This functionality allows encryption of classical data into a quantum ciphertext so that the recipient of the ciphertext can produce a deletion certificate (a classical string) which proves to the originator that the recipient can no longer obtain the original plaintext should the decryption key be revealed.

A Certified Deletion Encryption (CDE) scheme usually consists of the following 5 algorithms:

• KeyGen: This algorithm generates the key used in later stages
• Enc: This algorithm encrypts the classical plaintext into a quantum ciphertext
• Dec: This algorithm decrypts the quantum ciphertext to recover the classical plaintext
• Del: This algorithm deletes the ciphertext and generates a deletion certificate
• Ver: This algorithm verifies the deletion certificate

• Decryption-correctness: Given the ciphertext and the associated key, the probability that Dec does not output the correct plaintext is negligible in the security parameter
• Verification-correctness: Given a valid deletion certificate and its associated key, the probability that Ver does not accept the certificate is negligible in the security parameter
• Certified Deletion Security: Once the deletion certificate is issued, it becomes impossible to decrypt the certificate, even if the key is later leaked.

1. Broadbent, Anne, and Rabib Islam. “Quantum encryption with certified deletion.” In Theory of Cryptography: 18th International Conference, TCC 2020, Durham, NC, USA, November 16–19, 2020, Proceedings, Part III 18, pp. 92-122. Springer International Publishing, 2020. acheck not used
2. Hiroka, Taiga, Tomoyuki Morimae, Ryo Nishimaki, and Takashi Yamakawa. “Quantum encryption with certified deletion, revisited: Public key, attribute-based, and classical communication.” In Advances in Cryptology–ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part I 27, pp. 606-636. Springer International Publishing, 2021. acheck not used