*12:39*[Pub][ePrint] A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes, by Val\\\'erie Gauthier and Ayoub Otmani and Jean-Pierre Tillich

Bogdanov and Lee suggested a homomorphic public-key encryption scheme based on error correcting codes.

The underlying public code is a modified Reed-Solomon code obtained

from inserting a zero submatrix in the Vandermonde generating matrix defining it. The columns that define

this submatrix are kept secret and form a set $L$. We give here a distinguisher that detects if one or several columns belong

to $L$ or not. This distinguisher is obtained by considering the code generated by component-wise products of codewords of the public code

(the so called ``square code\'\'). This operation is applied to punctured versions of this square code obtained by picking a subset

$I$ of the whole set of columns. It turns out that the dimension of

the punctured square code is directly related to the cardinality of

the intersection of $I$ with $L$.

This allows an attack which recovers the full set $L$

and which can then decrypt any ciphertext.