A special case of Niederreiter's original proposal was broken[2] but the system is secure when used with a Binary Goppa code.
Suppose Bob wishes to send a message, m, to Alice whose public key is (Hpub, t): Upon receipt of c = HpubmT from Bob, Alice does the following to retrieve the message, m. Courtois, Finiasz and Sendrier showed how the Niederreiter cryptosystem can be used to derive a signature scheme .
[3] Verification then applies the public encryption function to the signature and checks whether or not this equals the hash value of the document.
When using Niederreiter, or in fact any cryptosystem based on error correcting codes, the second step in the signature scheme almost always fails.
This is because a random syndrome usually corresponds to an error pattern of weight greater than t. The system then specifies a deterministic way of tweaking d until one is found which can be decrypted.