Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform

ePrint Report: Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform

Pierre Pébereau

In this note, we show that some of the parameters of the Quotient-Ring transform proposed for VOX are vulnerable.
More precisely, they were chosen to defeat an attack in the field extension $\mathbb F_{q^l}$ obtained by quotienting $\mathbb F_q[X]$ by an irreducible polynomial of degree $l$.
We observe that we may use a smaller extension $\mathbb F_{q^{l'}}$ for any $l'|l$, in which case the attacks apply …

attack eprint report extension extensions precisely report ring transform vulnerable