# Low Rank Parity Check Codes: New Decoding Algorithms and Applications to   Cryptography

**Authors:** Nicolas Aragon, Philippe Gaborit, Adrien Hauteville, Olivier, Ruatta, Gilles Z\'emor

arXiv: 1904.00357 · 2019-04-02

## TL;DR

This paper introduces Low Rank Parity Check (LRPC) codes with a new decoding algorithm, enabling cryptographic schemes that outperform previous rank metric code-based systems in security and efficiency.

## Contribution

The paper presents a novel family of rank metric codes, LRPC, with an improved probabilistic decoding algorithm that handles higher error weights, and proposes cryptosystems based on these codes.

## Key findings

- Decoding error probability can be made arbitrarily small.
- LRPC codes outperform Gabidulin codes in decoding higher error weights.
- Cryptosystems achieve 128-bit security with relatively small keys.

## Abstract

We introduce a new family of rank metric codes: Low Rank Parity Check codes (LRPC), for which we propose an efficient probabilistic decoding algorithm. This family of codes can be seen as the equivalent of classical LDPC codes for the rank metric. We then use these codes to design cryptosystems \`a la McEliece: more precisely we propose two schemes for key encapsulation mechanism (KEM) and public key encryption (PKE). Unlike rank metric codes used in   previous encryption algorithms -notably Gabidulin codes - LRPC codes have a very weak algebraic structure. Our cryptosystems can be seen as an equivalent of the NTRU cryptosystem (and also to the more recent MDPC \cite{MTSB12} cryptosystem) in a rank metric context. The present paper is an extended version of the article introducing LRPC codes, with important new contributions. We have improved the decoder thanks to a new approach which allows for decoding of errors of higher rank weight, namely up to $\frac{2}{3}(n-k)$ when the previous decoding algorithm only decodes up to $\frac{n-k}{2}$ errors. Our codes therefore outperform the classical Gabidulin code decoder which deals with weights up to $\frac{n-k}{2}$. This comes at the expense of probabilistic decoding, but the decoding error probability can be made arbitrarily small. The new approach can also be used to decrease the decoding error probability of previous schemes, which is especially useful for cryptography. Finally, we introduce ideal rank codes, which generalize double-circulant rank codes and allow us to avoid known structural attacks based on folding. To conclude, we propose different parameter sizes for our schemes and we obtain a public key of 3337 bits for key exchange and 5893 bits for public key encryption, both for 128 bits of security.

---
Source: https://tomesphere.com/paper/1904.00357