Module Lattice Security (Part II): Module Lattice Reduction via Optimal Sign Selection

Abstract

We extend the CDPR's quantum attack from ideal lattices to module lattices over 2k-th cyclotomic rings. Using trace orthogonality of the power basis, we decompose a rank-d module into mutually orthogonal rank-1 submodules, and apply CDPR's analysis to each independently and return the shortest candidate. The Hermite factor (O(n)) matches the ideal case, with a module reduction factor αd=O(1) independent of the rank, under a balance hypothesis (proved for Gaussian distribution) automatic for MLWE-distributed bases. To enable a bounded-precision implementation, we replace coordinate-wise rounding with Chinese Remainder Theorem-scaled rounding at totally split primes, reducing the Gram-Schmidt rounding radius from n/2 to 1 at cost O(d2 r n n). Finally, we reformulate the CDPR's sign-selection step as a mixed-integer linear program and prove its optimum is no more than 1/2 for all k (≈ 0.4407 for all tested k 12, conjecturally universal). This replaces the previous heuristic discrepancy Θ(nk). All results build on the class number condition hk+=1 established in Part I of this series.