The Polynomial Learning With Errors Problem and the Smearing Condition

TL;DR

This paper investigates the security of Polynomial Learning with Errors (PLWE) and Ring-Learning with Errors (RLWE) by analyzing the smearing condition, developing algorithms to compute related probabilities, and demonstrating a smearing-based attack.

Contribution

It extends understanding of the smearing condition, relates it to the Coupon Collector's Problem, and introduces a practical smearing-based attack on PLWE.

Findings

Smearing condition is related to the Coupon Collector's Problem.

Developed algorithms for calculating smearing probabilities.

Presented an effective smearing-based attack on PLWE.

Abstract

As quantum computing advances rapidly, guaranteeing the security of cryptographic protocols resistant to quantum attacks is paramount. Some leading candidate cryptosystems use the Learning with Errors (LWE) problem, attractive for its simplicity and hardness guaranteed by reductions from hard computational lattice problems. Its algebraic variants, Ring-Learning with Errors (RLWE) and Polynomial Learning with Errors (PLWE), gain in efficiency over standard LWE, but their security remains to be thoroughly investigated. In this work, we consider the "smearing" condition, a condition for attacks on PLWE and RLWE introduced in [6]. We expand upon some questions about smearing posed by Elias et al. in [6] and show how smearing is related to the Coupon Collector's Problem Furthermore, we develop some practical algorithms for calculating probabilities related to smearing. Finally, we present a smearing-based attack on PLWE, and demonstrate its effectiveness.