Miyaji Laboratory

Today's Internet is based on the premise that personal information is exchanged using encryption. How- ever, if large-scale quantum computers become commercially available in the future, today's public-key cryptography will be deciphered in a realistic amount of time. A quantum computer-resistant cryptosys- tem has been proposed. Among them, a cryptosystem based on the difficulty of the Module-LWE problem has been selected as one of the standards for quantum computer cryptography by NIST, and is considered to be highly useful. Since the security of quantum computer cryptography is not uniform, attacks against quantum computer cryptography have been conducted to analyze its security. In this study, we attack the Module-LWE problem. In existing works, a chi-square attack has been proposed for the Ring-LWE search problem with the dimension of the secret key vector in the Module-LWE problem limited to one by using a Frobenius map to reduce the computational complexity. Based on these reduction methods, we aim to verify whether the attack on the Module-LWE problem is feasible in realistic computational time or not by applying a method that requires less computation for a successful attack.