I will be talking about two theoretical attacks on lattice-based
cryptography mentioned by Dan Bernstein; here, "theoretical" means that
there is no known implementation. One is the subfield logarithm attack,
which generalizes a known attack on PIP over CM fields. The second is an
attack that attempts to reduce the standard lattice attack on NTRU into
a case of SPIP in an extension field.