Investigating the computational resources we need for cryptography is an essential task of both theoretical and practical interests. This paper provides answers to this problem on pseudorandom functions (PRFs). We resolve the exact complexity of PRFs by proving tight upper and lower bounds for various circuit models. • PRFs can be constructed in 2𝑛 + 𝑜 (𝑛) size general circuits assuming the existence of polynomial-size PRFs, simplifying and improving the 𝑂 (𝑛) upper bound by Ishai, Kushilevitz,

more »

... Ostrovsky, and Sahai (STOC 2008). Moreover, if PRFs exist in NC 1 , we can further guarantee the depth of our construction to be (1 + 𝜀) log 𝑛. We show that our construction is almost optimal by giving an unconditional 2𝑛 − 𝑂 (1) lower bound. • PRFs can be constructed in AC 0 [2] circuits of 𝑜 (𝑛) gates and 2𝑛 + 𝑜 (𝑛) wires assuming the existence of polynomial-size AC 0 [2] PRFs. We show the optimality of our construction with a 2𝑛 + Ω( √ 𝑛) wire complexity lower bound. • PRFs can be constructed with wire complexity 𝑛 1+𝑂 (1.61 −𝑑 ) in depth-𝑑 TC 0 circuits assuming the existence of polynomialsize TC 0 PRFs. We also present an 𝑛 1+Ω (𝑐 −𝑑 ) wire complexity lower bound against depth-𝑑 TC 0 circuits for some 𝑐 > 1.61. As a byproduct, we prove unconditional tight upper and lower bounds for "almost" universal hash functions that are of independent interest. Following the natural proof barrier of Razborov and Rudich (J. Comput. Syst. Sci. 1997), we observe that our exact complexity results are closely related to the "bootstrapping phenomena" in circuit complexity (such as hardness magnification and quantified derandomization). We introduce the black-box natural proof barrier and show that a large range of techniques for bootstrapping results cannot be combined with "black-box" lower bound proofs to obtain a breakthrough.