Modern information communications use cryptography to keep the contents of communications confidential. RSA (Rivest-Shamir-Adleman) cryptography and elliptic curve cryptography, which are public-key cryptosystems, are widely used cryptographic schemes. However, it is known that these cryptographic schemes can be deciphered in a very short time by Shor's algorithm when a quantum computer is put into practical use. Therefore, several methods have been proposed for quantum computer-resistant cryptosystems that cannot be cracked even by a quantum computer. A simple implementation of LWE-based lattice cryptography based on the LWE (Learning With Errors) problem requires a key length of $O(n^2)$ to ensure the same level of security as existing public-key cryptography schemes such as RSA and elliptic curve cryptography. In this paper, we attacked the Ring-LWE (RLWE) scheme, which can be implemented with a short key length, with a modified LLL (Lenstra-Lenstra-Lov\'asz) basis reduction algorithm and investigated the trend in the degree of field extension required to generate a secure and small key. Results showed that the lattice-based cryptography may be strengthened by employing Cullen or Mersenne prime numbers as the degree of field extension.

翻译：现代信息通信使用密码学技术确保通信内容的机密性。公钥密码体系中的RSA（Rivest-Shamir-Adleman）密码学与椭圆曲线密码学是广泛应用的密码方案。然而，当量子计算机投入实际应用时，Shor算法可在极短时间内破解这些密码方案。因此，学界提出了多种抗量子计算的密码系统方案，这些方案即使面对量子计算机也无法被破解。基于LWE（带错误学习）问题的LWE格密码的简单实现，需要密钥长度为$O(n^2)$才能达到与RSA、椭圆曲线密码学等现有公钥密码方案相同的安全等级。本文针对可采用短密钥长度实现的Ring-LWE（RLWE）方案，使用改进的LLL（Lenstra-Lenstra-Lovász）基约简算法进行攻击，并研究了生成安全且短小密钥所需的域扩张次数趋势。结果表明，采用Cullen素数或Mersenne素数作为域扩张次数可能增强格密码的安全性。