I was thinking about why and how the RLWE problem is hard at all. I know that it's hard because it can be reduced to the shortest vector problem, but I'm thinking about how does it even have a solution.
The problem is basically:
$a_{i}(x)$ be a set of random but known polynomials from $F_q [ x ] /Φ ( x )$ with coefficients from all of $F_q$.
$e_i ( x ) $ be a set of small random and unknown polynomials relativeto a bound $b$ in the ring $F_q [ x ] / Φ ( x )$.
$s(x)$ be a small unknown polynomial relative to a bound $b$ in thering $F_q [ x ] / Φ ( x )$.
$b_i ( x ) = ( a_i ( x ) ⋅ s ( x ) ) + e_i ( x )$
The RLWE problem consists of finding the polynomial $s$ given $b$ and $a$. But how do I know that I found it, if the error $e$ could be anything? For example, I could pick a moderate $s$ such that the result is close to $b$ and invent any $e$ such that $b = a.s + e$. Since $e$ is random and unknown, it could be anything. I don't even have a way of verifying that I found the rigth one because I don't know the $e$.
