Cryptology ePrint Archive: Report 2014/784

Weak Instances of PLWE

Kirsten Eisentraeger and Sean Hallgren and Kristin Lauter

Abstract: In this paper we present a new attack on the polynomial version of the Ring-LWE assumption, for certain carefully chosen number fields. This variant of RLWE, introduced in [BV11] and called the PLWE assumption, is known to be as hard as the RLWE assumption for 2-power cyclotomic number fields, and for cyclotomic number fields in general with a small cost in terms of error growth. For general number fields, we articulate the relevant properties and prove security reductions for number fields with those properties. We then present an attack on PLWE for number fields satisfying certain properties.

Category / Keywords: foundations / lattice-based cryptography, Ring Learning With Errors, attacks, hardness assumptions, security reductions

Original Publication (with minor differences): SAC 2014

Date: received 2 Oct 2014

Contact author: klauter at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20141007:013028 (All versions of this report)

Short URL: ia.cr/2014/784

Discussion forum: Show discussion | Start new discussion