Fast polynomial arithmetic in homomorphic encryption with cyclo-multiquadratic fields

This work provides refined polynomial upper bounds for the condition number of the transformation between RLWE/PLWE for cyclotomic number fields with up to 6 primes dividing the conductor. We also provide exact expressions of the condition number for any cyclotomic field, but under what we call the twisted power basis. Finally, from a more practical perspective, we discuss the advantages and limitations of cyclotomic fields to have fast polynomial arithmetic within homomorphic encryption, for which we also study the RLWE/PLWE equivalence of a concrete non-cyclotomic family of number fields. We think this family could be of particular interest due to its arithmetic efficiency properties

Trace-based cryptoanalysis of cyclotomic Rq,0×RqR_{q,0}\times R_q-PLWE for the non-split case

We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring $\mathbb{F}_q[x]/(\Phi_{p^k}(x))$ with $k>1$ in the case where $q\equiv 1\pmod{p}$ but $\Phi_{p^k}(x)$ is not totally split over $\mathbb{F}_q$. Our attack uses the fact that the roots of $\Phi_{p^k}(x)$ over suitable extensions of $\mathbb{F}_q$ have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.Comment: 19 pages; 1 figure; Major update to previous version due to some weaknesses detecte

Trace-based cryptanalysis of cyclotomic R_{q,0}xR_q-PLWE for the non-split case

We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring Fq[x]/(Φp k (x)) with k > 1 in the case where q ≡ 1 (mod p) but Φp k (x) is not totally split over Fq. Our attack uses the fact that the roots of Φp k (x) over suitable extensions of Fq have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.Agencia Estatal de InvestigaciónUniversidad de Alcal

On homomorphic encryption using abelian groups: Classical security analysis

In [15], Leonardi and Ruiz-Lopez propose an additively homomorphic public key encryption scheme whose security is expected to depend on the hardness of the $\textit{learning homomorphism with noise problem}$ (LHN). Choosing parameters for their primitive requires choosing three groups $G$, $H$, and $K$. In their paper, Leonardi and Ruiz-Lopez claim that, when $G$, $H$, and $K$ are abelian, then their public-key cryptosystem is not quantum secure. In this paper, we study security for finite abelian groups $G$, $H$, and $K$ in the classical case. Moreover, we study quantum attacks on instantiations with solvable groups