A Generalized Approach to Root-based Attacks against PLWE

TL;DR

This paper reviews and extends root-based attack methods against the Polynomial Learning With Errors (PLWE) problem, highlighting potential vulnerabilities and generalizing attack scenarios beyond cyclotomic polynomials.

Contribution

It provides a comprehensive overview of existing root-based attacks on PLWE and introduces new refined attacks that generalize previous methods to broader polynomial settings.

Findings

Identifies vulnerabilities in PLWE based on root properties.

Extends attack scenarios to non-cyclotomic polynomials.

Provides a unified framework for root-based attacks.

Abstract

The Polynomial Learning With Errors problem (PLWE) serves as the background of two of the three cryptosystems standardized in August 2024 by the National Institute of Standards and Technology to replace non-quantum resistant current primitives like those based on RSA, Diffie-Hellman or its elliptic curve analogue. Although PLWE is highly believed to be quantum resistant, this fact has not yet been established, contrariwise to other post-quantum proposals like multivariate and some code based ones. Moreover, several vulnerabilities have been encountered for a number of specific instances. In a search for more flexibility, it becomes fully relevant to study the robustness of PLWE based on other polynomials, not necessarily cyclotomic. In 2015, Elias et al found a good number of attacks based on different features of the roots of the polynomial. In the present work we present an overview of the approximations made against PLWE derived from this and subsequent works, along with several new attacks which refine those by Elias et al. exploiting the order of the trace of roots over finite extensions of the finite field under the three scenarios laid out by Elias et al., allowing to generalize the setting in which the attacks can be carried out.