Since the proposal of the quantum computer, steady progress has been made toward its practical use. It has been reported that RSA cryptography and elliptic curve cryptography, which are currently used, can be broken when the sufficiently large quantum computer is put into practical use. Therefore, the construction of quantum-safe cryptosystems has been proposed. Although the Ring-LWE problem supports the security of many modern lattice cryptosystems, it has not been proven to be secure. In order to verify the security of Ring-LWE, existing studies have analyzed the Ring-LWE problem on a cyclotomic field and the Ring-LWE problem on a decomposition of a cyclotomic field, which can be verified by current computers, but there are still unanalyzed Ring-LWE problems. In this study, we attack the Ring-LWE problem on subfield of a cyclotomic field, which is different from the existing Ring-LWE problems, and analyze the security of the Ring-LWE problem.