We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring $\mathbb{F}_q[x]/(\Phi_{p^k}(x))$ with $k>1$ in the case where $q\equiv 1\pmod{p}$ but $\Phi_{p^k}(x)$ is not totally split over $\mathbb{F}_q$. Our attack uses the fact that the roots of $\Phi_{p^k}(x)$ over suitable extensions of $\mathbb{F}_q$ have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.
翻译:----
循环幂模 $R_{q,0}\times R_q$ - PLWE 的基于踪迹的密码分析(非拆分情况)
翻译后的摘要:
我们描述了一种决策攻击 PLWE 问题的版本,其中样本来自大维度的循环域 $\mathbb{F}_q[x] / (\Phi_{p^k}(x))$ 的特定子环,其中 $k>1$,当 $q\equiv 1\pmod{p}$ 但 $\Phi_{p^k}(x)$ 在 $\mathbb{F}_q$ 上并不完全拆分的情况。我们的攻击利用 $\Phi_{p^k}(x)$ 在适当扩展 $\mathbb{F}_q$ 的根具有零踪迹这一事实,并且在输入样本数量的函数中具有压倒性的成功概率。我们还提供了 Maple 的实现和一些攻击示例。
相关内容
微信扫码咨询专知VIP会员