We present a new class of asymptotically good, linear error-correcting codes. These codes can be both encoded and decoded in linear time. They can also be encoded by logarithmic-depth circuits of linear size and decoded by logarithmic depth circuits of size 0 (n log n). We present both randomized and explicit constructions of these codes.

We consider dictionaries of size n over the finite universe U = and introduce a new technique for their implementation: error correcting codes. The use of such codes makes it possible to replace the use of strong forms of hashing, such as universal hashing, with much weaker forms, such as clustering. We use

Current constructions of cryptographic primitives typically involve a large multiplicative computational overhead that grows with the desired level of security. We explore the possibility of implementing basic cryptographic primitives, such as encryption, authentication, signatures, and secure two-party computation, while incurring only a constant computational overhead compared to insecure implementations of the same tasks. Here we make the usual security requirement that the advantage of any polynomial-time attacker must be negligible in the input length. We obtain affirmative answers to this question for most central cryptographic primitives under plausible, albeit sometimes nonstandard, intractability assumptions. • We start by showing that pairwise-independent hash functions can be computed by linear-size circuits, disproving a conjecture of Mansour, Nisan, and Tiwari (STOC 1990). This construction does not rely on any unproven assumptions and is of independent interest. Our hash functions can be used to construct message authentication schemes with constant overhead from any one-way function. • Under an intractability assumption that generalizes a previous assumption of Alekhnovich (FOCS 2003), we get (public and private key) encryption schemes with constant overhead. Using an exponentially

Andreev, Clementi and Rolim considered the Shannon function for partially dened Boolean functions and derived an expression for the value of this function. They proved the expression correct for a special setting of the parameters. We give an easy proof that this expression is correct in general. 1 Introduction As a tool for a derandomization technique, Andreev, Clementi and Rolim [2] considered the Shannon function for partially dened Boolean functions. More precisely, let F(n; N;m) be the set of all f0; 1g-valued functions dened on some subdomain of f0; 1g n of size N , and assuming 1 on exactly m N inputs. A circuit for f should agree with f on its domain of denition but can take arbitrary values outside this domain. Let M partial n;N;m be the complexity function in F(n; N;m) with maximum possible circuit complexity. In the conference version of the paper of Andreev, Clementi and Rolim [2], the following theorem is stated. Theorem 1 (Andreev, Clementi, Rolim) M partial ...

bounds on computing error-correcting codes by