The Polynomial Learning With Errors problem (PLWE) serves as the background of two of the three cryptosystems standardized in August 2024 by the National Institute of Standards and Technology to replace non-quantum resistant current primitives like those based on RSA, Diffie-Hellman or its elliptic curve analogue. Although PLWE is highly believed to be quantum resistant, this fact has not yet been established, contrariwise to other post-quantum proposals like multivariate and some code based ones. Moreover, several vulnerabilities have been encountered for a number of specific instances. In a search for more flexibility, it becomes fully relevant to study the robustness of PLWE based on other polynomials, not necessarily cyclotomic. In 2015, Elias et al found a good number of attacks based on different features of the roots of the polynomial. In the present work we present an overview of the approximations made against PLWE derived from this and subsequent works, along with several new attacks which refine those by Elias et al. exploiting the order of the trace of roots over finite extensions of the finite field under the three scenarios laid out by Elias et al., allowing to generalize the setting in which the attacks can be carried out.
翻译:多项式学习错误问题(PLWE)是美国国家标准与技术研究院于2024年8月标准化的三种密码系统中两种的基础,旨在替代基于RSA、Diffie-Hellman或其椭圆曲线变体等非抗量子攻击的现有原语。尽管PLWE被普遍认为具有抗量子性,但这一事实尚未得到严格证明,这与多元密码及部分基于编码的后量子方案形成对比。此外,多个具体实例已被发现存在安全漏洞。为寻求更高灵活性,研究基于非分圆多项式构建的PLWE的鲁棒性具有重要现实意义。2015年,Elias等人基于多项式根的不同特性提出了多种攻击方法。本文系统梳理了由此衍生的PLWE近似攻击研究脉络,并在Elias等人提出的三种场景框架下,通过利用根在有限域扩张上的迹的阶数特性,提出了若干改进型新攻击。这些攻击扩展了原有方法的适用范围,实现了攻击场景的广义化构建。