Paper 2022/998

On the Hardness of the Finite Field Isomorphism Problem

Dipayan Das, CISPA – Helmholtz Center for Information Security
Antoine Joux, CISPA – Helmholtz Center for Information Security

The finite field isomorphism FFI problem, introduced in PKC'18, is an alternative to average-case lattice problems (like LWE, SIS, or NTRU). As an application, the FFI problem is used to construct a fully homomorphic encryption scheme in the same paper. In this work, we prove that the decision variant of the FFI problem can be solved in polynomial time for any field characteristics $q= \Omega(\beta n^2)$, where $q,\beta,n$ parametrize the FFI problem. Then we use our result from the FFI distinguisher to propose a polynomial-time attack on the semantic security of the fully homomorphic encryption scheme. Furthermore, for completeness, we also study the search variant of the FFI problem and show how to state it as a $q$-ary lattice problem, which was previously unknown. As a result, we can solve the search problem for some previously intractable parameters using a simple lattice reduction approach.

Available format(s)
Attacks and cryptanalysis
Publication info
Lattice Finite field Cryptanalysis
Contact author(s)
dipayan das @ cispa de
joux @ cispa de
2022-08-03: approved
2022-08-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dipayan Das and Antoine Joux},
      title = {On the Hardness of the Finite Field Isomorphism Problem},
      howpublished = {Cryptology ePrint Archive, Paper 2022/998},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.