Gabidulin matrix codes and their application to small ciphertext size cryptosystems

Abstract

In this paper we propose a new method to hide the structure of Gabidulin codes for cryptographic applications. At the difference of previous cryptosystems based on Gabidulin codes, we do not try to mask the structure of Gabidulin codes by the use of some distortion methods, but we consider matrix codes obtained from subcodes of binary images of Gabidulin codes. This allows us to remove the properties related to multiplication in the extension field. In particular, this prevents the use of Frobenius for cryptanalysis. Thus, Overbeck’s attack can no longer be applied. In practice we obtain public key with a gain of a factor of order ten compared to the classical Goppa-McEliece scheme with still a small cipher text of order only 1 kbits, better than recent cryptosystems for which the cipher text size is of order 10 kbits. Several results used and proved in the paper are of independent interest: results on structural properties of Gabidulin matrix codes and hardness of deciding whether a code is equivalent to a subcode of a matrix code.