On the Hardness of the Finite Field Isomorphism Problem

Abstract

The finite field isomorphism FFI problem, introduced in PKC'18, is an alternative to average-case lattice problems (like LWE, SIS, or NTRU). As an application, the FFI problem is used to construct a fully homomorphic encryption scheme in the same paper. In this work, we prove that the decision variant of the FFI problem can be solved in polynomial time for any field characteristics $q= \Omega(\beta n^2)$, where $q,\beta,n$ parametrize the FFI problem. Then we use our result from the FFI distinguisher to propose a polynomial-time attack on the semantic security of the fully homomorphic encryption scheme. Furthermore, for completeness, we also study the search variant of the FFI problem and show how to state it as a $q$-ary lattice problem, which was previously unknown. As a result, we can solve the search problem for some previously intractable parameters using a simple lattice reduction approach.

Available format(s)
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Lattice Finite field Cryptanalysis
Contact author(s)
dipayan das @ cispa de
joux @ cispa de
History
2022-08-03: approved
See all versions
Short URL
https://ia.cr/2022/998

CC BY

BibTeX

@misc{cryptoeprint:2022/998,
author = {Dipayan Das and Antoine Joux},
title = {On the Hardness of the Finite Field Isomorphism Problem},
howpublished = {Cryptology ePrint Archive, Paper 2022/998},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/998}},
url = {https://eprint.iacr.org/2022/998}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.