**1. Introduction**

Public-key cryptosystems or asymmetric cryptosystems have been a subject of study since 1976. These systems consider two different keys, which are called public-key and private-key. These keys are not completely independent of each other. There must be a mathematical relationship as factoring, discrete logarithm, etc. [1,2]. The public-key cryptosystem was first introduced in 1976 by Diffie and Hellman [3]. Rivest, Shamir and Adleman's paper, known as the RSA cryptosystem [4], also present a public-key cryptosystem. The RSA cryptosystem was based on the factorization integers [5]. Merkle and Hellman [6] suggested a cryptosystem based on the difficulty of the integer packing "knapsack" problem.

The first public-key cryptosystem based on the error-correcting codes was presented by R. J. McEliece in 1978 [7]. He has employed error correcting codes, in particular binary Goppa codes, with a known decoding algorithm to construct the system. The generator matrix *G* plays an important role. The most important property of McEliece's cryptosystem is its large key size. Niederreiter suggested another code-based public-key cryptosystem that is based on the syndrome decoding of linear codes [8]. This system is used for the parity-check matrix *H* of a linear code. Thus, it is also the dual version of McEliece's cryptosystem. If it is used with exactly the same parameters [9], McEliece's cryptosystem and Niederreiter's cryptosystem offer an equivalent security. Li et al. [10] proposed new classes of trapdoor functions to solve the bounded distance decoding problem in lattices. Moreover, a lot of cryptosystems have been presented by using linear codes after McEliece's and Niederreiter's schemes. The use of subcodes of generalized Reed–Solomon codes was introduced by Berger and Loidreau [11]. Berlekamp et al. [12] studied the complexity of the decoding of arbitrary linear codes. Krouk [13] proposed a different class of public-key cryptosystems. Sidelnikov [14] introduced the use of Reed–Muller codes for cryptosystems. Berger et al. [15] and Misoczki-Barreto [16] proposed using quasi-cyclic and quasi-dyadic codes to shorten the McEliece key. The original parameters of the McEliece cryptosystem have been broken [17], but the general system is still considered safe.

**Citation:** Çalkavur, S. Public-Key Cryptosystems and Bounded Distance Decoding of Linear Codes. *Entropy* **2022**, *24*, 498. https:// doi.org/10.3390/e24040498

Academic Editors: Stanisław Drozd˙ z,˙ Jarosław Kwapie ´n and Marcin W ˛atorek

Received: 9 March 2022 Accepted: 31 March 2022 Published: 1 April 2022

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2022 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

In this study, we propose a public-key cryptosystem based on the error-correcting codes using a known bounded distance decoding method. We present the encryption and decryption algorithms by inspiring both McEliece's and Niederreiter's cryptosystems.


These conditions ensure the new system is safe. Moreover, we consider some possible attacks in this paper. So, we analyze its security and performance, and we calculate some important parameters for our cryptosystem. When we compared it with McEliece's and Niederreiter's cryptosystems, we can say that our system performs better as regards encryption speed.

The rest of the paper is organized as follows. The next section gives the necessary background on coding theory and cryptography. Section 3 introduces the new publickey cryptosystem. Section 4 analyzes its security and examines some possible attacks. Section 5 compares it to the other code-based public-key cryptosystems. Section 6 concludes the paper.
