Learning with Errors (LWE) is a hard math problem underlying recently standardized post-quantum cryptography (PQC) systems for key exchange and digital signatures. Prior work proposed new machine learning (ML)-based attacks on LWE problems with small, sparse secrets, but these attacks require millions of LWE samples to train on and take days to recover secrets. We propose three key methods -- better preprocessing, angular embeddings and model pre-training -- to improve these attacks, speeding up preprocessing by $25\times$ and improving model sample efficiency by $10\times$. We demonstrate for the first time that pre-training improves and reduces the cost of ML attacks on LWE. Our architecture improvements enable scaling to larger-dimension LWE problems: this work is the first instance of ML attacks recovering sparse binary secrets in dimension $n=1024$, the smallest dimension used in practice for homomorphic encryption applications of LWE where sparse binary secrets are proposed.

翻译：学习误差（LWE）是近期标准化后量子密码（PQC）密钥交换与数字签名系统所依赖的数学难题。已有工作提出针对小规模稀疏密钥LWE问题的新型机器学习（ML）攻击方法，但这类攻击需要数百万级LWE训练样本，且恢复密钥耗时数日。我们提出三种关键方法——更优的预处理、角度嵌入及模型预训练——以改进这些攻击，将预处理速度提升$25\times$，模型样本效率提高$10\times$。我们首次证明，预训练能够优化并降低LWE机器学习攻击的成本。我们的架构改进支持扩展至更大维度的LWE问题：本工作首次实现针对维度$n=1024$（LWE同态加密应用中采用稀疏二值密钥的最小实践维度）的稀疏二值密钥恢复的机器学习攻击。