We present a new distinguisher for alternant and Goppa codes, whose complexity is subexponential in the error-correcting capability, hence better than that of generic decoding algorithms. Moreover it does not suffer from the strong regime limitations of the previous distinguishers or structure recovery algorithms: in particular, it applies to the codes used in the Classic McEliece candidate for postquantum cryptography standardization. The invariants that allow us to distinguish are graded Betti numbers of the homogeneous coordinate ring of a shortening of the dual code. Since its introduction in 1978, this is the first time an analysis (in the CPA model) of the McEliece cryptosystem breaks the exponential barrier.

翻译：本文提出了一种针对交替码和戈帕码的新型区分器，其复杂度在纠错能力方面呈亚指数级，优于通用解码算法。此外，该区分器不受先前区分器或结构恢复算法的严格机制限制：特别地，它适用于后量子密码标准化候选方案Classic McEliece中使用的编码。用于区分的特征量是双码缩短形式的齐次坐标环的分次贝蒂数。自1978年该方案提出以来，这是首次在CPA模型下对McEliece密码系统的分析突破指数级障碍。