Trace-based cryptanalysis of cyclotomic $R_{q,0}\times R_q$-PLWE for the non-split case

Communications in Mathematics, Volume 31 (2023), Issue 2 (Special issue: Euclidean lattices: theory and applications) (July 19, 2023) cm:11153 We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring $\mathbb{F}_q[x]/(\Phi_{p^k}(x))$ with $k>1$ in the case where $q\equiv 1\pmod{p}$ but $\Phi_{p^k}(x)$ is not totally split over $\mathbb{F}_q$. Our attack uses the fact that the roots of $\Phi_{p^k}(x)$ over suitable extensions of $\mathbb{F}_q$ have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.