Generalized Reed-Solomon (GRS) and Gabidulin codes have been proposed for various code-based cryptosystems, though most such schemes without elaborate disguising techniques have been successfully attacked. Both code classes are prominent examples of the isometric families of (generalized) skew and linearized Reed-Solomon ((G)SRS and (G)LRS) codes which are obtained as evaluation codes from skew polynomials. Both GSRS and GLRS codes share the advantage of achieving the maximum possible error-decoding radius and thus promise smaller key sizes than e.g. Classic McEliece. We investigate whether these generalizations can avoid the known structural attacks on GRS and Gabidulin codes. In particular, we prove that both GSRS and GLRS codes decompose into GRS subcodes and are thus efficiently distinguishable from random codes with a square code method. This applies to all parameters for which the code length $n$ and its dimension $k$ over the field $\mathbb{F}_{q^m}$ satisfy $m + 1 < k < n - \tfrac{1}{2} (m^2 + 3m)$. The distinguishability extends to GSRS and GLRS codes with Hamming-isometric disguising. We further relate these findings to existing distinguishers for GRS, Gabidulin, and LRS codes, and extend known results on duals of SRS and LRS codes to the generalized setting allowing nonzero column multipliers. Finally, we provide explicit transformations between GSRS and GLRS codes, clarifying the algebraic relationship between the skew and linearized frameworks.

翻译：广义里德-所罗门（GRS）码与加比杜林码已被提议用于多种基于编码的密码系统，然而，大多数未采用精心伪装技术的此类方案均已被成功攻击。这两类码是（广义）歪斜与线性化里德-所罗门（(G)SRS与(G)LRS）码等距族中的典型代表，它们通过从歪斜多项式进行求值编码而获得。GSRS码与GLRS码共同具有实现最大纠错译码半径的优势，因而有望获得比经典麦克利斯方案更小的密钥尺寸。我们研究了这些广义码能否规避针对GRS码和加比杜林码的已知结构攻击。特别地，我们证明了GSRS码与GLRS码均可分解为GRS子码，因此可通过平方码方法有效区分于随机码。这一结论适用于所有参数，其中码长$n$及域$\mathbb{F}_{q^m}$上的码维度$k$满足$m + 1 < k < n - \tfrac{1}{2} (m^2 + 3m)$。该可区分性可推广至采用明可夫等距伪装的GSRS码与GLRS码。我们进一步将这些发现与GRS码、加比杜林码及LRS码的现有区分器相关联，并将关于SRS码与LRS码对偶的已知结论推广至允许非零列乘子的广义设定。最后，我们提供了GSRS码与GLRS码之间的显式变换，阐明了歪斜框架与线性化框架之间的代数关系。