Quantum Encryption with Certified Deletion, Revisited: Public Key, Attribute-Based, and Classical Communication

Broadbent and Islam (TCC '20) proposed a quantum cryptographic primitive called encryption with certified deletion. In this primitive, receiver in possession of ciphertext can generate classical certificate that the encrypted message is deleted. Although their construction information-theoretically secure, it limited to setting one-time symmetric key (SKE), where sender have share common advance be used only once. Moreover, has state send over channel construction. deletion certificates are privately verifiable, which means verification for kept secret, definition by Islam, we also consider public verifiability. work, present various constructions - Quantum communication case: We achieve (reusable-key) (PKE) attribute-based (ABE) Our PKE scheme constructed assuming existence IND-CPA secure PKE, our ABE indistinguishability obfuscation one-way function. These two schemes verifiable. Classical uses communication. give schemes, verifiable one publicly one. The former LWE assumption random oracle model. latter one-shot signatures extractable witness encryption.