We consider randomized encodings (RE) that enable encoding a Turing machine Π and input x into its “randomized encoding” ˆΠ(x) in sublinear, or even polylogarithmic, time in the running-time of Π(x), independent of its output length. We refer to the former as sublinear RE and the latter as compact RE. For such efficient RE, the standard simulation-based notion of security is impossible, and we thus consider a weaker (distributional) indistinguishability-based notion of security: Roughly speaking, we require indistinguishability of ˆΠ0(x0) and ˆΠ0(x1) as long as Π0, x0 and Π1, x1 are sampled from some distributions such that Π0(x0), Time(Π0(x0)) and Π1(x1), Time(Π1(x1)) are indistinguishable. We show the following: • Impossibility in the Plain Model: Assuming the existence of subexponentially secure one-way functions, subexponentially-secure sublinear RE does not exists. (If additionally assuming subexponentially-secure iO for circuits we can also rule out polynomia...