This work addresses secure key leasing—i.e., verifiable revocation-enabled key distribution—by proposing the first generic classical verifiable revocation framework leveraging BB84-state authentication deletion. Unlike prior approaches, it avoids quantum measurements and strong quantum assumptions (e.g., quantum hardness of LWE), relying instead on classical primitives: IND-CPA public-key encryption, one-way functions, and quantum-hard SIS. Using classical reduction techniques, it constructs efficient constructions for public-key encryption, pseudorandom functions (PRFs), and digital signatures. Key contributions include: (1) the first classical-model realization of key leasing; (2) a signature scheme achieving static key security; (3) strong robustness against leakage of revoked public keys—overcoming a fundamental security limitation in existing schemes; and (4) simplified, broadly applicable security proofs. The framework thus advances both practicality and theoretical foundations of verifiable key leasing.

Secure key leasing (a.k.a. key-revocable cryptography) enables us to lease a cryptographic key as a quantum state in such a way that the key can be later revoked in a verifiable manner. We propose a simple framework for constructing cryptographic primitives with secure key leasing via the certified deletion property of BB84 states. Based on our framework, we obtain the following schemes. - A public key encryption scheme with secure key leasing that has classical revocation based on any IND-CPA secure public key encryption scheme. Prior works rely on either quantum revocation or stronger assumptions such as the quantum hardness of the learning with errors (LWE) problem. - A pseudorandom function with secure key leasing that has classical revocation based on one-way functions. Prior works rely on stronger assumptions such as the quantum hardness of the LWE problem. - A digital signature scheme with secure key leasing that has classical revocation based on the quantum hardness of the short integer solution (SIS) problem. Our construction has static signing keys, i.e., the state of a signing key almost does not change before and after signing. Prior constructions either rely on non-static signing keys or indistinguishability obfuscation to achieve a stronger goal of copy-protection. In addition, all of our schemes remain secure even if a verification key for revocation is leaked after the adversary submits a valid certificate of deletion. To our knowledge, all prior constructions are totally broken in this setting. Moreover, in our view, our security proofs are much simpler than those for existing schemes.