We consider a public-key cryptosystem (see [1,2]) based on a low-rate Reed-Muller code of order r and length N = 2 m (RM r code) and using the decoding algorithm of the paper [3]. We propose an improvement of this cryptosystem and provide some evidence that this improvement enhances the cryptosystem security.This paper is devoted mainly to studying the complexity of cracking the original (with RM r code) as well as the improved encryption systems. The main conclusion states that the considered coding-based cryptosystems, especially the improved one, possess for N > 1024 a high security, the transmission rate dose to 1, and a low complexity of both encryption and decryption.
CRYPTOSYSTEM DESCRIPTIONA binary Reed-Muller code of order r and length TV = 2 m (RM T code) is constituted by vectors of the form Ω/ = (/(αϊ), ... ,/(ayv)), where f(x) is a Boolean function of m variables with non-linearity order at most r, and {αι,.,.,ατν} = (F 2 ) m is the set of all binary vectors of length m. This set is a linear m-dimensional space over the two-element field F 2 . The number of information bits (dimension) of the RM T code over F 2 is^ ( m \ = Σ( , l· j=0 \J / and its code distance is d = 2 m -r , i.e., the code corrects all combinations of 2 m~r " 1 -1 errors [4], Efficient decoding algorithms for the RM T code, correcting 'almost all' errors of multiplicity up to t(N, m) = l/2(N -O(m r N l/2 )), i.e., far beyond d/2, were proposed in [3]. The complexity of these algorithms is O(m r~l N 2 ) operations in the field F 2 . Experiments show, for instance, that the decoding algorithm of [3] 'almost always' corrects 200 and 420 errors for the RM 3 codes of length Ν = 1024 and TV = 2048 (m = 10, 11) and dimension 176 and 232, respectively.Let R be the given k(r) χ Ν generator matrix for an RM T code of length N. Denote by £ r the ensemble of all matrices of the form E = H R Γ, where H is taken from the set of all k(r) χ k(r) non-singular matrices over F 2 and Γ is taken from the set of all Ν χ Ν permutation matrices, i.e., the matrices with entries in F 2 and a unique non-zero entry in each row and in each column. Let us calculate the number of elements in £ r .Define the automorphism group G> of the RM r code as the set of all permutation matrices Γ such that RT = HR. It is evident that \Sr\=hkNl\Gr 1-1
