Journal of Cryptology

, Volume 21, Issue 2, pp 280–301 | Cite as

Structural Attacks for Public Key Cryptosystems based on Gabidulin Codes

  • R. OverbeckEmail author


In this paper we look at the Gabidulin version of the McEliece cryptosystem (GPT) and its variants. We give an overview over the existing structural attacks on the basic scheme, and show how to combine them to get an effective attack for every GPT variant. As a consequence, there are no secure parameter sets left for GPT variants, which one would like to use in practice.


Public key cryptography Code based cryptography Rank distance codes Gabidulin codes 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    T.P. Berger, P. Loidreau, Security of the Niederreiter form of the GPT public-key cryptosystem, in IEEE International Symposium on Information Theory, Lausanne, Suisse (IEEE Press, New York, 2002) Google Scholar
  2. [2]
    T.P. Berger, P. Loidreau, How to mask the structure of codes for a cryptographic use, Des. Codes Cryptogr. 35(1), 63–79 (2005) zbMATHCrossRefMathSciNetGoogle Scholar
  3. [3]
    N. Courtois, M. Finiasz, N. Sendrier, How to achieve a McEliece-based digital signature scheme, in Advances in Cryptology—ASIACRYPT 2001, vol. 2248 (Springer, Berlin, 2001), pp. 157–174 CrossRefGoogle Scholar
  4. [4]
    S.R. Finch, Mathematical Constants. Encyclopedia of Mathematics and Applications. Cambridge, 2003. See
  5. [5]
    E.M. Gabidulin, On public-key cryptosystems based on linear codes, in Proc. of 4th IMA Conference on Cryptography and Coding 1993. Codes and Ciphers (IMA Press, Southend-on Sea, 1995) Google Scholar
  6. [6]
    E.M. Gabidulin, P. Loidreau, Subfield subcodes of maximum-rank distance codes, in Seventh International Workshop on Algebraic and Combinatorial Coding Theory. ACCT, vol. 7, pp. 151–156 (2000) Google Scholar
  7. [7]
    E.M. Gabidulin, A.V. Ourivski, Column scrambler for the GPT cryptosystem, Discrete Appl. Math. 128(1), 207–221 (2003) zbMATHCrossRefMathSciNetGoogle Scholar
  8. [8]
    E.M. Gabidulin, A.V. Paramonov, O.V. Tretjakov, Ideals over a non-commutative ring and their applications to cryptography, in Proc. Eurocrypt ’91. LNCS, vol. 547 (Springer, Berlin, 1991) Google Scholar
  9. [9]
    E.M. Gabidulin, A.V. Ourivski, B. Honary, B. Ammar, Reducible rank codes and their applications to cryptography, IEEE Trans. Inform. Theory 49(12), 3289–3293 (2003) CrossRefMathSciNetGoogle Scholar
  10. [10]
    J.K. Gibson, Severely denting the Gabidulin version of the McEliece public key cryptosystem, Des. Codes Cryptogr. 6(1), 37–45 (1995) zbMATHCrossRefMathSciNetGoogle Scholar
  11. [11]
    K. Gibson, The security of the Gabidulin public key cryptosystem, in Proc. of Eurocrypt’96. LNCS, vol. 1070 (Springer, Berlin, 1996), pp. 212–223 Google Scholar
  12. [12]
    T. Johansson, A.V. Ourivski, New technique for decoding codes in the rank metric and its cryptography applications, Problems Inform. Transm. 38(3), 237–246 (2002) zbMATHCrossRefGoogle Scholar
  13. [13]
    P. Loidreau, R. Overbeck, Decoding rank errors beyond the error-correction capability, in Proc. of ACCT-10, Zvenigorod (2006) Google Scholar
  14. [14]
    R.J. McEliece, A public key cryptosystem based on algebraic coding theory, DSN Prog. Rep. 42–44, 114–116 (1978) Google Scholar
  15. [15]
    A.V. Ourivski, Recovering a parent code for subcodes of maximal rank distance codes, in Proc. of WCC 03, pp. 357–363 (2003) Google Scholar
  16. [16]
    R. Overbeck, Decoding interleaved Gabidulin codes and ciphertext-security for GPT variants. Available at
  17. [17]
    R. Overbeck, A new structural attack for GPT and variants, in Proc. of Mycrypt 2005. LNCS, vol. 3715 (Springer, Berlin, 2005), pp. 50–63 CrossRefGoogle Scholar
  18. [18]
    R. Overbeck, Extending Gibson’s attacks on the GPT cryptosystem, in Proc. of WCC 2005. LNCS, vol. 3969 (Springer, Berlin, 2006), pp. 178–188 Google Scholar
  19. [19]
    M. Ogle, T. Migler, K.E. Morrison, Weight and rank of matrices over finite fields, 2003. Available at

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  1. 1.Technishe Universität Darmstadt, Department of Computer ScienceCryptography and Computer Algebra GroupDarmstadtGermany

Personalised recommendations