PKE and ABE with Collusion-Resistant Secure Key Leasing

TL;DR

This paper introduces collusion-resistant secure key leasing (SKL) for public key encryption and attribute-based encryption, allowing multiple keys to be securely leased and verified without increasing key or ciphertext size, based on LWE assumptions.

Contribution

It proposes the first collusion-resistant PKE and ABE schemes with SKL, addressing multi-key security and verification while maintaining constant key and ciphertext sizes, based on LWE.

Findings

PKE-CR-SKL scheme based on LWE

ABE-CR-SKL scheme with collusion resistance

Classical certificate-based ABE-CR-SKL scheme

Abstract

Secure key leasing (SKL) is an advanced encryption functionality that allows a secret key holder to generate a quantum decryption key and securely lease it to a user. Once the user returns the quantum decryption key (or provides a classical certificate confirming its deletion), they lose their decryption capability. Previous works on public key encryption with SKL (PKE-SKL) have only considered the single-key security model, where the adversary receives at most one quantum decryption key. However, this model does not accurately reflect real-world applications of PKE-SKL. To address this limitation, we introduce collusion-resistant security for PKE-SKL (denoted as PKE-CR-SKL). In this model, the adversary can adaptively obtain multiple quantum decryption keys and access a verification oracle which validates the correctness of queried quantum decryption keys. Importantly, the size of the public key and ciphertexts must remain independent of the total number of generated quantum decryption keys. We present the following constructions: - A PKE-CR-SKL scheme based on the learning with errors (LWE) assumption. - An attribute-based encryption scheme with collusion-resistant SKL (ABE-CR-SKL), also based on the LWE assumption. - An ABE-CR-SKL scheme with classical certificates, relying on multi-input ABE with polynomial arity.