is a set of matrices:
(F Gk S P), where F and Gk concatenation of Frobenius-like matrices with linearly independent rows.
is the matrix:
Hpub = P(F + U Gk)S
where U is some nonsingular matrix. Code vectors are rows of the matrix UGk . Matrix U is not needed for decryption but it has to be inaccessible for cryptanalyst.
All plaintexts are chosen as N1-dimensional vectors:
m=(m1 m2 ... mN1)
such that rank(m)= min(tk , tp), where tk is the error capacity in RC-metric of a code with the generator matrix Gk, tp is the error capacity in rank metric of a code with the parity check matrix FT.
A ciphertext is calculated as a syndrome:
c = mHpub = m(PF + UGk)S =mj (F + UGk)S,
c = m1(F1 + Gk1) + m2(F2 + Gk2) + ... + mN1(FN1 + GkN1)S = (g + e)S
where mj= mP, Fi and Gi are rows of matrices F and UG correspondingly.
An authorized user multiplies obtained ciphertext (g + e)S by S(-1). Then user has to use the fast decoding algorithm in RC-metric. As a result, the user will obtain vectors g and e. During the next step legitimate user applies the fast decoding algorithm for the parent rank code and obtains a vector mj. Finally, mjP(-1) gives the required initial plaintext m.