pith. sign in

arxiv: 2604.18282 · v1 · submitted 2026-04-20 · 💻 cs.CR · cs.IT· math.IT

Subcodes of Lambda-Gabidulin Codes for Compact-Ciphertext Cryptography

Freddy Lend\'e Metouk\'e , Herv\'e Tal\'e Kalachi , Hermann Tchatchiem Kamche , Ousmane Ndiaye , S\'elestin Ndjeya This is my paper

Pith reviewed 2026-05-10 04:34 UTC · model grok-4.3

classification 💻 cs.CR cs.ITmath.IT
keywords lambda-Gabidulin codessubcodesrank-metric codesMinRank problemNiederreiter cryptosystemMcEliece cryptosystemcompact ciphertextspost-quantum cryptography
0
0 comments X

The pith

Random subcodes of classical Gabidulin codes yield the smallest ciphertexts in MinRank-based encryption at 128-, 192-, and 256-bit security.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper analyzes subspace and generalized subspace subcodes of lambda-Gabidulin codes and relates them to subcodes of classical Gabidulin codes via coordinate-wise scaling to obtain cardinality bounds and structural properties. It then proposes a generator-matrix construction for random subcodes that avoid nontrivial algebraic invariants and applies these to McEliece-like and Niederreiter-like schemes in the MinRank setting. Among the parameter sets examined, the LGS-Niederreiter instances from random subcodes of classical Gabidulin codes produce the smallest ciphertexts at the 128-, 192-, and 256-bit security levels while keeping public-key sizes competitive. A reader would care because smaller ciphertexts directly reduce bandwidth requirements in post-quantum encryption without sacrificing security assumptions. The work also characterizes Gabidulin subspace subcodes in terms of linearized polynomials when the extension degree equals code length.

Core claim

Among the parameter sets considered in this work, the most compact ciphertexts are obtained from random subcodes of classical Gabidulin codes. At the 128-, 192-, and 256-bit security levels, the resulting LGS-Niederreiter instances achieve the smallest ciphertext sizes among the compared schemes, while maintaining competitive public-key sizes.

What carries the argument

Random subcodes of classical Gabidulin codes, built from generator matrices to sidestep nontrivial algebraic invariants, and deployed as the underlying codes in MinRank-based Niederreiter encryption.

If this is right

  • LGS-Niederreiter schemes deliver the smallest ciphertexts among the compared rank-metric schemes at 128-, 192-, and 256-bit security.
  • Public-key sizes stay competitive with existing constructions.
  • Subspace subcodes of lambda-Gabidulin codes relate to those of classical Gabidulin codes by coordinate-wise scaling, yielding explicit cardinality bounds.
  • When extension degree equals length, Gabidulin subspace subcodes admit an explicit description via linearized polynomials for encoding and dimension.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Focusing on carefully chosen random subcodes rather than full Gabidulin codes may offer a general route to size reductions in other rank-metric cryptographic constructions.
  • The generator-matrix method for avoiding invariants could be tested on additional families of rank-metric codes to check if similar compactness gains appear.
  • If the MinRank hardness assumption holds for these parameters, the schemes provide concrete candidates for bandwidth-sensitive post-quantum applications.

Load-bearing premise

The random subcodes of Gabidulin codes avoid nontrivial algebraic invariants exploitable by attacks, and the MinRank problem stays computationally hard for the chosen parameters.

What would settle it

An efficient attack that recovers the secret from a public key of one of the proposed LGS-Niederreiter instances at the stated security levels, or a practical solver for the corresponding MinRank instances.

Figures

Figures reproduced from arXiv: 2604.18282 by Freddy Lend\'e Metouk\'e, Hermann Tchatchiem Kamche, Herv\'e Tal\'e Kalachi, Ousmane Ndiaye, S\'elestin Ndjeya.

Figure 1
Figure 1. Figure 1: Relation between the vector and matrix representations over [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
read the original abstract

This paper investigates subcodes of lambda-Gabidulin codes, viewed as rank-metric analogues of generalized Reed--Solomon codes, and their applications to compact-ciphertext cryptosystems. We first analyze subspace and generalized subspace subcodes of lambda-Gabidulin codes and relate them to corresponding subcodes of classical Gabidulin codes through coordinate-wise scaling. This relation yields cardinality bounds and structural properties for these families. When the extension degree equals the code length, we further characterize Gabidulin subspace subcodes in terms of linearized polynomials, which gives an explicit description of their encoding and dimension. We also study the matrix images of these subcodes over the base field through their stabilizer and annihilator algebras, showing that subspace restrictions may preserve nontrivial algebraic invariants despite the loss of extension-field linearity. Motivated by these results, we propose a generator-matrix-based construction of random subcodes designed to avoid such invariants. This construction is then used to design McEliece-like and Niederreiter-like encryption schemes in the MinRank setting. Among the parameter sets considered in this work, the most compact ciphertexts are obtained from random subcodes of classical Gabidulin codes. At the 128-, 192-, and 256-bit security levels, the resulting $\mathsf{LGS}$-Niederreiter instances achieve the smallest ciphertext sizes among the compared schemes, while maintaining competitive public-key sizes.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. This paper analyzes subspace and generalized subspace subcodes of lambda-Gabidulin codes, relating them to subcodes of classical Gabidulin codes via coordinate-wise scaling to obtain cardinality bounds and structural properties. When the extension degree equals code length, it characterizes Gabidulin subspace subcodes via linearized polynomials for explicit encoding and dimension. It studies matrix images through stabilizer and annihilator algebras, showing that subspace restrictions can preserve nontrivial algebraic invariants. Motivated by this, the paper proposes a generator-matrix-based random subcode construction to avoid such invariants and applies it to MinRank-based McEliece-like and Niederreiter-like encryption schemes. The central claim is that, among considered parameters, random subcodes of classical Gabidulin codes yield LGS-Niederreiter instances with the smallest ciphertext sizes at the 128-, 192-, and 256-bit security levels while maintaining competitive public-key sizes.

Significance. If the random subcodes indeed trivialize the relevant algebras (so that only generic MinRank attacks apply) and the security estimates hold, the work provides a concrete improvement in ciphertext compactness for code-based post-quantum encryption. The algebraic analysis of invariants via stabilizer/annihilator algebras is a useful structural contribution that can inform future subcode designs. The explicit parameter comparisons and constructions add practical value if the security assumptions are verified.

major comments (2)
  1. [Parameter tables and security analysis] Parameter tables and security analysis section: no explicit computation of the dimensions of the stabilizer or annihilator algebras is reported for the concrete random generator matrices used in the LGS-Niederreiter parameter sets at 128/192/256-bit security. This verification is load-bearing for the claim that only generic MinRank attacks apply and thus for the asserted ciphertext-size superiority.
  2. [Random subcode construction] Random subcode construction (following the algebra analysis): the proposal is motivated by the observation that subspace subcodes may retain invariants, yet the text provides neither a proof that the randomness suffices to trivialize the algebras nor empirical checks (e.g., algebra-dimension computations) on the specific instances whose performance is highlighted. Without this, the security-level labels and cross-scheme ranking rest on an unverified assumption.
minor comments (2)
  1. [Abstract] The acronym LGS is used in the abstract and claims without an immediate expansion or forward reference to its definition as Lambda-Gabidulin Subcodes.
  2. [Analysis of subcodes] Notation for the scaling relation between lambda-Gabidulin and classical Gabidulin subcodes could be illustrated with a small explicit example to improve readability of the cardinality bounds.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for the careful reading and for highlighting the need for explicit verification of the algebraic invariants in our concrete parameter sets. We address the major comments point by point below. We will revise the manuscript to include the requested empirical checks on algebra dimensions, which will strengthen the security analysis without altering the core claims.

read point-by-point responses

  1. Referee: [Parameter tables and security analysis] Parameter tables and security analysis section: no explicit computation of the dimensions of the stabilizer or annihilator algebras is reported for the concrete random generator matrices used in the LGS-Niederreiter parameter sets at 128/192/256-bit security. This verification is load-bearing for the claim that only generic MinRank attacks apply and thus for the asserted ciphertext-size superiority.

    Authors: We agree that the current manuscript lacks explicit computations of the stabilizer and annihilator algebra dimensions for the specific random generator matrices appearing in the 128-, 192-, and 256-bit security parameter tables. This verification is indeed important to confirm that only generic MinRank attacks apply. In the revised version we will add these computations (performed over the base field for each listed generator matrix) and report the resulting dimensions. Preliminary calculations on the chosen random instances indicate that both algebras are trivial, consistent with the assumption used for the security estimates and ciphertext-size comparisons. revision: yes

  2. Referee: [Random subcode construction] Random subcode construction (following the algebra analysis): the proposal is motivated by the observation that subspace subcodes may retain invariants, yet the text provides neither a proof that the randomness suffices to trivialize the algebras nor empirical checks (e.g., algebra-dimension computations) on the specific instances whose performance is highlighted. Without this, the security-level labels and cross-scheme ranking rest on an unverified assumption.

    Authors: The generator-matrix-based random subcode construction is motivated by the preceding algebraic analysis showing that certain structured subcodes can preserve nontrivial invariants. We do not claim or provide a general proof that random selection always trivializes the algebras, as establishing such a probabilistic statement rigorously would require additional combinatorial arguments outside the scope of the present work. However, we acknowledge the absence of empirical checks on the concrete instances. In the revision we will include algebra-dimension computations for the exact random matrices used in the highlighted LGS-Niederreiter parameter sets, thereby supplying the missing empirical support for the security assumptions underlying the ciphertext-size rankings. revision: partial

standing simulated objections not resolved
  • A formal proof that random selection of generator matrices suffices to trivialize the stabilizer and annihilator algebras with overwhelming probability

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained

full rationale

The paper first derives cardinality bounds and structural properties (including stabilizer/annihilator algebras) directly from the definitions of lambda-Gabidulin codes, subspace subcodes, and their matrix images over the base field. It then proposes a generator-matrix random subcode construction explicitly motivated by those derived properties to avoid nontrivial invariants. Encryption instances are instantiated from this construction, with security levels assigned via the external MinRank hardness assumption and generic attack costs on the chosen parameters. No step equates a derived quantity to its own input by definition, renames a fitted value as a prediction, or reduces the central claim to a self-citation chain; the comparative ciphertext-size claims follow from explicit parameter tables and standard MinRank cost estimates.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claims rest on standard domain assumptions from coding theory and cryptography; no new free parameters, ad-hoc axioms, or invented entities are introduced in the abstract.

axioms (1)
  • domain assumption The MinRank problem remains hard for the chosen parameters and subcode constructions.
    This underpins the security of the proposed McEliece-like and Niederreiter-like schemes.

pith-pipeline@v0.9.0 · 5583 in / 1349 out tokens · 46098 ms · 2026-05-10T04:34:43.670216+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

53 extracted references · 53 canonical work pages

  1. [1]

    Bilinear forms over a finite field, with applications to coding theory,

    P. Delsarte, “Bilinear forms over a finite field, with applications to coding theory,”J. Comb. Theory, Ser. A, vol. 25, no. 3, pp. 226–241, 1978

    work page 1978

  2. [2]

    Theory of codes with maximum rank distance,

    `E. M. Gabidulin, “Theory of codes with maximum rank distance,”Problemy Peredachi Informatsii, vol. 21, no. 1, pp. 3–16, 1985

    work page 1985

  3. [3]

    Ideals over a non-commutative ring and their applications to cryptography,

    E. M. Gabidulin, A. V . Paramonov, and O. V . Tretjakov, “Ideals over a non-commutative ring and their applications to cryptography,” in Advances in Cryptology - EUROCRYPT’91, ser. Lecture Notes in Comput. Sci., no. 547, Brighton, Apr. 1991, pp. 482–489. 27

    work page 1991

  4. [4]

    R. J. McEliece,A Public-Key System Based on Algebraic Coding Theory. Jet Propulsion Lab, 1978, pp. 114–116, dSN Progress Report 44

    work page 1978

  5. [5]

    Generic decoding in the sum-rank metric,

    S. Puchinger, J. Renner, and J. Rosenkilde, “Generic decoding in the sum-rank metric,”IEEE Transactions on Information Theory, vol. 68, no. 8, pp. 5075–5097, 2022

    work page 2022

  6. [6]

    Properties of codes with the rank metric,

    M. Gadouleau and Z. Yan, “Properties of codes with the rank metric,” inProceedings of IEEE Global Telecommunications Conference (GLOBECOM), 2006

    work page 2006

  7. [7]

    Rank-metric codes and their applications,

    H. Bartz, L. Holzbaur, H. Liu, S. Puchinger, J. Renner, and A. Wachter-Zeh, “Rank-metric codes and their applications,”Foundations and Trends in Communications and Information Theory, vol. 19, no. 3, pp. 390–546, 2022

    work page 2022

  8. [8]

    Severely denting the Gabidulin version of the McEliece public key cryptosystem,

    J. K. Gibson, “Severely denting the Gabidulin version of the McEliece public key cryptosystem,”Designs, Codes and Cryptography, vol. 6, no. 1, pp. 37–45, 1995

    work page 1995

  9. [9]

    A new structural attack for GPT and variants,

    R. Overbeck, “A new structural attack for GPT and variants,” inMycrypt, ser. Lecture Notes in Comput. Sci., vol. 3715, 2005, pp. 50–63

    work page 2005

  10. [10]

    Structural attacks for public key cryptosystems based on Gabidulin codes,

    ——, “Structural attacks for public key cryptosystems based on Gabidulin codes,”J. Cryptology, vol. 21, no. 2, pp. 280–301, 2008

    work page 2008

  11. [11]

    Improved cryptanalysis of rank metric schemes based on Gabidulin codes,

    A. Otmani, H. T. Kalachi, and S. Ndjeya, “Improved cryptanalysis of rank metric schemes based on Gabidulin codes,”Designs, Codes and Cryptography, vol. 86, no. 9, pp. 1983–1996, 2018

    work page 1983

  12. [12]

    Extension of Overbeck’s attack for Gabidulin-based cryptosystems,

    A.-L. Horlemann-Trautmann, K. Marshall, and J. Rosenthal, “Extension of Overbeck’s attack for Gabidulin-based cryptosystems,” Designs, Codes and Cryptography, vol. 86, pp. 319–340, 2018

    work page 2018

  13. [13]

    On the failure of the smart approach of the GPT cryptosystem,

    H. T. Kalachi, “On the failure of the smart approach of the GPT cryptosystem,”Cryptologia, vol. 46, no. 2, pp. 167–182, 2022

    work page 2022

  14. [14]

    Designs, Codes and Cryptography73(2), 641–666 (2014).https://doi

    A. Couvreur, P. Gaborit, V . Gauthier-Uma ˜na, A. Otmani, and J.-P. Tillich, “Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes,”Des. Codes Cryptogr., vol. 73, no. 2, pp. 641–666, 2014. [Online]. Available: http://dx.doi.org/10.1007/s10623-014-9967-z

    work page doi:10.1007/s10623-014-9967-z 2014

  15. [15]

    On subfield subcodes of modified Reed–Solomon codes,

    P. Delsarte, “On subfield subcodes of modified Reed–Solomon codes,”IEEE Transactions on Information Theory, vol. 21, no. 5, pp. 575–576, 1975

    work page 1975

  16. [16]

    A survey on code-based cryptography,

    V . Weger, N. Gassner, and J. Rosenthal, “A survey on code-based cryptography,” 2022

    work page 2022

  17. [17]

    On subcodes of codes in rank metric,

    E. M. Gabidulin and P. Loidreau, “On subcodes of codes in rank metric,” inProceedings. International Symposium on Information Theory, 2005. ISIT 2005.IEEE, 2005, pp. 121–123

    work page 2005

  18. [18]

    Properties of subspace subcodes of Gabidulin codes,

    ——, “Properties of subspace subcodes of Gabidulin codes,”Advances in Mathematics of Communications, vol. 2, no. 2, p. 147, 2008

    work page 2008

  19. [19]

    Rank subcodes in multicomponent network coding,

    E. M. Gabidulin and N. I. Pilipchuk, “Rank subcodes in multicomponent network coding,”Problems of information transmission, vol. 49, no. 1, pp. 40–53, 2013

    work page 2013

  20. [20]

    List decodability of random subcodes of Gabidulin codes,

    S. Liu, C. Xing, and C. Yuan, “List decodability of random subcodes of Gabidulin codes,”IEEE Transactions on Information Theory, vol. 63, no. 1, pp. 159–163, 2016

    work page 2016

  21. [21]

    Gabidulin matrix codes and their application to small ciphertext size cryptosystems,

    T. P. Berger, P. Gaborit, and O. Ruatta, “Gabidulin matrix codes and their application to small ciphertext size cryptosystems,” inProgress in Cryptology–INDOCRYPT 2017: 18th International Conference on Cryptology in India, Chennai, India, December 10-13, 2017, Proceedings 18. Springer, 2017, pp. 247–266

    work page 2017

  22. [22]

    Two modifications for Loidreau’s code-based cryptosystem,

    W. Guo and F.-W. Fu, “Two modifications for Loidreau’s code-based cryptosystem,”Applicable Algebra in Engineering, Communication and Computing, vol. 35, no. 5, pp. 647–665, 2024

    work page 2024

  23. [23]

    A new Gabidulin-like code and its application in cryptography,

    T. S. C. Lau and C. H. Tan, “A new Gabidulin-like code and its application in cryptography,” inInternational Conference on Codes, Cryptology, and Information Security. Springer, 2019, pp. 269–287

    work page 2019

  24. [24]

    Security assessment of the LG cryptosystem,

    ´E. Burle, H. T. Kalachi, F. L. Metouke, and A. Otmani, “Security assessment of the LG cryptosystem,”Applicable Algebra in Engineering, Communication and Computing, vol. 37, no. 1, pp. 187–198, 2026

    work page 2026

  25. [25]

    MinRank Gabidulin encryption scheme on matrix codes,

    N. Aragon, A. Couvreur, V . Dyseryn, P. Gaborit, and A. Vin c ¸otte, “MinRank Gabidulin encryption scheme on matrix codes,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2024, pp. 68–100

    work page 2024

  26. [26]

    Topics in matrix analysis cambridge university press cambridge,

    R. Horn and C. R. Johnson, “Topics in matrix analysis cambridge university press cambridge,”UK Google Scholar, 1991

    work page 1991

  27. [27]

    On subfield subcodes of modified Reed-Solomon codes (corresp.),

    P. Delsarte, “On subfield subcodes of modified Reed-Solomon codes (corresp.),”IEEE Transactions on Information Theory, vol. 21, no. 5, pp. 575–576, 2003

    work page 2003

  28. [28]

    Subfield subcodes and trace codes,

    H. Stichtenoth, “Subfield subcodes and trace codes,”Algebraic Function Fields and Codes, pp. 311–326, 2009

    work page 2009

  29. [29]

    Subspace subcodes of Reed-Solomon codes,

    M. Hattori, R. J. McEliece, and G. Solomon, “Subspace subcodes of Reed-Solomon codes,”IEEE Transactions on Information Theory, vol. 44, no. 5, pp. 1861–1880, 2002

    work page 2002

  30. [30]

    On the security of subspace subcodes of Reed–Solomon codes for public key encryption,

    A. Couvreur and M. Lequesne, “On the security of subspace subcodes of Reed–Solomon codes for public key encryption,”IEEE Transactions on Information Theory, vol. 68, no. 1, pp. 632–648, 2021

    work page 2021

  31. [31]

    Generalized subspace subcodes in the rank metric,

    O. Ndiaye, P. A. Kidoudou, and H. T. Kalachi, “Generalized subspace subcodes in the rank metric,”arXiv preprint arXiv:2301.12523, 2023

    work page arXiv 2023

  32. [32]

    Lang,Algebra

    S. Lang,Algebra. Springer Science & Business Media, 2012, vol. 211

    work page 2012

  33. [33]

    Theory of non-commutative polynomials,

    O. Ore, “Theory of non-commutative polynomials,”Annals of mathematics, vol. 34, no. 3, pp. 480–508, 1933

    work page 1933

  34. [34]

    On a special class of polynomials,

    ——, “On a special class of polynomials,”Transactions of the American Mathematical Society, vol. 35, no. 3, pp. 559–584, 1933

    work page 1933

  35. [35]

    Finite rings with identity,

    B. R. McDonald, “Finite rings with identity,”(No Title), 1974

    work page 1974

  36. [36]

    Improved key attack on the minrank encryption scheme based on matrix codes,

    A. Porwal, A. Wachter-Zeh, and P. Loidreau, “Improved key attack on the minrank encryption scheme based on matrix codes,”Cryptology ePrint Archive, 2025

    work page 2025

  37. [37]

    Cryptanalysis of minrank,

    J.-C. Faugere, F. Levy-dit Vehel, and L. Perret, “Cryptanalysis of minrank,” inAnnual International Cryptology Conference. Springer, 2008, pp. 280–296

    work page 2008

  38. [38]

    The computational complexity of some problems of linear algebra,

    J. F. Buss, G. S. Frandsen, and J. O. Shallit, “The computational complexity of some problems of linear algebra,”Journal of Computer and System Sciences, vol. 58, no. 3, pp. 572–596, 1999

    work page 1999

  39. [39]

    Design principles for HFEv-based multivariate signature schemes,

    A. Petzoldt, M.-S. Chen, B.-Y . Yang, C. Tao, and J. Ding, “Design principles for HFEv-based multivariate signature schemes,” in Advances in Cryptology–ASIACRYPT 2015: 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29–December 3, 2015, Proceedings, Part I 21. Springer, 20...

    work page 2015

  40. [40]

    Improved cryptanalysis of uov and rainbow,

    W. Beullens, “Improved cryptanalysis of uov and rainbow,” inAnnual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2021, pp. 348–373

    work page 2021

  41. [41]

    Cryptanalysis of the TTM cryptosystem,

    L. Goubin and N. T. Courtois, “Cryptanalysis of the TTM cryptosystem,” inAdvances in Cryptology—ASIACRYPT 2000: 6th International Conference on the Theory and Application of Cryptology and Information Security Kyoto, Japan, December 3–7, 2000 Proceedings 6. Springer, 2000, pp. 44–57

    work page 2000

  42. [42]

    Matrix multiplication via arithmetic progressions,

    D. Coppersmith and S. Winograd, “Matrix multiplication via arithmetic progressions,” inProceedings of the nineteenth annual ACM symposium on Theory of computing, 1987, pp. 1–6

    work page 1987

  43. [43]

    Improvement of algebraic attacks for solving superdetermined minrank instances,

    M. Bardet and M. Bertin, “Improvement of algebraic attacks for solving superdetermined minrank instances,” inInternational Conference on Post-Quantum Cryptography. Springer, 2022, pp. 107–123

    work page 2022

  44. [44]

    Algebraic cryptanalysis and contributions to post-quantum cryptography based on error-correcting codes in the rank-metric,

    M. Bros, “Algebraic cryptanalysis and contributions to post-quantum cryptography based on error-correcting codes in the rank-metric,” Ph.D. dissertation, Universit ´e de Limoges, 2022

    work page 2022

  45. [45]

    Revisiting algebraic attacks on minrank and on the rank decoding problem,

    M. Bardet, P. Briaud, M. Bros, P. Gaborit, and J.-P. Tillich, “Revisiting algebraic attacks on minrank and on the rank decoding problem,” Designs, Codes and Cryptography, vol. 91, no. 11, pp. 3671–3707, 2023

    work page 2023

  46. [46]

    Hybrid subsupport guessing: A new hybrid technique for the rank decoding problem,

    H. Beeloo-Sauerbier Couv ´ee, A. Wachter-Zeh, and V . Weger, “Hybrid subsupport guessing: A new hybrid technique for the rank decoding problem,” inPost-Quantum Cryptography, M. Bardet and R. Niederhagen, Eds. Cham: Springer Nature Switzerland, 2026, pp. 130–155

    work page 2026

  47. [47]

    A minrank-based encryption scheme \a la alekhnovich-regev,

    T. Debris-Alazard, P. Gaborit, R. Neveu, and O. Ruatta, “A minrank-based encryption scheme \a la alekhnovich-regev,”arXiv preprint arXiv:2510.07584, 2025

    work page arXiv 2025

  48. [48]

    A NP-complete problem in coding theory with application to code based cryptography,

    T. P. Berger, C. T. Gueye, and J. B. Klamti, “A NP-complete problem in coding theory with application to code based cryptography,” in International Conference on Codes, Cryptology, and Information Security. Springer, 2017, pp. 230–237

    work page 2017

  49. [49]

    Protocoles cryptographiques bas ´es sur les codes correcteurs d’erreur en m ´etrique rang,

    A. Vinc ¸otte, “Protocoles cryptographiques bas ´es sur les codes correcteurs d’erreur en m ´etrique rang,” Ph.D. dissertation, Universit ´e de Limoges, 2025

    work page 2025

  50. [50]

    Classic McEliece: conservative code-based cryptography,

    D. J. Bernstein, T. Chou, T. Lange, I. von Maurich, R. Misoczki, R. Niederhagen, E. Persichetti, C. Peters, P. Schwabe, N. Sendrier et al., “Classic McEliece: conservative code-based cryptography,”NIST submissions, vol. 1, no. 1, pp. 1–25, 2017

    work page 2017

  51. [51]

    The blockwise rank syndrome learning problem and its applications to cryptography,

    N. Aragon, P. Briaud, V . Dyseryn, P. Gaborit, and A. Vin c ¸otte, “The blockwise rank syndrome learning problem and its applications to cryptography,” inInternational Conference on Post-Quantum Cryptography. Springer, 2024, pp. 75–106

    work page 2024

  52. [52]

    C. A. Melchor, N. Aragon, P. Barreto, S. Bettaieb, L. Bidoux, O. Blazy, J.-C. Deneuville, P. Gaborit, S. Gueron, T. G ¨uneysuet al., “Bike,”First round submission to the NIST post-quantum cryptography call, 2017

    work page 2017

  53. [53]

    RQC revisited and more cryptanalysis for rank-based cryptography,

    L. Bidoux, P. Briaud, M. Bros, and P. Gaborit, “RQC revisited and more cryptanalysis for rank-based cryptography,”IEEE Transactions on Information Theory, 2023. 29

    work page 2023