Miyaji Laboratory

In today's information society, large-scale quantum computers are steadily being put into practical use, which are expected to make it easier to decipher RSA cryptosystems and elliptic curve cryptosystems, which play a fundamental role in modern cryptographic techniques. Therefore, lattice ciphers, which are considered to be difficult to crack even with a quantum computer, are attracting attention. In fact, no algorithm that can solve lattice ciphers in a mathematical and efficient way has been discovered yet. Among them, Module-LWE is used in two of the key exchange and encryption algorithms, CRYSTALS- KYBER and CRYSTAL-Dilithium, which were selected as Round 3 of the NIST-PQC. Module-LWE is a generalization of Ring-LWE, and Ring-LWE encrypts plaintexts based on the circular segment. Existing studies have verified the security against Ring-LWE for some subcomponents of the circular segment, but not for Module-LWE. The purpose of this study is to verify the security of the submodules of the circular segment by attacking the submodules of the circular segment.