A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes
Bogdanov and Lee suggested a homomorphic public-key encryption scheme based on error correcting codes. The underlying public code is a modified Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde generating matrix defining it. The columns that define this submatrix are kept secret and form a set L. The authors give here a distinguisher that detects if one or several columns belong to L or not. This distinguisher is obtained by considering the code generated by component-wise products of codewords of the public code (the so called "Square code").