### Private key

is a set of matrices:

(FG_{k}S P), whereFandGconcatenation of Frobenius-like matrices with linearly independent rows._{k}

### Public key

is the matrix:

H_{pub}= P(F + U G_{k})S

where **U** is some nonsingular matrix. Code vectors are rows of the matrix **UG _{k}** . Matrix

**U**is not needed for decryption but it has to be inaccessible for cryptanalyst.

### Plaintext

All plaintexts are chosen as N_{1}-dimensional vectors:

m=(m_{1}m_{2}... m_{N1})

such that rank(**m**)= min(t_{k} , t_{p}), where t_{k} is the error capacity in RC-metric of a code with the generator matrix **G _{k}**, t

_{p}is the error capacity in rank metric of a code with the parity check matrix

**F**.

^{T}### Encryption

A ciphertext is calculated as a syndrome:

c=mH=_{pub}m(PF+UG)_{k}S=m(_{j}F+UG)_{k}S,

c= m_{1}(F_{1}+ G_{k1}) + m_{2}(F_{2}+ G_{k2}) + ... + m_{N1}(F_{N1}+ G_{kN1})S= (g+e)S

where **m _{j}**=

**mP**, F

_{i}and G

_{i}are rows of matrices

**F**and

**UG**correspondingly.

### Decryption

An authorized user multiplies obtained ciphertext (**g** + **e**)**S** by **S ^{(-1)}**. Then user has to use the fast decoding algorithm in RC-metric. As a result, the user will obtain vectors

**g**and

**e**. During the next step legitimate user applies the fast decoding algorithm for the parent rank code and obtains a vector

**m**. Finally,

_{j}**m**gives the required initial plaintext

_{j}P^{(-1)}**m**.