On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis

Alain Couvreur; Rakhi Pratihar; Nihan Tanısalı; Ilaria Zappatore

doi:10.1007/978-3-031-86599-2_1

On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis

Alain Couvreur
, Rakhi Pratihar
, Nihan Tanısalı
, Ilaria Zappatore

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Twisted generalized Reed-Solomon (TGRS) codes constitute an interesting family of evaluation codes, containing a large class of maximum distance separable codes non-equivalent to generalized Reed-Solomon (GRS) ones. Moreover, the Schur squares of TGRS codes may be much larger than those of GRS codes with same dimension. Exploiting these structural differences, in 2018, Beelen, Bossert, Puchinger and Rosenkilde proposed a subfamily of Maximum Distance Separable (MDS) Twisted Reed–Solomon (TRS) codes over F_q with ℓ twists q≈n2^ℓ for McEliece encryption, claiming their resistance to both Sidelnikov Shestakov attack and Schur products–based attacks. In short, they claimed these codes to resist to classical key recovery attacks on McEliece encryption scheme instantiated with Reed-Solomon (RS) or GRS codes. In 2020, Lavauzelle and Renner presented an original attack on this system based on the computation of the subfield subcode of the public TRS code. In this paper, we show that the original claim on the resistance of TRS and TGRS codes to Schur products based–attacks is wrong. We identify a broad class of codes including TRS and TGRS ones that is distinguishable from random by computing the Schur square of some shortening of the code. Then, we focus on the case of single twist (i.e., ℓ=1), which is the most efficient one in terms of decryption complexity, to derive an attack. The technique is similar to the distinguisher-based attacks of RS code-based systems given by Couvreur, Gaborit, Gauthier-Umaña, Otmani, Tillich in 2014.

Original language	English
Title of host publication	Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings
Editors	Ruben Niederhagen, Markku-Juhani O. Saarinen
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	3-34
Number of pages	32
ISBN (Print)	9783031865985
DOIs	https://doi.org/10.1007/978-3-031-86599-2_1
Publication status	Published - 1 Jan 2025
Event	16th International Workshop on Post-Quantum Cryptography, PQCrypto 2025 - Taipei, Taiwan, Province of China Duration: 8 Apr 2025 → 10 Apr 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	15577 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Workshop on Post-Quantum Cryptography, PQCrypto 2025
Country/Territory	Taiwan, Province of China
City	Taipei
Period	8/04/25 → 10/04/25

Keywords

Code-based Cryptography
Cryptanalysis
McEliece encryption scheme
Schur products
Twisted generalised Reed-Solomon codes

Access to Document

10.1007/978-3-031-86599-2_1

Cite this

Couvreur, A., Pratihar, R., Tanısalı, N., & Zappatore, I. (2025). On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis. In R. Niederhagen, & M.-J. O. Saarinen (Eds.), Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings (pp. 3-34). (Lecture Notes in Computer Science; Vol. 15577 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-86599-2_1

Couvreur, Alain ; Pratihar, Rakhi ; Tanısalı, Nihan et al. / On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis. Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings. editor / Ruben Niederhagen ; Markku-Juhani O. Saarinen. Springer Science and Business Media Deutschland GmbH, 2025. pp. 3-34 (Lecture Notes in Computer Science).

@inproceedings{8cb0964f172e4e378e4ac94b73502c04,

title = "On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis",

abstract = "Twisted generalized Reed-Solomon (TGRS) codes constitute an interesting family of evaluation codes, containing a large class of maximum distance separable codes non-equivalent to generalized Reed-Solomon (GRS) ones. Moreover, the Schur squares of TGRS codes may be much larger than those of GRS codes with same dimension. Exploiting these structural differences, in 2018, Beelen, Bossert, Puchinger and Rosenkilde proposed a subfamily of Maximum Distance Separable (MDS) Twisted Reed–Solomon (TRS) codes over Fq with ℓ twists q≈n2ℓ for McEliece encryption, claiming their resistance to both Sidelnikov Shestakov attack and Schur products–based attacks. In short, they claimed these codes to resist to classical key recovery attacks on McEliece encryption scheme instantiated with Reed-Solomon (RS) or GRS codes. In 2020, Lavauzelle and Renner presented an original attack on this system based on the computation of the subfield subcode of the public TRS code. In this paper, we show that the original claim on the resistance of TRS and TGRS codes to Schur products based–attacks is wrong. We identify a broad class of codes including TRS and TGRS ones that is distinguishable from random by computing the Schur square of some shortening of the code. Then, we focus on the case of single twist (i.e., ℓ=1), which is the most efficient one in terms of decryption complexity, to derive an attack. The technique is similar to the distinguisher-based attacks of RS code-based systems given by Couvreur, Gaborit, Gauthier-Uma{\~n}a, Otmani, Tillich in 2014.",

keywords = "Code-based Cryptography, Cryptanalysis, McEliece encryption scheme, Schur products, Twisted generalised Reed-Solomon codes",

author = "Alain Couvreur and Rakhi Pratihar and Nihan Tanısalı and Ilaria Zappatore",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 16th International Workshop on Post-Quantum Cryptography, PQCrypto 2025 ; Conference date: 08-04-2025 Through 10-04-2025",

year = "2025",

month = jan,

day = "1",

doi = "10.1007/978-3-031-86599-2\_1",

language = "English",

isbn = "9783031865985",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "3--34",

editor = "Ruben Niederhagen and Saarinen, \{Markku-Juhani O.\}",

booktitle = "Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings",

}

Couvreur, A, Pratihar, R, Tanısalı, N & Zappatore, I 2025, On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis. in R Niederhagen & M-JO Saarinen (eds), Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings. Lecture Notes in Computer Science, vol. 15577 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 3-34, 16th International Workshop on Post-Quantum Cryptography, PQCrypto 2025, Taipei, Taiwan, Province of China, 8/04/25. https://doi.org/10.1007/978-3-031-86599-2_1

On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis. / Couvreur, Alain; Pratihar, Rakhi; Tanısalı, Nihan et al.
Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings. ed. / Ruben Niederhagen; Markku-Juhani O. Saarinen. Springer Science and Business Media Deutschland GmbH, 2025. p. 3-34 (Lecture Notes in Computer Science; Vol. 15577 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis

AU - Couvreur, Alain

AU - Pratihar, Rakhi

AU - Tanısalı, Nihan

AU - Zappatore, Ilaria

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025/1/1

Y1 - 2025/1/1

N2 - Twisted generalized Reed-Solomon (TGRS) codes constitute an interesting family of evaluation codes, containing a large class of maximum distance separable codes non-equivalent to generalized Reed-Solomon (GRS) ones. Moreover, the Schur squares of TGRS codes may be much larger than those of GRS codes with same dimension. Exploiting these structural differences, in 2018, Beelen, Bossert, Puchinger and Rosenkilde proposed a subfamily of Maximum Distance Separable (MDS) Twisted Reed–Solomon (TRS) codes over Fq with ℓ twists q≈n2ℓ for McEliece encryption, claiming their resistance to both Sidelnikov Shestakov attack and Schur products–based attacks. In short, they claimed these codes to resist to classical key recovery attacks on McEliece encryption scheme instantiated with Reed-Solomon (RS) or GRS codes. In 2020, Lavauzelle and Renner presented an original attack on this system based on the computation of the subfield subcode of the public TRS code. In this paper, we show that the original claim on the resistance of TRS and TGRS codes to Schur products based–attacks is wrong. We identify a broad class of codes including TRS and TGRS ones that is distinguishable from random by computing the Schur square of some shortening of the code. Then, we focus on the case of single twist (i.e., ℓ=1), which is the most efficient one in terms of decryption complexity, to derive an attack. The technique is similar to the distinguisher-based attacks of RS code-based systems given by Couvreur, Gaborit, Gauthier-Umaña, Otmani, Tillich in 2014.

AB - Twisted generalized Reed-Solomon (TGRS) codes constitute an interesting family of evaluation codes, containing a large class of maximum distance separable codes non-equivalent to generalized Reed-Solomon (GRS) ones. Moreover, the Schur squares of TGRS codes may be much larger than those of GRS codes with same dimension. Exploiting these structural differences, in 2018, Beelen, Bossert, Puchinger and Rosenkilde proposed a subfamily of Maximum Distance Separable (MDS) Twisted Reed–Solomon (TRS) codes over Fq with ℓ twists q≈n2ℓ for McEliece encryption, claiming their resistance to both Sidelnikov Shestakov attack and Schur products–based attacks. In short, they claimed these codes to resist to classical key recovery attacks on McEliece encryption scheme instantiated with Reed-Solomon (RS) or GRS codes. In 2020, Lavauzelle and Renner presented an original attack on this system based on the computation of the subfield subcode of the public TRS code. In this paper, we show that the original claim on the resistance of TRS and TGRS codes to Schur products based–attacks is wrong. We identify a broad class of codes including TRS and TGRS ones that is distinguishable from random by computing the Schur square of some shortening of the code. Then, we focus on the case of single twist (i.e., ℓ=1), which is the most efficient one in terms of decryption complexity, to derive an attack. The technique is similar to the distinguisher-based attacks of RS code-based systems given by Couvreur, Gaborit, Gauthier-Umaña, Otmani, Tillich in 2014.

KW - Code-based Cryptography

KW - Cryptanalysis

KW - McEliece encryption scheme

KW - Schur products

KW - Twisted generalised Reed-Solomon codes

UR - https://www.scopus.com/pages/publications/105002011449

U2 - 10.1007/978-3-031-86599-2_1

DO - 10.1007/978-3-031-86599-2_1

M3 - Conference contribution

AN - SCOPUS:105002011449

SN - 9783031865985

T3 - Lecture Notes in Computer Science

SP - 3

EP - 34

BT - Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings

A2 - Niederhagen, Ruben

A2 - Saarinen, Markku-Juhani O.

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th International Workshop on Post-Quantum Cryptography, PQCrypto 2025

Y2 - 8 April 2025 through 10 April 2025

ER -

Couvreur A, Pratihar R, Tanısalı N, Zappatore I. On the Structure of the Schur Squares of Twisted Generalized Reed-Solomon Codes and Application to Cryptanalysis. In Niederhagen R, Saarinen MJO, editors, Post-Quantum Cryptography - 16th International Workshop, PQCrypto 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 3-34. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-86599-2_1