Existing secure key leasing (SKL) schemes primarily resist only single-key leakage and fail to withstand multi-user collusion attacks; moreover, they lack support for functionalities beyond decryption—such as pseudorandom functions (PRFs) and digital signatures. To address these limitations, this work introduces the first collusion-resistant, quantum-safe SKL framework based solely on standard assumptions (Learning With Errors and one-way functions). Our approach features a novel Multi-Level Traitor Tracing (MLTT) mechanism and a verifiable key deletion protocol that guarantees the physical erasure of leased keys. We construct the first bounded collusion-resistant PRF key leasing scheme and provide a generic compiler enabling extension to diverse cryptographic primitives—including digital signatures. The framework further achieves query resilience and strong security guarantees. Collectively, our results establish a rigorous theoretical foundation and a practical construction paradigm for deployable key leasing systems.

Secure key leasing (SKL) enables the holder of a secret key for a cryptographic function to temporarily lease the key using quantum information. Later, the recipient can produce a deletion certificate, which proves that they no longer have access to the secret key. The security guarantee ensures that even a malicious recipient cannot continue to evaluate the function, after producing a valid deletion certificate. Most prior work considers an adversarial recipient that obtains a single leased key, which is insufficient for many applications. In the more realistic collusion-resistant setting, security must hold even when polynomially many keys are leased (and subsequently deleted). However, achieving collusion-resistant SKL from standard assumptions remains poorly understood, especially for functionalities beyond decryption. We improve upon this situation by introducing new pathways for constructing collusion-resistant SKL. Our main contributions are as follows: - A generalization of quantum-secure collusion-resistant traitor tracing called multi-level traitor tracing (MLTT), and a compiler that transforms an MLTT scheme for a primitive X into a collusion-resistant SKL scheme for primitive X. - The first bounded collusion-resistant SKL scheme for PRFs, assuming LWE. - A compiler that upgrades any single-key secure SKL scheme for digital signatures into one with unbounded collusion-resistance, assuming OWFs. - A compiler that upgrades collusion-resistant SKL schemes with classical certificates to ones having verification-query resilience, assuming OWFs.