The Ring Learning with Errors (RLWE) problem is widely believed to be computationally hard and underpins many modern lattice-based cryptographic constructions. Its security rests on a worst-case to average-case reduction from the approximate Shortest Vector Problem (SVP) on ideal lattices to average-case instances of RLWE, established by Lyubashevsky, Peikert, and Regev.
In this work we study the influence of the algebraic structure of cyclotomic fields $K$ on the hardness of Ideal-SVP and hence on the security of RLWE-based schemes. We investigate how the ideal class group of cyclotomic fields, and specifically $h^+(K)$ and $h^-(K)$, influence the efficiency of algorithms that find mildly short vectors in ideal lattices, following the approach of Cramer, Ducas, and Wesolowski.
We provide a detailed analysis of class number growth: the real class numbers $h^+(K)$ exhibit slow polynomial growth, while the relative class numbers $h^-(K)$ grow slightly faster than exponentially.
Using these results, we critically examine standard power-of-two RLWE parameter choices and propose prime cyclotomic fields as alternative parameter rings. Fields with large class groups impose additional computational cost on known class-group-based attacks, potentially strengthening the underlying Ideal-SVP hardness. We present concrete parameter tables and discuss efficiency tradeoffs.
