Using Reed-Solomon codes in the ( U U+V) construction and an application to cryptography

Abstract

In this paper we present a modification of Reed-Solomon codes that beats the Guruwami-Sudan 1-R decoding radius of Reed-Solomon codes at low rates R. The idea is to choose Reed-Solomon codes U and V with appropriate rates in a ( U U+V) construction and to decode them with the Koetter-Vardy soft information decoder. We suggest to use a slightly more general version of these codes (but which has the same decoding performances as the ( U U+V)-construction) for code-based cryptography, namely to build a McEliece scheme. The point is here that these codes not only perform nearly as well (or even better in the low rate regime) as Reed-Solomon codes, their structure seems to avoid the Sidelnikov-Shestakov attack which broke a previous McEliece proposal based on generalized Reed-Solomon codes.