On the Hardness of the Finite Field Isomorphism Problem

Abstract

The finite field isomorphism (FFI) problem was introduced in PKC’18, as an alternative to average-case lattice problems (like LWE, SIS, or NTRU ). As an application, the same paper used the FFI problem to construct a fully homomorphic encryption scheme. In this work, we prove that the decision variant of the FFI problem can be solved in polynomial time for any field characteristics q= Ω(βn2), where q, β, n parametrize the FFI problem. Then we use our result from the FFI distinguisher to propose polynomial-time attacks on the semantic security of the fully homomorphic encryption scheme. Furthermore, for completeness, we also study the search variant of the FFI problem and show how to state it as a q-ary lattice problem, which was previously unknown. As a result, we can solve the search problem for some previously intractable parameters using a simple lattice reduction approach.