An Experimental Analysis on Lattice Attacks against Ring-LWE over Decomposition Fields

Abstract

The ring variant of learning with errors (Ring-LWE) problem has provided efficient post-quantum cryptographic schemes including homomorphic encryption (HE) schemes. Usually, cyclotomic fields are used as underlying number fields of Ring-LWE from the viewpoints of efficiency and security. However, especially in the case of HE schemes, improving the efficiency and ensuring the security are important tasks even now. Arita and Handa proposed to use decomposition fields as underlying number fields of Ring-LWE and successfully constructed a HE scheme which can encrypt many plaintexts efficiently at a time. However, there is no enough evidence that decomposition fields do not provide weak Ring-LWE instances.In this paper, we give an experimental analysis on lattice attacks against Ring-LWE over decomposition fields. More precisely, we conducted lattice attacks against Ring-LWE over decomposition fields and over the l-th cyclotomic fields with some prime numbers l, respectively, and compared each of the running-time, the success rate and the root hermite factor. We also compared the results of the same attacks on various decomposition fields to find decomposition fields providing weak Ring-LWE instances. As a result of our analysis, we expect that decomposition fields would provide more secure and efficient HE schemes based on Ring-LWE compared to the l-th cyclotomic fields.