On the parameters of a McEliece-type cryptosystem on $D$-codes based on binary Reed — Muller codes

The characteristics of a McEliece-type code cryptosystem on a special sum of tensor products of base codes, called $D$-code, are investigated. Binary Reed — Muller codes were chosen as the base codes. Previously, conditions were found for these $D$-codes, under which the corresponding cryptosystem is resistant to known structural attacks based on the Schur — Hadamard product. However, when using a decoder operating within half the code distance, a McEliece-type system on $D$-codes provides security comparable to the strength of the classical McEliece cryptosystem on Goppa codes, with a significantly larger key size. In this paper, two probabilistic decoders for $D$-codes are constructed. In the case of using these decoders, parameters of some $D$-codes have been found that provide comparable resistance to information set decoding type attacks, while having a smaller key size than in the classical system. However, the presence of a non-negligible decoding failure rate currently limits the scope of application of the $D$-code cryptosystem to ephemeral session key encapsulation mechanisms (IND-CPA KEM).