Attacks on the Search-RLWE problem with small errors

The Ring Learning-With-Errors (RLWE) problem shows great promise for post-quantum cryptography and homomorphic encryption. We describe a new attack on the non-dual search RLWE problem with small error widths, using ring homomorphisms to finite fields and the chi-squared statistical test. In particular, we identify a "subfield vulnerability" (Section 5.2) and give a new attack which finds this vulnerability by mapping to a finite field extension and detecting non-uniformity with respect to the number of elements in the subfield. We use this attack to give examples of vulnerable RLWE instances in Galois number fields. We also extend the well-known search-to-decision reduction result to Galois fields with any unramified prime modulus q, regardless of the residue degree f of q, and we use this in our attacks. The time complexity of our attack is O(nq2f), where n is the degree of K and f is the residue degree of q in K. We also show an attack on the non-dual (resp. dual) RLWE problem with narrow error distributions in prime cyclotomic rings when the modulus is a ramified prime (resp. any integer). We demonstrate the attacks in practice by finding many vulnerable instances and successfully attacking them. We include the code for all attacks

Ring-LWE Cryptography for the Number Theorist

In this paper, we survey the status of attacks on the ring and polynomial learning with errors problems (RLWE and PLWE). Recent work on the security of these problems [Eisentr\"ager-Hallgren-Lauter, Elias-Lauter-Ozman-Stange] gives rise to interesting questions about number fields. We extend these attacks and survey related open problems in number theory, including spectral distortion of an algebraic number and its relationship to Mahler measure, the monogenic property for the ring of integers of a number field, and the size of elements of small order modulo q.Comment: 20 Page

Ring Learning With Errors: A crossroads between postquantum cryptography, machine learning and number theory

The present survey reports on the state of the art of the different cryptographic functionalities built upon the ring learning with errors problem and its interplay with several classical problems in algebraic number theory. The survey is based to a certain extent on an invited course given by the author at the Basque Center for Applied Mathematics in September 2018.Comment: arXiv admin note: text overlap with arXiv:1508.01375 by other authors/ comment of the author: quotation has been added to Theorem 5.

Security considerations for Galois non-dual RLWE families

We explore further the hardness of the non-dual discrete variant of the Ring-LWE problem for various number rings, give improved attacks for certain rings satisfying some additional assumptions, construct a new family of vulnerable Galois number fields, and apply some number theoretic results on Gauss sums to deduce the likely failure of these attacks for 2-power cyclotomic rings and unramified moduli

Characterizing Insecure Error Distributions For Various RLWE Problems

This thesis studies how a chosen set of parameters for a Ring Learning With Errors (RLWE) cryptographic instance affects its ability to withstand a certain type of attack. We begin with some non-technical motivation on the specific qualities of RLWE that support its candidacy as a post-quantum cryptographic protocol, and why such protocols are necessary due to recent developments in computing. We then discuss some of the context for RLWE, providing some overview on important concepts in algebraic number theory that underpin the mathematical structure of RLWE. We define several variants of RLWE which researchers in this field have analyzed, provide some detail on how these variants relate to each other, and cover some of the types of attacks against these variants. Following this overview, we introduce the experimental phase of this thesis project and cover the functionality of a program used to simulate a RLWE attack. Finally, we analyze some data generated as a result of tests run on our program and briefly discuss how it relates to previous hypotheses on how a RLWE instance\u27s security should be characterized

Security Impact Analysis of Degree of Field Extension in Lattice Attacks on Ring-LWE Problem

Modern information communications use cryptography to keep the contents of communications confidential. RSA (Rivest-Shamir-Adleman) cryptography and elliptic curve cryptography, which are public-key cryptosystems, are widely used cryptographic schemes. However, it is known that these cryptographic schemes can be deciphered in a very short time by Shor's algorithm when a quantum computer is put into practical use. Therefore, several methods have been proposed for quantum computer-resistant cryptosystems that cannot be cracked even by a quantum computer. A simple implementation of LWE-based lattice cryptography based on the LWE (Learning With Errors) problem requires a key length of $O(n^2)$ to ensure the same level of security as existing public-key cryptography schemes such as RSA and elliptic curve cryptography. In this paper, we attacked the Ring-LWE (RLWE) scheme, which can be implemented with a short key length, with a modified LLL (Lenstra-Lenstra-Lov\'asz) basis reduction algorithm and investigated the trend in the degree of field extension required to generate a secure and small key. Results showed that the lattice-based cryptography may be strengthened by employing Cullen or Mersenne prime numbers as the degree of field extension.Comment: accepted in COMPSAC 2023 Workshop DSML: The 1st IEEE International Workshop on Data Science & Machine Learning for Cybersecurity, IoT & Digital Forensic