International Association
for Cryptologic Research

Daniel J. Bernstein , University of Illinois at Chicago, Ruhr University Bochum, Academia Sinica

DOI: 10.62056/angy4fe-3

URL: https://cic.iacr.org//p/1/1/14

Search ePrint

Search Google

This paper reviews, from bottom to top, a polynomial-time algorithm to correct $t$ errors in classical binary Goppa codes defined by squarefree degree-$t$ polynomials. The proof is factored through a proof of a simple Reed–Solomon decoder, and the algorithm is simpler than Patterson's algorithm. All algorithm layers are expressed as Sage scripts backed by test scripts. All theorems are formally verified. The paper also covers the use of decoding inside the Classic McEliece cryptosystem, including reliable recognition of valid inputs.