Skip to main content
SpringerLink
Log in

Secure Software Leasing from Standard Assumptions

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13042))

Included in the following conference series:

Abstract

Secure software leasing (SSL) is a quantum cryptographic primitive that enables an authority to lease software to a user by encoding it into a quantum state. SSL prevents users from generating authenticated pirated copies of leased software, where authenticated copies indicate those run on legitimate platforms. Although SSL is a relaxed variant of quantum copy protection that prevents users from generating any copy of leased softwares, it is still meaningful and attractive. Recently, Ananth and La Placa proposed the first SSL scheme. It satisfies a strong security notion called infinite-term security. On the other hand, it has a drawback that it is based on public key quantum money, which is not instantiated with standard cryptographic assumptions so far. Moreover, their scheme only supports a subclass of evasive functions.

In this work, we present SSL schemes that satisfy a security notion called finite-term security based on the learning with errors assumption (LWE). Finite-term security is weaker than infinite-term security, but it still provides a reasonable security guarantee. Specifically, our contributions consist of the following.

  • We construct a finite-term secure SSL scheme for pseudorandom functions from the LWE assumption against quantum adversaries.

  • We construct a finite-term secure SSL scheme for a subclass of evasive functions from the LWE assumption against sub-exponential quantum adversaries.

  • We construct finite-term secure SSL schemes for the functionalities above with classical communication from the LWE assumption against (sub-exponential) quantum adversaries.

SSL with classical communication means that entities exchange only classical information though they run quantum computation locally.

Our crucial tool is two-tier quantum lightning, which is introduced in this work and a relaxed version of quantum lighting. In two-tier quantum lightning schemes, we have a public verification algorithm called semi-verification and a private verification algorithm called full-verification. An adversary cannot generate possibly entangled two quantum states whose serial numbers are the same such that one passes the semi-verification, and the other also passes the full-verification. We show that we can construct a two-tier quantum lightning scheme from the LWE assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Software is modeled as (Boolean) circuits or functions.

  2. 2.

    We will refer to a few concurrent works in Sect. 1.4.

  3. 3.

    Their constructions need heuristic assumptions related to randomness leakage and circular security [BDGM20, GP21], a heuristic construction of oblivious LWE sampling [WW21], a heuristic construction of noisy linear functional encryption [AP20], or an idealized model [BGMZ18, CHVW19]. Some heuristic assumptions [GP21, WW21, BDGM20] were found to be false [HJL21].

  4. 4.

    In the actual syntax, it also outputs a software, which is negligibly close to a software given as input.

  5. 5.

    A compute-and-compare circuit is specified by a circuit C and a target value \(\alpha \) and outputs 1 on input x if and only if \(C(x)=\alpha \).

  6. 6.

    In the original construction in [AL21], seNIZK also proves that \(\mathsf {pk}\) and \(\widetilde{C}\) was honestly generated. However, we found that this is redundant, and essentially the same security proof works even if it only proves the knowledge of an accepting input of \(\widetilde{C}\). We note that it is important to include \(\mathsf {pk}\) in the statement to bind a proof to \(\mathsf {pk}\) even though the knowledge proven by the seNIZK has nothing to do with \(\mathsf {pk}\). In fact, this observation is essential to give our simplified construction of SSL.

  7. 7.

    Note that Ananth and La Placa proved that the construction in fact satisfies infinite-term security that is stronger than finite-term security. For ease of exposition of our ideas, we explain why the construction satisfies finite-term security.

  8. 8.

    This approach was also discussed in the introduction of [Zha21].

  9. 9.

    Strictly speaking, our construction additionally uses message authentication code (MAC).

  10. 10.

    Strictly speaking, we need to assume the key-injectiveness for the PRF. See the full version of this paper [KNY20] for the definition.

  11. 11.

    More precisely, they prove an analogous property for a family of noisy trapdoor claw-free permutations.

  12. 12.

    is the partial trace of where the i-th register is traced out.

  13. 13.

    [RS19] proved essentially the same lemma through an abstraction which they call 1-of-2 puzzle.

  14. 14.

    Of course, such a replacement cannot be done efficiently. We consider such an experiment only as a proof tool.

References

  1. Aaronson, S.: Limitations of quantum advice and one-way communication. Theory Comput. 1(1), 1–28 (2005)

    Article  MathSciNet  Google Scholar 

  2. Aaronson, S.: Quantum copy-protection and quantum money. In: Proceedings of the 24th Annual IEEE Conference on Computational Complexity, CCC 2009, pp. 229–242 (2009)

    Google Scholar 

  3. Aaronson, S., Christiano, P.: Quantum money from hidden subspaces. In: 44th ACM STOC, pp. 41–60 (2012)

    Google Scholar 

  4. Amos, R., Georgiou, M., Kiayias, A., Zhandry, M.: One-shot signatures and applications to hybrid quantum/classical authentication. In: 52nd ACM STOC, pp. 255–268 (2020)

    Google Scholar 

  5. Ananth, P., La Placa, R.L.: Secure software leasing. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 501–530. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_17

    Chapter  Google Scholar 

  6. Aaronson, S., Liu, J., Liu, Q., Zhandry, M., Zhang, R.: New approaches for quantum copy-protection. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 526–555. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_19

    Chapter  Google Scholar 

  7. Aaronson, S., Liu, J., Zhang, R.: Quantum copy-protection from hidden subspaces (2020). CoRR, abs/2004.09674, version v5 or older

    Google Scholar 

  8. Agrawal, S., Pellet-Mary, A.: Indistinguishability obfuscation without maps: attacks and fixes for noisy linear FE. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 110–140. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_5

    Chapter  Google Scholar 

  9. Brakerski, Z., Christiano, P., Mahadev, U., Vazirani, U.V., Vidick, T.: A cryptographic test of quantumness and certifiable randomness from a single quantum device. In: 59th FOCS, pp. 320–331 (2018)

    Google Scholar 

  10. Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Factoring and pairings are not necessary for iO: circular-secure LWE suffices. Cryptology ePrint Archive, Report 2020/1024 (2020). https://eprint.iacr.org/2020/1024

  11. Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6:1-6:48 (2012)

    Article  MathSciNet  Google Scholar 

  12. Bartusek, J., Guan, J., Ma, F., Zhandry, M.: Return of GGH15: provable security against zeroizing attacks. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 544–574. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_20

    Chapter  MATH  Google Scholar 

  13. Broadbent, A., Jeffery, S., Lord, S., Podder, S., Sundaram, A.: Secure Software Leasing Without Assumptions (2021)

    Google Scholar 

  14. Cohen, A., Holmgren, J., Nishimaki, R., Vaikuntanathan, V., Wichs, D.: Watermarking cryptographic capabilities. SIAM J. Comput. 47(6), 2157–2202 (2018)

    Article  MathSciNet  Google Scholar 

  15. Canetti, R., Halevi, S., Steiner, M.: Hardness amplification of weakly verifiable puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_2

    Chapter  MATH  Google Scholar 

  16. Chen, Y., Hhan, M., Vaikuntanathan, V., Wee, H.: Matrix PRFs: constructions, attacks, and applications to obfuscation. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 55–80. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_3

    Chapter  Google Scholar 

  17. Coladangelo, A., Majenz, C., Poremba, A.: Quantum copy-protection of compute-and-compare programs in the quantum random oracle model (2020)

    Google Scholar 

  18. Coladangelo, A., Sattath, O.: A quantum money solution to the blockchain scalability problem. CoRR, abs/2002.11998 (2020)

    Google Scholar 

  19. Farhi, E., Gosset, D., Hassidim, A., Lutomirski, A., Shor, P.W.: Quantum money from knots. In: ITCS 2012, pp. 276–289 (2012)

    Google Scholar 

  20. Goyal, R., Kim, S., Manohar, N., Waters, B., Wu, D.J.: Watermarking public-key cryptographic primitives. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 367–398. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_12

    Chapter  Google Scholar 

  21. Gay, R., Pass, R.: Indistinguishability obfuscation from circular security. In: STOC ’21: 53rd Annual ACM SIGACT Symposium on Theory of Computing, Virtual Event, Italy, 21–25 June 2021, pp. 736–749 (2021)

    Google Scholar 

  22. Georgiou, M., Zhandry, M.: Unclonable decryption keys. IACR Cryptol. ePrint Arch. 2020, 877 (2020)

    Google Scholar 

  23. Hopkins, S., Jain, A., Lin, H.: Counterexamples to new circular security assumptions underlying iO. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 673–700. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_23

    Chapter  Google Scholar 

  24. Kitagawa, F., Nishimaki, R., Yamakawa, T.: Secure Software Leasing from Standard Assumptions. Cryptology ePrint Archive, Report 2020/1314 (2020). https://eprint.iacr.org/2020/1314

  25. Peikert, C., Shiehian, S.: Noninteractive zero knowledge for np from (plain) learning with errors. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 89–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_4

    Chapter  Google Scholar 

  26. Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. SIAM J. Comput. 40(6), 1803–1844 (2011)

    Article  MathSciNet  Google Scholar 

  27. Radian, R., Sattath, O.: Semi-quantum money. In: Proceedings of the 1st ACM Conference on Advances in Financial Technologies, AFT 2019, pp. 132–146 (2019)

    Google Scholar 

  28. Roberts, B., Zhandry, M.: Franchised quantum money. In: Asiacrypt 2021 (to appear) (2021). https://www.cs.princeton.edu/~mzhandry/docs/papers/Z21b.pdf

  29. Wee, H., Wichs, D.: Candidate obfuscation via oblivious LWE sampling. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12698, pp. 127–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_5

    Chapter  Google Scholar 

  30. Zhandry, M.: Quantum lightning never strikes the same state twice. or: quantum money from cryptographic assumptions. J. Cryptol. 34(1), 1–56 (2021). https://doi.org/10.1007/s00145-020-09372-x

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Corporation, Tokyo, Japan

    Fuyuki Kitagawa, Ryo Nishimaki & Takashi Yamakawa

Authors
  1. Fuyuki Kitagawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryo Nishimaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takashi Yamakawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ryo Nishimaki .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kitagawa, F., Nishimaki, R., Yamakawa, T. (2021). Secure Software Leasing from Standard Assumptions. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13042. Springer, Cham. https://doi.org/10.1007/978-3-030-90459-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90459-3_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90458-6

  • Online ISBN: 978-3-030-90459-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation