 
Summary: Cryptography in NC 0 #
Benny Applebaum Yuval Ishai Eyal Kushilevitz
Computer Science Department, Technion
{abenny,yuvali,eyalk}@cs.technion.ac.il
September 27, 2006
Abstract
We study the parallel timecomplexity of basic cryptographic primitives such as oneway functions (OWFs)
and pseudorandom generators (PRGs). Specifically, we study the possibility of implementing instances of these
primitives by NC 0 functions, namely by functions in which each output bit depends on a constant number of input
bits. Despite previous efforts in this direction, there has been no convincing theoretical evidence supporting this
possibility, which was posed as an open question in several previous works.
We essentially settle this question by providing strong positive evidence for the possibility of cryptography
in NC 0 . Our main result is that every ``moderately easy'' OWF (resp., PRG), say computable in NC 1 , can be
compiled into a corresponding OWF (resp., ``lowstretch'' PRG) in which each output bit depends on at most 4
input bits. The existence of OWF and PRG in NC 1 is a relatively mild assumption, implied by most number
theoretic or algebraic intractability assumptions commonly used in cryptography. A similar compiler can also be
obtained for other cryptographic primitives such as oneway permutations, encryption, signatures, commitment,
and collisionresistant hashing.
Our techniques can also be applied to obtain (unconditional) constructions of ``noncryptographic'' PRGs. In
particular, we obtain #biased generators and a PRG for spacebounded computation in which each output bit
