Theory of Computing Systems

, Volume 44, Issue 2, pp 245–268 | Cite as

Cryptographic and Physical Zero-Knowledge Proof Systems for Solutions of Sudoku Puzzles

  • Ronen Gradwohl
  • Moni Naor
  • Benny PinkasEmail author
  • Guy N. Rothblum


We consider cryptographic and physical zero-knowledge proof schemes for Sudoku, a popular combinatorial puzzle. We discuss methods that allow one party, the prover, to convince another party, the verifier, that the prover has solved a Sudoku puzzle, without revealing the solution to the verifier. The question of interest is how a prover can show: (i) that there is a solution to the given puzzle, and (ii) that he knows the solution, while not giving away any information about the solution to the verifier.

In this paper we consider several protocols that achieve these goals. Broadly speaking, the protocols are either cryptographic or physical. By a cryptographic protocol we mean one in the usual model found in the foundations of cryptography literature. In this model, two machines exchange messages, and the security of the protocol relies on computational hardness. By a physical protocol we mean one that is implementable by humans using common objects, and preferably without the aid of computers. In particular, our physical protocols utilize items such as scratch-off cards, similar to those used in lotteries, or even just simple playing cards.

The cryptographic protocols are direct and efficient, and do not involve a reduction to other problems. The physical protocols are meant to be understood by “lay-people” and implementable without the use of computers.


Cryptography Zero-knowledge proofs Puzzles 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: TCC 2007. Lecture Notes in Computer Science, vol. 4392, pp. 137–156. Springer, Berlin (2007) Google Scholar
  2. 2.
    Balogh, J., Csirik, J.A., Ishai, Y., Kushilevitz, E.: Private computation using a PEZ dispenser. Theor. Comp. Sci. 306(1–3), 69–84 (2003) zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Blum, M.: How to prove a theorem so no one else can claim it. In: Proc. of the International Congress of Mathematicians, Berkeley, California, USA, pp. 1444–1451 (1986) Google Scholar
  4. 4.
    Crépeau, C., Kilian, J.: Discreet solitary games. In: Advances in Cryptology—CRYPTO’93. Lecture Notes in Computer Science, vol. 773, pp. 319–330. Springer, Berlin (1994) Google Scholar
  5. 5.
    Fagin, R., Naor, M., Winkler, P.: Comparing information without leaking it. Commun. ACM 39, 77–85 (1996) CrossRefGoogle Scholar
  6. 6.
    Fellows, M.R., Koblitz, N.: Kid Crypto. In: Advances in Cryptology—Crypto’92. Lecture Notes in Computer Science, vol. 740, pp. 371–389. Springer, Berlin (1992) Google Scholar
  7. 7.
    Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Algorithms and Combinatorics, vol. 17. Springer, Berlin (1998) Google Scholar
  8. 8.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001) zbMATHGoogle Scholar
  9. 9.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity, and a methodology of cryptographic protocol design. J. Assoc. Comput. Mach. 38, 691–729 (1991) zbMATHMathSciNetGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Gradwohl, R., Naor, E., Naor, M., Pinkas, B., Rothblum, G.N.: Proving Sudoku in zero-knowledge with a deck of cards. (2007)
  12. 12.
    Hayes, B.: Unwed numbers. Am. Sci. 94(1), 12–15 (2006). Google Scholar
  13. 13.
    Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. In: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP) 2005. Lecture Notes in Computer Science, vol. 3580, pp. 285–297. Springer, Berlin (2005) Google Scholar
  14. 14.
    Moran, T., Naor, M.: Polling with physical envelopes: a rigorous analysis of a human centric protocol. In: Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, pp. 88–108. Springer, Berlin (2006) CrossRefGoogle Scholar
  15. 15.
    Naor, M.: Bit commitment using pseudo-randomness. J. Cryptol. 4, 151–158 (1991) zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Naor, M., Naor, Y., Reingold, O.: Applied kid cryptography or how to convince your children you are not cheating. (1999)
  17. 17.
    Quisquater, J.-J., Quisquater, M., Quisquater, M., Quisquater, M., Guillou, L., Guillou, M.A., Guillou, G., Guillou, A., Guillou, G., Guillou, S., Berson, T.: How to explain zero-knowledge protocols to your children. In: Advances in Cryptology—CRYPTO’89. Lecture Notes in Computer Science, vol. 435, pp. 628–631. Springer, Berlin (1990) Google Scholar
  18. 18.
    Schneier, B.: The solitaire encryption algorithm. (1999)
  19. 19.
    Sudoku. Wikipedia, the free encyclopedia. (based on Oct 19th 2005 version)
  20. 20.
    Vadhan, S.P.: Interactive proofs and zero-knowledge proofs. In: Lectures for the IAS/Park City Math Institute Graduate Summer School on Computational Complexity.
  21. 21.
    Yato, T.: Complexity and completeness of finding another solution and its application to puzzles. Masters thesis, Univ. of Tokyo, Dept. of Information Science (2003). Available:

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Ronen Gradwohl
    • 1
  • Moni Naor
    • 1
  • Benny Pinkas
    • 2
    Email author
  • Guy N. Rothblum
    • 3
  1. 1.Department of Computer Science and Applied MathThe Weizmann Institute of ScienceRehovotIsrael
  2. 2.Department of Computer ScienceUniversity of HaifaHaifaIsrael
  3. 3.CSAILMITCambridgeUSA

Personalised recommendations