On the List-Decodability of Random Linear Rank-Metric Codes

The list-decodability of random linear rank-metric codes is shown to match that of random rank-metric codes. Specifically, an $\mathbb{F}_q$-linear rank-metric code over $\mathbb{F}_q^{m \times n}$ of rate $R = (1-\rho)(1-\frac{n}{m}\rho)-\varepsilon$ is shown to be (with high probability) list-decodable up to fractional radius $\rho \in (0,1)$ with lists of size at most $\frac{C_{\rho,q}}{\varepsilon}$, where $C_{\rho,q}$ is a constant depending only on $\rho$ and $q$. This matches the bound for random rank-metric codes (up to constant factors). The proof adapts the approach of Guruswami, H\aa stad, Kopparty (STOC 2010), who established a similar result for the Hamming metric case, to the rank-metric setting

LIGA: A Cryptosystem Based on the Hardness of Rank-Metric List and Interleaved Decoding

We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure-Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Tal\'e Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail---hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the KEM version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.Comment: Extended version of arXiv:1801.0368

Evading Subspaces Over Large Fields and Explicit List-decodable Rank-metric Codes

We construct an explicit family of linear rank-metric codes over any field F that enables efficient list decoding up to a fraction rho of errors in the rank metric with a rate of 1-rho-eps, for any desired rho in (0,1) and eps > 0. Previously, a Monte Carlo construction of such codes was known, but this is in fact the first explicit construction of positive rate rank-metric codes for list decoding beyond the unique decoding radius. Our codes are explicit subcodes of the well-known Gabidulin codes, which encode linearized polynomials of low degree via their values at a collection of linearly independent points. The subcode is picked by restricting the message polynomials to an F-subspace that evades certain structured subspaces over an extension field of F. These structured spaces arise from the linear-algebraic list decoder for Gabidulin codes due to Guruswami and Xing (STOC\u2713). Our construction is obtained by combining subspace designs constructed by Guruswami and Kopparty (FOCS\u2713) with subspace-evasive varieties due to Dvir and Lovett (STOC\u2712). We establish a similar result for subspace codes, which are a collection of subspaces, every pair of which have low-dimensional intersection, and which have received much attention recently in the context of network coding. We also give explicit subcodes of folded Reed-Solomon (RS) codes with small folding order that are list-decodable (in the Hamming metric) with optimal redundancy, motivated by the fact that list decoding RS codes reduces to list decoding such folded RS codes. However, as we only list decode a subcode of these codes, the Johnson radius continues to be the best known error fraction for list decoding RS codes

List Decoding of Locally Repairable Codes

We show that locally repairable codes (LRCs) can be list decoded efficiently beyond the Johnson radius for a large range of parameters by utilizing the local error correction capabilities. The new decoding radius is derived and the asymptotic behavior is analyzed. We give a general list decoding algorithm for LRCs that achieves this radius along with an explicit realization for a class of LRCs based on Reed-Solomon codes (Tamo-Barg LRCs). Further, a probabilistic algorithm for unique decoding of low complexity is given and its success probability analyzed