On the Security of Some Compact Keys for McEliece Scheme

In this paper we study the security of the key of compact McEliece schemes based on alternant/Goppa codes with a non-trivial permutation group, in particular quasicyclic alternant codes. We show that it is possible to reduce the key-recovery problem on the original quasi-cyclic code to the same problem on a smaller code derived from the public key. This result is obtained thanks to the invariant operation which gives the subcode whose elements are invariant under a permutation σ ∈ Perm(C). The fundamental advantage of this invariant code is that it preserves the alternant structure, ie: the invariant subcode of an alternant code is an alternant code. This approach improves the technique of Faugère, Otmani, Tillich, Perret and Portzamparc which uses folded codes of alternant codes obtained by using supports globally stable by an affine map. We use a simpler approach with a unified view on quasi-cyclic alternant codes and we extend the key-recovery to the non-affine case, for all codes obtained by using supports globally stable by a homography.