Skip to main content
SpringerLink
Log in

Secure Software Leasing

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2021 (EUROCRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12697))

Abstract

Formulating cryptographic definitions to protect against software piracy is an important research direction that has not received much attention. Since natural definitions using classical cryptography are impossible to achieve (as classical programs can always be copied), this directs us towards using techniques from quantum computing. The seminal work of Aaronson [CCC’09] introduced the notion of quantum copy-protection precisely to address the problem of software anti-piracy. However, despite being one of the most important problems in quantum cryptography, there are no provably secure solutions of quantum copy-protection known for any class of functions.

We formulate an alternative definition for tackling software piracy, called secure software leasing (SSL). While weaker than quantum copy-protection, SSL is still meaningful and has interesting applications in software anti-piracy.

We present a construction of SSL for a subclass of evasive circuits (that includes natural implementations of point functions, conjunctions with wild cards, and affine testers) based on concrete cryptographic assumptions. Our construction is the first provably secure solution, based on concrete cryptographic assumptions, for software anti-piracy. To complement our positive result, we show, based on cryptographic assumptions, that there is a class of quantum unlearnable functions for which SSL does not exist. In particular, our impossibility result also rules out quantum copy-protection [Aaronson CCC’09] for an arbitrary class of quantum unlearnable functions; resolving an important open problem on the possibility of constructing copy-protection for arbitrary quantum unlearnable circuits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    More generally, Aaronson considers the setting where the adversary gets multiple copies computing f and not just one.

  2. 2.

    That is, there is no known reduction to concrete cryptographic assumptions.

  3. 3.

    The person who leases the software to another.

  4. 4.

    The person to whom the software is being leased to.

  5. 5.

    Although the lessor will technically be the owner of the leased state.

  6. 6.

    This denotes tracing out the second register.

  7. 7.

    For instance, they could be engineers assigned to test whether the beta version contains bugs.

  8. 8.

    Both the notions (quantum copy-protection and secure software leasing) are only meaningful for unlearnable functions: if a function is learnable, then one could learn the function from the quantum state and create another authenticated quantum state computing the same function.

  9. 9.

    We need additional properties from the quantum fully homomorphic encryption scheme but these properties are natural and satisfied by existing schemes [17, 35]. Please refer to full version for a precise description of these properties.

  10. 10.

    A simulated proof is one that is generated by an efficient algorithm, called a simulator, who has access to some private coins that was used to generate the common reference string. Moreover, a simulated proof is indistinguishable from an honestly generated proof. A simulator has the capability to generate simulated proofs for YES instances even without knowing the corresponding witness for these instances.

  11. 11.

    See [15] for a description of this simplified version.

References

  1. How microsoft corporation makes most of its money. https://www.fool.com/investing/2017/06/29/how-microsoft-corporation-makes-most-of-its-money.aspx

  2. Scott Aaronson. Shtetl-Optimized. Ask Me Anything: Apocalypse Edition. https://www.scottaaronson.com/blog/?p=4684#comment-1834174. Comment #283, Posted: 03–24-2020. Accessed 25 Mar 2020

  3. Aaronson, S.: Quantum copy-protection and quantum money. In: 2009 24th Annual IEEE Conference on Computational Complexity, pp. 229–242. IEEE (2009)

    Google Scholar 

  4. Aaronson, S., Christiano, P.: Quantum money from hidden subspaces. In: Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing, pp. 41–60 (2012)

    Google Scholar 

  5. Aaronson, S., Liu, J., Zhang, R.: Quantum copy-protection from hidden subspaces. arXiv preprint arXiv:2004.09674 (2020)

  6. Alagic, G., Brakerski, Z., Dulek, Y., Schaffner, C.: Impossibility of quantum virtual black-box obfuscation of classical circuits. arXiv preprint arXiv:2005.06432 (2020)

  7. Alagic, G., Fefferman, B.: On quantum obfuscation. arXiv preprint arXiv:1602.01771 (2016)

  8. Amos, R., Georgiou, M., Kiayias, A., Zhandry, M.: One-shot signatures and applications to hybrid quantum/classical authentication. Cryptology ePrint Archive, Report 2020/107 (2020)

    Google Scholar 

  9. Ananth, P., La Placa, R.L.: Secure quantum extraction protocols. Cryptology ePrint Archive, Report 2019/1323 (2019)

    Google Scholar 

  10. Barak, B.: How to go beyond the black-box simulation barrier. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pp. 106–115. IEEE (2001)

    Google Scholar 

  11. Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: Lindell, Yehuda (ed.) TCC 2014. LNCS, vol. 8349, pp. 26–51. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_2

  12. Barak, B., et al.: On the (Im)possibility of obfuscating programs. In: Kilian, Joe (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_1

  13. Ben-David, S., Sattath, O.: Quantum tokens for digital signatures. arXiv preprint arXiv:1609.09047 (2016)

  14. Bitansky, N., Khurana, D., Paneth, O.: Weak zero-knowledge beyond the black-box barrier. In: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing, pp. 1091–1102. ACM (2019)

    Google Scholar 

  15. Bitansky, N., Paneth, O.: On the impossibility of approximate obfuscation and applications to resettable cryptography. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 241–250 (2013)

    Google Scholar 

  16. Bitansky, N., Shmueli, O.: Post-quantum zero knowledge in constant rounds. In: STOC (2020)

    Google Scholar 

  17. Brakerski, Z.: Quantum FHE (Almost) as secure as classical. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 67–95. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_3

    Chapter  Google Scholar 

  18. Brakerski, Z., Döttling, N., Garg, S.: and Giulio Malavolta. Circular-secure lwe suffices, Factoring and pairings are not necessary for io (2020)

    Google Scholar 

  19. Brakerski, Z., Perlman, R.: Lattice-based fully dynamic multi-key FHE with short ciphertexts. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 190–213. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_8

    Chapter  Google Scholar 

  20. Broadbent, A., Grilo, A.B.: Zero-knowledge for qma from locally simulatable proofs. arXiv preprint arXiv:1911.07782 (2019)

  21. Broadbent, A., Gutoski, G., Stebila, D.: Quantum one-time programs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 344–360. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_20

    Chapter  Google Scholar 

  22. Broadbent, A., Islam, R.: Quantum encryption with certified deletion. arXiv preprint arXiv:1910.03551 (2019)

  23. Broadbent, A., Lord, S.: Uncloneable quantum encryption via random oracles. arXiv preprint arXiv:1903.00130 (2019)

  24. Coladangelo, A.: Smart contracts meet quantum cryptography. arXiv preprint arXiv:1902.05214 (2019)

  25. Coladangelo, A., Vidick, T., Zhang, T.: Non-interactive zero-knowledge arguments for qma, with preprocessing. arXiv preprint arXiv:1911.07546 (2019)

  26. De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_33

    Chapter  Google Scholar 

  27. Farhi, E., Gosset, D., Hassidim, A., Lutomirski, A., Shor, P.: Quantum money from knots. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 276–289 (2012)

    Google Scholar 

  28. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013)

    Google Scholar 

  29. Gavinsky, D.: Quantum money with classical verification. In: 2012 IEEE 27th Conference on Computational Complexity, pp. 42–52. IEEE (2012)

    Google Scholar 

  30. Gay, R., Pass, R.: Indistinguishability obfuscation from circular security. Technical report, Cryptology ePrint Archive, Report 2020/1010 (2020)

    Google Scholar 

  31. Gottesman, D.: Uncloneable encryption. Quant. Inf. Comput. 3(6), 581–602 (2003)

    MathSciNet  MATH  Google Scholar 

  32. Goyal, R., Koppula, V., Waters, B.: Lockable obfuscation. In: FOCS (2017)

    Google Scholar 

  33. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    Google Scholar 

  34. Lutomirski, A., et al.: Breaking and making quantum money: toward a new quantum cryptographic protocol. arXiv preprint arXiv:0912.3825 (2009)

  35. Mahadev, U.: Classical homomorphic encryption for quantum circuits. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), pp. 332–338. IEEE (2018)

    Google Scholar 

  36. Mahadev, U.: Classical verification of quantum computations. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), pp. 259–267. IEEE (2018)

    Google Scholar 

  37. Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th Annual Symposium on Foundations of Computer Science (Cat. No. 99CB37039), pp. 543–553. IEEE (1999)

    Google Scholar 

  38. Wee, H., Wichs, D.: Candidate obfuscation via oblivious LWE sampling (2020)

    Google Scholar 

  39. Wichs, D., Zirdelis, G.: Obfuscating compute-and-compare programs under LWE. In: 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS), pp. 600–611. IEEE (2017)

    Google Scholar 

  40. Wiesner, S.: Conjugate coding. ACM Sigact News 15(1), 78–88 (1983)

    Article  Google Scholar 

  41. Zhandry, M.: Quantum lightning never strikes the same state twice. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 408–438. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_14

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank Alex Dalzell and Aram Harrow for helpful discussions. During this work, RL was funded by NSF grant CCF-1729369 MIT-CTP/5204.

Author information

Authors and Affiliations

  1. UC Santa Barbara, Santa Barbara, USA

    Prabhanjan Ananth

  2. MIT, Santa Barbara, USA

    Rolando L. La Placa

Authors
  1. Prabhanjan Ananth
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rolando L. La Placa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prabhanjan Ananth .

Editor information

Editors and Affiliations

  1. Inria, Paris, France

    Anne Canteaut

  2. UCLouvain, Louvain-la-Neuve, Belgium

    François-Xavier Standaert

A Related Work

A Related Work

Quantum Money and Quantum Lightning. Using quantum mechanics to achieve unforgeability has a history that predates quantum computing itself. Wiesner [40] informally introduced the notion of unforgeable quantum money – unclonable quantum states that can also be (either publicly or privately) verified to be valid states. A few constructions [3, 4, 27, 29, 34] achieved quantum money with various features and very recently, in a breakthrough work, Zhandry [41] shows how to construct publicly-verifiable quantum money from cryptographic assumptions.

Certifiable Deletion and Unclonable Encryption. Unclonability has also been studied in the context of encryption schemes. The work of Gottesman [31] studies the problem of quantum tamper detection. Alice can use a quantum state to send Bob an encryption of a classical message m with the guarantee that any eavsdropper could not have cloned the ciphertext. In a recent work, Broadbent and Lord [23] introduced the notion of unclonable encryption. Roughly speaking, an unclonable encryption allows Alice to give Bob and Charlie an encryption of a classical message m, in the form of a quantum state \(\sigma (m)\), such that Bob and Charlie cannot ‘split’ the state among them.

In a follow-up work, Broadbent and Islam [22], construct a one-time use encryption scheme with certifiable deletion. An encryption scheme has certifiable deletion property, if there is an algorithm to check that a ciphertext was deleted.

Quantum Obfuscation. Our proof of the impossibility of SSL is inspired by the proof of Barak et al. [10] on the impossibility of VBB for arbitrary functions. Alagic and Fefferman [7] formalized the notion of program obfuscation via quantum tools, defining quantum virtual black-box obfuscation (qVBB) and quantum indistinguishability obfuscation (qiO), as the natural quantum analogues to the respective classical notions (VBB and iO). They also proved quantum analogues of some of the previous impossibility results from [10], as well as provided quantum cryptographic applications from qVBB and qiO.

Quantum One-Time Programs and One-Time Tokens. Another related primitive is quantum one-time programs. This primitive wasn shown to be impossible by [21]. This rules out the possibility of having a copy-protection scheme where a single copy of the software is consumed by the evaluation procedure. Despite the lack of quantum one-time programs, there are constructions of secure ‘one-time’ signature tokens in the oracle models [8, 13]. A quantum token for signatures is a quantum state that would let anyone in possession of it to sign an arbitrary document, but only once. The token is destroyed in the signing process.

Recent Work on Copy-Protection. While finishing this manuscript, we became aware of very recent work on copy-protection. Aaronson et al. [5] constructed copy-protection for unlearnable functions relative to a classical oracle. Our work complements their results, since we show that obtaining copy-protection in the standard model (i.e., without oracles) is not possible.

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ananth, P., La Placa, R.L. (2021). Secure Software Leasing. In: Canteaut, A., Standaert, FX. (eds) Advances in Cryptology – EUROCRYPT 2021. EUROCRYPT 2021. Lecture Notes in Computer Science(), vol 12697. Springer, Cham. https://doi.org/10.1007/978-3-030-77886-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77886-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77885-9

  • Online ISBN: 978-3-030-77886-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation