure key leasing
and formalize security notions.
2. Constructing PKE with Secure Key Leasing: We provide a construction of
PKE-SKL by leveraging a PKE scheme that satisfies a new security notion that we
call consistent or inconsistent security against key leasing attacks (CoIC-KLA
security). We then construct a CoIC-KLA secure PKE scheme using 1-key
Ciphertext-Policy Functional Encryption (CPFE) that in turn can be based on any
IND-CPA secure PKE scheme.
3. Identity Based Encryption, Attribute Based Encryption and Functional
Encryption with Secure Key Leasing: We provide definitions of secure key
leasing in the context of advanced encryption schemes such as identity based
encryption (IBE), attribute-based encryption (ABE) and functional encryption
(FE). Then we provide constructions by combining the above PKE-SKL with
standard IBE, ABE and FE schemes.Comment: 68 pages, 4 figures. added related works and a comparison with a
concurrent work (2023-04-07