In an algebraic number field, an ideal $I$ in the ring of integers $\mathcal{O}_K$ has dual $I^\vee = \{x\in\mathcal{O}_K\text{ : }T_{K/\mathbb{Q}}(xy)\in\mathbb{Z}\text{ for all }y\in I\}$, where $T_{K/\mathbb{Q}}(\cdot)$ is the field trace. A lattice $\mathcal{L}$ in $\mathbb{R}^n$ has dual $\mathcal{L}^\ast = \{x\in\mathbb{R}^n\text{ : }\langle x,y\rangle\in\mathbb{Z}\text{ for all }y\in\mathcal{L}\}$, where $\langle\cdot,\cdot \rangle$ is an inner product. From page 14 of the RLWE paper, where $\sigma$ is the canonical embedding and $\mathcal{L}\subset K$:
It is not difficult to see that, under the canonical embedding, $\mathcal{L}^{\vee}$ embeds as the complex conjugate of the dual lattice, i.e., $\sigma\left(\mathcal{L}^{\vee}\right)=\overline{\sigma(\mathcal{L})^{*}}$. This is due to the fact that $\operatorname{Tr}(x y)=\sum_{i} \sigma_{i}(x) \sigma_{i}(y)=\langle\sigma(x), \overline{\sigma(y)}\rangle$.
My question is: why is the dual ideal $I^\vee$ used in RLWE? Is it because of the presence of the quantum Fourier transform in the proof of Lemma 3.14 of the original LWE paper? Or is it so that Lemma 4.7 of RLWE (the reduction from BDD to RLWE) is correct? Or because of some other reason?
