 
Summary: Cryptography in NC0
Benny Applebaum Yuval Ishai Eyal Kushilevitz
Computer Science Department, Technion
{abenny,yuvali,eyalk}@cs.technion.ac.il
September 27, 2006
Abstract
We study the parallel timecomplexity of basic cryptographic primitives such as oneway functions (OWFs)
and pseudorandom generators (PRGs). Specifically, we study the possibility of implementing instances of these
primitives by NC0
functions, namely by functions in which each output bit depends on a constant number of input
bits. Despite previous efforts in this direction, there has been no convincing theoretical evidence supporting this
possibility, which was posed as an open question in several previous works.
We essentially settle this question by providing strong positive evidence for the possibility of cryptography
in NC0
. Our main result is that every "moderately easy" OWF (resp., PRG), say computable in NC1
, can be
compiled into a corresponding OWF (resp., "lowstretch" PRG) in which each output bit depends on at most 4
input bits. The existence of OWF and PRG in NC1
is a relatively mild assumption, implied by most number
theoretic or algebraic intractability assumptions commonly used in cryptography. A similar compiler can also be
