Cryptographic and Physical Zero-Knowledge Proof Systems for Solutions of Sudoku Puzzles Authors
First Online: 30 May 2008 Received: 15 September 2007 Accepted: 13 May 2008 DOI:
Cite this article as: Gradwohl, R., Naor, M., Pinkas, B. et al. Theory Comput Syst (2009) 44: 245. doi:10.1007/s00224-008-9119-9 Abstract
We consider cryptographic and physical zero-knowledge proof schemes for Sudoku, a popular combinatorial puzzle. We discuss methods that allow one party, the prover, to convince another party, the verifier, that the prover has solved a Sudoku puzzle, without revealing the solution to the verifier. The question of interest is how a prover can show: (i) that there is a solution to the given puzzle, and (ii) that he knows the solution, while not giving away any information about the solution to the verifier.
In this paper we consider several protocols that achieve these goals. Broadly speaking, the protocols are either cryptographic or physical. By a cryptographic protocol we mean one in the usual model found in the foundations of cryptography literature. In this model, two machines exchange messages, and the security of the protocol relies on computational hardness. By a physical protocol we mean one that is implementable by humans using common objects, and preferably without the aid of computers. In particular, our physical protocols utilize items such as scratch-off cards, similar to those used in lotteries, or even just simple playing cards.
The cryptographic protocols are direct and efficient, and do not involve a reduction to other problems. The physical protocols are meant to be understood by “lay-people” and implementable without the use of computers.
Keywords Cryptography Zero-knowledge proofs Puzzles
Research of R. Gradwohl was supported by US-Israel Binational Science Foundation Grant 2002246.
Research of M. Naor was supported in part by a grant from the Israel Science Foundation.
Research of B. Pinkas was supported in part by the Israel Science Foundation (grant number 860/06).
Research of G.N. Rothblum was supported by NSF grant CNS-0430450 and NSF grant CFF-0635297.
Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: TCC 2007. Lecture Notes in Computer Science, vol. 4392, pp. 137–156. Springer, Berlin (2007)
Balogh, J., Csirik, J.A., Ishai, Y., Kushilevitz, E.: Private computation using a PEZ dispenser. Theor. Comp. Sci.
(1–3), 69–84 (2003)
MATH CrossRef MathSciNet
Blum, M.: How to prove a theorem so no one else can claim it. In: Proc. of the International Congress of Mathematicians, Berkeley, California, USA, pp. 1444–1451 (1986)
Crépeau, C., Kilian, J.: Discreet solitary games. In: Advances in Cryptology—CRYPTO’93. Lecture Notes in Computer Science, vol. 773, pp. 319–330. Springer, Berlin (1994)
Fagin, R., Naor, M., Winkler, P.: Comparing information without leaking it. Commun. ACM
, 77–85 (1996)
Fellows, M.R., Koblitz, N.: Kid Crypto. In: Advances in Cryptology—Crypto’92. Lecture Notes in Computer Science, vol. 740, pp. 371–389. Springer, Berlin (1992)
Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Algorithms and Combinatorics, vol. 17. Springer, Berlin (1998)
Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity, and a methodology of cryptographic protocol design. J. Assoc. Comput. Mach.
, 691–729 (1991)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput.
(1), 186–208 (1989).
MATH CrossRef MathSciNet
Gradwohl, R., Naor, E., Naor, M., Pinkas, B., Rothblum, G.N.: Proving Sudoku in zero-knowledge with a deck of cards.
Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. In: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP) 2005. Lecture Notes in Computer Science, vol. 3580, pp. 285–297. Springer, Berlin (2005)
Moran, T., Naor, M.: Polling with physical envelopes: a rigorous analysis of a human centric protocol. In: Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, pp. 88–108. Springer, Berlin (2006)
Naor, M.: Bit commitment using pseudo-randomness. J. Cryptol.
, 151–158 (1991)
MATH CrossRef MathSciNet
Naor, M., Naor, Y., Reingold, O.: Applied kid cryptography or how to convince your children you are not cheating.
Quisquater, J.-J., Quisquater, M., Quisquater, M., Quisquater, M., Guillou, L., Guillou, M.A., Guillou, G., Guillou, A., Guillou, G., Guillou, S., Berson, T.: How to explain zero-knowledge protocols to your children. In: Advances in Cryptology—CRYPTO’89. Lecture Notes in Computer Science, vol. 435, pp. 628–631. Springer, Berlin (1990)
Schneier, B.: The solitaire encryption algorithm.
Sudoku. Wikipedia, the free encyclopedia.
(based on Oct 19th 2005 version)
Vadhan, S.P.: Interactive proofs and zero-knowledge proofs. In: Lectures for the IAS/Park City Math Institute Graduate Summer School on Computational Complexity.
Yato, T.: Complexity and completeness of finding another solution and its application to puzzles. Masters thesis, Univ. of Tokyo, Dept. of Information Science (2003). Available:
http://www-imai.is.s.u-tokyo.ac.jp/~yato/data2/MasterThesis.ps Copyright information
© Springer Science+Business Media, LLC 2008