Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12100)


We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. The expected work factor of this new randomized decoding approach is a polynomial term times \(q^{m(n-k)-w(n+m)+w^2+\min \{2\xi (\frac{n+k}{2}-\xi ),wk\} }\), where n is the code length, q the size of the base field, m the extension degree of the field, k the code dimension, w the number of errors, and \(\xi := w-\tfrac{n-k}{2}\). It improves upon generic rank-metric decoders by an exponential factor.


Gabidulin codes Decoding Rank metric Code-based cryptography 


  1. 1.
    Aguilar Melchor, C., et al.: Rank quasi cyclic (RQC). Second round submission to the NIST post-quantum cryptography call (2019).
  2. 2.
    Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.: A new algorithm for solving the rank syndrome decoding problem. In: IEEE International Symposium on Information Theory (ISIT), pp. 2421–2425, June 2018.
  3. 3.
    Augot, D., Finiasz, M.: A public key encryption scheme based on the polynomial reconstruction problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 229–240. Springer, Heidelberg (2003). Scholar
  4. 4.
    Bardet, M., et al.: An algebraic attack on rank metric code-based cryptosystems. Technical report (2019). arXiv:1910.00810v1
  5. 5.
    Ben-Sasson, E., Kopparty, S., Radhakrishnan, J.: Subspace polynomials and limits to list decoding of Reed-Solomon codes. IEEE Trans. Inf. Theory 56(1), 113–120 (2010). Scholar
  6. 6.
    Berlekamp, E., McEliece, R.J., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Delsarte, P.: Bilinear forms over a finite field with applications to coding theory. J. Comb. Theory Ser. A 25(3), 226–241 (1978)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Etzion, T., Vardy, A.: Error-correcting codes in projective space. IEEE Trans. Inf. Theory 57(2), 1165–1173 (2011)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Faure, C., Loidreau, P.: A new public-key cryptosystem based on the problem of reconstructing p–polynomials. In: Ytrehus, Ø. (ed.) WCC 2005. LNCS, vol. 3969, pp. 304–315. Springer, Heidelberg (2006). Scholar
  10. 10.
    Gabidulin, E.M.: Theory of codes with maximum rank distance. Probl. Inf. Transm. 21(1), 3–16 (1985)MathSciNetzbMATHGoogle Scholar
  11. 11.
    Gabidulin, E.M., Paramonov, A.V., Tretjakov, O.V.: Rank errors and rank erasures correction. In: 4th International Colloquium on Coding Theory (1991)Google Scholar
  12. 12.
    Gabidulin, E.M., Pilipchuk, N.I.: Error and erasure correcting algorithms for rank codes. Des. Codes Cryptogr. 49(1–3), 105–122 (2008)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Gaborit, P., Otmani, A., Talé Kalachi, H.: Polynomial-time key recovery attack on the Faure-Loidreau scheme based on Gabidulin codes. Des. Codes Cryptogr. 86, 1391–1403 (2018)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016). Scholar
  15. 15.
    Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory 62(12), 7245–7252 (2015)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometry codes. IEEE Trans. Inf. Theory 45(6), 1757–1767 (1999)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Guruswami, V., Vardy, A.: Maximum-likelihood decoding of Reed-Solomon codes is NP-hard. IEEE Trans. Inf. Theory 51, 2249–2256 (2005)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Horlemann-Trautmann, A.L., Kuijper, M.: A module minimization approach to Gabidulin decoding via interpolation. J. Algebra Comb. Discrete Struct. Appl. 5(1), 29–43 (2017)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Jerkovits, T., Bartz, H.: Weak keys in the Faure-Loidreau cryptosystem. In: Baldi, M., Persichetti, E., Santini, P. (eds.) CBC 2019. LNCS, vol. 11666, pp. 102–114. Springer, Cham (2019). Scholar
  20. 20.
    Koetter, R., Kschischang, F.R.: Coding for errors and erasures in random network coding. IEEE Trans. Inf. Theory 54(8), 3579–3591 (2008)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Lavauzelle, J., Loidreau, P., Pham, B.D.: Ramesses, a rank metric encryption scheme with short keys. preprint (2019).
  22. 22.
    Raviv, N., Wachter-Zeh, A.: Some Gabidulin codes cannot be list decoded efficiently at any radius. IEEE Trans. Inf. Theory 62(4), 1605–1615 (2016)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Richter, G., Plass, S.: Error and erasure decoding of rank-codes with a modified Berlekamp-Massey algorithm. In: International ITG Conference on Systems, Communications and Coding 2004 (SCC) (2004)Google Scholar
  24. 24.
    Roth, R.M.: Maximum-rank array codes and their application to crisscross error correction. IEEE Trans. Inf. Theory 37(2), 328–336 (1991)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Silva, D.: Error control for network coding. Ph.D. thesis (2009)Google Scholar
  26. 26.
    Silva, D., Kschischang, F.R., Koetter, R.: A rank-metric approach to error control in random network coding. IEEE Trans. Inf. Theory 54(9), 3951–3967 (2008)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Stern, J.: Approximating the number of error locations within a constant ratio is NP-complete. In: Cohen, G., Mora, T., Moreno, O. (eds.) AAECC 1993. LNCS, vol. 673, pp. 325–331. Springer, Heidelberg (1993). Scholar
  28. 28.
    Trombetti, R., Zullo, F.: On the list decodability of Rank Metric codes. preprint (2019).
  29. 29.
    Vardy, A.: The intractability of computing the minimum distance of a code. IEEE Trans. Inf. Theory 43(6), 1757–1766 (1997)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Wachter, A., Sidorenko, V., Bossert, M.: A basis for all solutions of the key equation for Gabidulin codes. In: IEEE International Symposium on Information Theory (ISIT), pp. 1143–1147, June 2010.
  31. 31.
    Wachter-Zeh, A.: Bounds on list decoding of rank-metric codes. IEEE Trans. Inf. Theory 59(11), 7268–7277 (2013)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Wachter-Zeh, A.: Decoding of block and convolutional codes in rank metric. Ph.D. thesis, Ulm University and Université Rennes 1 (2013)Google Scholar
  33. 33.
    Wachter-Zeh, A., Puchinger, S., Renner, J.: Repairing the Faure-Loidreau public-key cryptosystem. In: IEEE International Symposium on Information Theory (ISIT) (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Technical University of Munich (TUM)MunichGermany
  2. 2.German Aerospace Center (DLR)Oberpfaffenhofen-WesslingGermany
  3. 3.Technical University of Denmark (DTU)LyngbyDenmark
  4. 4.Univ Rennes, DGA MI, CNRS, IRMAR - UMR 6625RennesFrance

Personalised recommendations