Quantum Resistant Random Linear Code Based Public Key Encryption Scheme RLCE

Lattice based encryption schemes and linear code based encryption schemes have received extensive attention in recent years since they have been considered as post-quantum candidate encryption schemes. Though LLL reduction algorithm has been one of the major cryptanalysis techniques for lattice based cryptographic systems, key recovery cryptanalysis techniques for linear code based cryptographic systems are generally scheme specific. In recent years, several important techniques such as Sidelnikov-Shestakov attack, filtration attacks, and algebraic attacks have been developed to crypt-analyze linear code based encryption schemes. Though most of these cryptanalysis techniques are relatively new, they prove to be very powerful and many systems have been broken using them. Thus it is important to design linear code based cryptographic systems that are immune against these attacks. This paper proposes linear code based encryption scheme RLCE which shares many characteristics with random linear codes. Our analysis shows that the scheme RLCE is secure against existing attacks and we hope that the security of the RLCE scheme is equivalent to the hardness of decoding random linear codes. Example parameters for different security levels are recommended for the scheme RLCE.

💡 Research Summary

The paper addresses the need for post‑quantum public‑key encryption schemes that are resistant to both quantum attacks and the increasingly sophisticated cryptanalysis of linear‑code‑based cryptosystems. While lattice‑based schemes have been widely studied, linear‑code‑based schemes such as McEliece remain attractive because they are believed to be immune to known quantum algorithms. However, many variants of McEliece that replace the original binary Goppa codes with Reed‑Solomon, generalized Reed‑Solomon, algebraic‑geometry, LDPC, MDPC, or quasi‑cyclic structures have been broken by attacks that exploit specific algebraic or structural properties (Sidelnikov‑Shestakov, filtration, and Gröbner‑basis attacks). The authors therefore propose a new scheme, called RLCE (Random Linear Code based Encryption), whose public key is designed to look indistinguishable from a truly random linear code.

Construction Overview

1. Start with any linear code of length n, dimension k, and minimum distance d (e.g., a Reed‑Solomon or Goppa code) that admits an efficient decoder capable of correcting at least t errors. Its generator matrix is denoted Gs.
2. For each column gi of Gs, insert a random k × r matrix Ci, forming a block