Reducing Key Length of the McEliece Cryptosystem

The McEliece cryptosystem is one of the oldest public-key cryptosystem ever designated. It is also the first public-key cryptosystem based on linear error-correcting codes. The main advantage of the McEliece cryptosystem is to have a very fast encryption and decryption functions but suffers from a major drawback. It requires a very large public key which makes it very difficult to use in many practical situations. In this paper we propose a new general way to reduce the public key size through quasi-cyclic codes. Our construction introduces a new method of hiding the structure of the secret generator matrix by first choosing a subfield subcode of a quasi-cyclic code that is defined over a large alphabet and then by randomly shortening the chosen subcode. The security of our variant is related to the hardness of decoding a random quasi-cyclic code. We introduce a new decisional problem that is associated to the decoding of an arbitrary quasi-cyclic code. We prove that it is an NP-complete problem. Starting from subfield subcodes of quasi-cyclic generalized Reed-Solomon codes, we propose a system with several size of parameters from 6,000 to 11,000 bits with a security ranging from 2 to 2. Implementations of our proposal show that we can encrypt at a speed of 120 Mbits/s (or one octet for 120 cycles). Hence our new proposal represents the most competitive public-key cryptosystem.