Trace-based cryptanalysis of cyclotomic $R_{q,0}\times R_q$-PLWE for the non-split case

TL;DR

This paper presents a new trace-based cryptanalysis attack on a specific non-split case of the Polynomial Learning With Errors (PLWE) problem, exploiting roots with zero-trace in cyclotomic rings to break the cryptographic assumption.

Contribution

The paper introduces a decisional attack on a non-split cyclotomic PLWE variant, demonstrating the vulnerability using trace properties and providing implementation examples.

Findings

Successful attack on non-split cyclotomic PLWE in certain conditions

Overwhelming success probability with increasing samples

Implementation examples in Maple

Abstract

We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring $\mathbb{F}_q[x]/(\Phi_{p^k}(x))$ with $k>1$ in the case where $q\equiv 1\pmod{p}$ but $\Phi_{p^k}(x)$ is not totally split over $\mathbb{F}_q$. Our attack uses the fact that the roots of $\Phi_{p^k}(x)$ over suitable extensions of $\mathbb{F}_q$ have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.