Generalization of low rank parity-check (LRPC) codes over the ring of integers modulo a positive integer

Following the work of Gaborit et al. (in: The international workshop on coding and cryptography (WCC 13), 2013) defining LRPC codes over finite fields, Renner et al. (in: IEEE international symposium on information theory, ISIT 2020, 2020) defined LRPC codes over the ring of integers modulo a prime power, inspired by the paper of Kamche and Mouaha (IEEE Trans Inf Theory 65(12):7718–7735, 2019) which explored rank metric codes over finite principal ideal rings. In this work, we successfully extend the work of Renner et al. by constructing LRPC codes over the ring $$\mathbb {Z}_{m}$$ Z m which is not a chain ring. We give a decoding algorithm and we study the failure probability of the decoder.

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

We propose the new rank-metric code-based cryptosystem which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence resists the GOT attack. We also prove that the public-key encryption version of is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of are short ciphertext sizes and (relatively) small key sizes. Further, guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.