We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.

我们提出了新的等级度量基于代码的密码系统LIGA其基于的硬度升IST解码和我nterleaved解码嘎bidulin代码。LIGA是Faure-Loidreau（FL）系统的改进变体，在Gaborit，Otmani和TaléKalachi的结构性攻击中被破坏（GOT，2018年）。我们保留FL加密和解密算法，但修改不安全的密钥生成算法。我们的关键观察结果是，GOT攻击等效于解码交错的Gabidulin码。新的密钥生成算法可构造所有多项式时间交织解码器均失败的公共密钥，因此，LIGA抵抗GOT攻击。我们还证明了LIGA的公钥加密版本在标准模型中是IND-CPA安全的，而密钥封装机制版本在随机预言模型中是IND-CCA2安全的，这都是在与列表解码相关的正式定义问题的严格假设下进行的和Gabidulin码的交错解码。我们提出并分析针对这些问题的各种指数时间攻击，计算其工作因素，并将所得参数与NIST建议进行比较。LIGA的强项是密文大小短和（相对）密钥大小小。此外，LIGA保证正确的解密，并且没有解密失败率。这是不基于隐藏代码的结构。由于存在有效且恒定时间的编码和解码加比德林码的算法，因此可以轻松地防止对加密和解密算法进行定时攻击。