This paper presents a key recovery attack on the cryptosystem proposed by Lau
and Tan in a talk at ACISP 2018. The Lau-Tan cryptosystem uses Gabidulin codes
as the underlying decodable code. To hide the algebraic structure of Gabidulin
codes, the authors chose a matrix of column rank $n$ to mix with a generator
matrix of the secret Gabidulin code. The other part of the public key, however,
reveals crucial information about the private key. Our analysis shows that the
problem of recovering the private key can be reduced to solving a multivariate
linear system, rather than solving a multivariate quadratic system as claimed
by the authors. Apparently, this attack costs polynomial time, and therefore
completely breaks the cryptosystem.

Go to Source of this post
Author Of this post: <a href="">Wenshuo Guo</a>, <a href="">Fang-Wei Fu</a>

By admin