*2.5. Niederreiter's Public-Key Cryptosystem*

Niederreiter [8] proposed a knapsack-type public-key cryptosystem which is based on (*n*, *k*, 2*t* + 1) linear code *C* over F*q*.

**Private-key:** *H*, *M*, and *P*, where *H* is an (*n* − *k*) × *n* parity-check matrix of *C*, *M* is any (*<sup>n</sup>* <sup>−</sup> *<sup>k</sup>*) <sup>×</sup> (*<sup>n</sup>* <sup>−</sup> *<sup>k</sup>*) non-singular matrix, and *<sup>P</sup>* is any *<sup>n</sup>* <sup>×</sup> *<sup>n</sup>* permutation matrix, all over <sup>F</sup>*q*. **Public-key:** *H* = *MHP* and *t*.

**Plaintexts:** *n*-dimensional vectors *m* over F*<sup>q</sup>* with weight *t*. **Encryption:** *<sup>c</sup>* = *mHT*, *<sup>c</sup>* is the ciphertext of dimension *<sup>n</sup>* − *<sup>k</sup>*. **Decryption:**

$$x(M^T)^{-1} = (mP^T)H^T \tag{7}$$

since

$$\mathcal{L} = m(MHP)^T.\tag{8}$$

It is used as the fast decoding algorithm for *C* to obtain *mP<sup>T</sup>* and *m*.
