Cryptanalysis of code-based cryptosystems using the square-code distinguisher

Many code-based cryptosystems have been proposed recently, especially in response to the call for post-quantum cryptography standardization issued by the National Institute of Standards and Technologie. Most code-based cryptosystem rely on the same idea: an error-correcting code with some special structural properties (including good error-correction capacity) serves as the private key. This code is transformed and displayed in a form that is (supposedly) indistinguishable from a random code: this serves as the public key. However, in some cases, one can distinguish the public key from a random code. We will present such a distinguisher, the "squared code distinguisher", and how this can be used to perform key recovery attacks in polynomial time on some cryptosystems such as the RLCE scheme [Wang 2016] or the Expanded Reed-Solomon scheme [Khathuria, Rosenthal, Weger 2019].