Primal attack is a typically considered strategy to estimate the hardness of cryptosystem based on learning with errors problem (LWE), it reduces the LWE problem to the unique-SVP by embedding technique and then employs lattice reduction such as BKZ to find the shortest vector. The main reason for the popularity of primal attack is its conservative estimation, in general, the complexity of primal attack is estimated by the hardness of core-SVP as \({\cal T} = {2^{0.292b}}\). In this work, we first revisit primal attack and give supplemental proof of the scaling factor in Bai-Galbraith embedding, whose value was given according to the experimental results. Then we refine primal attack in two special cases and analyze the variants in detail. One is that, for sparse secret LWE (or sparse secret-error LWE), primal attack with dropping makes a trade-off between guessing zero components and solving dimension-reduced problems to improve the complexity. The other is that, when \({{\cal T}_{{\rm{BKZ}}}}(b) = {\rm{poly}}(d) \cdot {{\cal T}_{{\rm{Sieve}}}}(b)\) holds in practice, primal attack with preprocessing reduces the time complexity by a factor of 2⁶−2¹⁰ through dividing primal attack into three steps and considering them independently.

原始攻击是一种典型的基于学习错误问题 (LWE) 来估计密码系统硬度的策略，它通过嵌入技术将 LWE 问题简化为唯一 SVP，然后采用格约简（例如 BKZ）来找到最短向量。primal Attack流行的主要原因是它的保守估计，一般来说primal Attack的复杂度是通过core-SVP的硬度来估计为\({\cal T} = {2^{0.292b}}\). 在这项工作中，我们首先重新审视原始攻击并补充证明 Bai-Galbraith 嵌入中的缩放因子，其值是根据实验结果给出的。然后我们在两个特殊情况下细化原始攻击并详细分析变体。一个是，对于稀疏秘密 LWE（或稀疏秘密错误 LWE），原始攻击与丢弃在猜测零分量和解决降维问题之间进行权衡以提高复杂性。另一个是，当\({{\cal T}_{{\rm{BKZ}}}}(b) = {\rm{poly}}(d) \cdot {{\cal T}_{{ \rm{Sieve}}}}(b)\)在实践中成立，带有预处理的原始攻击将时间复杂度降低了 2 ⁶ −2 ¹⁰倍 通过将原始攻击分为三个步骤并独立考虑它们。