Trace-based cryptanalysis of cyclotomic $R_{q,0}\times R_q$-PLWE for the non-split case
Iván Blanco-Chacón, Raúl Durán-Díaz, Rahinatou Yuh Njah Nchiwo, Beatriz Barbero-Lucas
TL;DR
The paper advances the security analysis of PLWE by tackling a non-split cyclotomic instance, exploiting zero-trace roots in extensions to build a trace-based decisional attack. The authors develop a structured framework leveraging a distinguished subspace $R_{q,0}$, a trace map, and a smallness region $\Sigma$ to distinguish PLWE samples from uniform data, with complexity scaling as $O(\sqrt{p(p-1)(q-1)}Mq)$. They connect the attack to a reduction on a smaller modulus via polynomial recoding and provide a Maple implementation with numerical demonstrations that validate feasibility under practical resource limits. The work highlights new weaknesses in non-split cyclotomic PLWE and informs parameter selection and security assessments for related lattice-based schemes, particularly in settings where the cyclotomic modulus fails to split completely.
Abstract
We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring $\mathbb{F}_q[x]/(Φ_{p^k}(x))$ with $k>1$ in the case where $q\equiv 1\pmod{p}$ but $Φ_{p^k}(x)$ is not totally split over $\mathbb{F}_q$. Our attack uses the fact that the roots of $Φ_{p^k}(x)$ over suitable extensions of $\mathbb{F}_q$ have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.