RankSynd a PRNG Based on Rank Metric

In this paper, we consider a pseudo-random generator based on the difficulty of the syndrome decoding problem for rank metric codes. We also study the resistance of this problem against a quantum computer. Our results show that with rank metric it is possible to obtain fast PRNG with small public data, without considering additional structure for public matrices like quasi-cyclicity for Hamming distance.

💡 Research Summary

The paper introduces RankSynd, a pseudo‑random number generator (PRNG) whose security rests on the hardness of the rank‑metric syndrome decoding (RSD) problem. Traditional PRNGs based on hard problems usually rely on the Hamming‑metric syndrome decoding problem, which requires storing very large parity‑check matrices. While quasi‑cyclic structures can reduce storage, their hardness is not proven and recent quantum attacks on structured lattices raise concerns about such additional algebraic structure.

Rank‑metric codes treat the distance between two matrices as the rank of their difference. The number of possible error supports of rank w in an m × n matrix grows as the Gaussian binomial coefficient (\begin{bmatrix}m\w\end{bmatrix}_q), which is roughly (q^{w(m-w)}). Consequently, the exponent in the attack complexity is quadratic in the dimension rather than linear, allowing much smaller key sizes for comparable security.

The authors formalize matrix codes and their correspondence with (\mathbb{F}{q^m})-linear codes, showing that the rank weight of a codeword equals the rank of its associated matrix and that the Gilbert‑Varshamov bound for rank metric is (d{GV}\approx m+n-\sqrt{(m+n)^2-4m(n-k)}). They define the RSD problem: given a systematic parity‑check matrix (H) of an (