Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius

We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. The expected work factor of this new randomized decoding approach is a polynomial term times q(m(n-k)-w(n+m)+w2+ min{2 xi(n+k/2-xi),wk}), where n is the code length, q the size of the base field, m the extension degree of the field, k the code dimension, w the number of errors, and xi := w- n-k/2. It improves upon generic rank-metric decoders by an exponential factor.