Abstract
We consider cryptographic and physical zero-knowledge proof schemes for Sudoku, a popular combinatorial puzzle. We discuss methods that allow one party, the prover, to convince another party, the verifier, that the prover has solved a Sudoku puzzle, without revealing the solution to the verifier. The question of interest is how a prover can show: (i) that there is a solution to the given puzzle, and (ii) that he knows the solution, while not giving away any information about the solution to the verifier.
In this paper we consider several protocols that achieve these goals. Broadly speaking, the protocols are either cryptographic or physical. By a cryptographic protocol we mean one in the usual model found in the foundations of cryptography literature. In this model, two machines exchange messages, and the security of the protocol relies on computational hardness. By a physical protocol we mean one that is implementable by humans using common objects, and preferably without the aid of computers. In particular, our physical protocols utilize items such as scratch-off cards, similar to those used in lotteries, or even just simple playing cards.
The cryptographic protocols are direct and efficient, and do not involve a reduction to other problems. The physical protocols are meant to be understood by “lay-people” and implementable without the use of computers.
This is a preview of subscription content, access via your institution.
References
Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: TCC 2007. Lecture Notes in Computer Science, vol. 4392, pp. 137–156. Springer, Berlin (2007)
Balogh, J., Csirik, J.A., Ishai, Y., Kushilevitz, E.: Private computation using a PEZ dispenser. Theor. Comp. Sci. 306(1–3), 69–84 (2003)
Blum, M.: How to prove a theorem so no one else can claim it. In: Proc. of the International Congress of Mathematicians, Berkeley, California, USA, pp. 1444–1451 (1986)
Crépeau, C., Kilian, J.: Discreet solitary games. In: Advances in Cryptology—CRYPTO’93. Lecture Notes in Computer Science, vol. 773, pp. 319–330. Springer, Berlin (1994)
Fagin, R., Naor, M., Winkler, P.: Comparing information without leaking it. Commun. ACM 39, 77–85 (1996)
Fellows, M.R., Koblitz, N.: Kid Crypto. In: Advances in Cryptology—Crypto’92. Lecture Notes in Computer Science, vol. 740, pp. 371–389. Springer, Berlin (1992)
Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Algorithms and Combinatorics, vol. 17. Springer, Berlin (1998)
Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity, and a methodology of cryptographic protocol design. J. Assoc. Comput. Mach. 38, 691–729 (1991)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989).
Gradwohl, R., Naor, E., Naor, M., Pinkas, B., Rothblum, G.N.: Proving Sudoku in zero-knowledge with a deck of cards. http://www.wisdom.weizmann.ac.il/~naor/PAPERS/SUDOKU_DEMO/ (2007)
Hayes, B.: Unwed numbers. Am. Sci. 94(1), 12–15 (2006). http://www.americanscientist.org/template/AssetDetail/assetid/48550
Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. In: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP) 2005. Lecture Notes in Computer Science, vol. 3580, pp. 285–297. Springer, Berlin (2005)
Moran, T., Naor, M.: Polling with physical envelopes: a rigorous analysis of a human centric protocol. In: Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, pp. 88–108. Springer, Berlin (2006)
Naor, M.: Bit commitment using pseudo-randomness. J. Cryptol. 4, 151–158 (1991)
Naor, M., Naor, Y., Reingold, O.: Applied kid cryptography or how to convince your children you are not cheating. http://www.wisdom.weizmann.ac.il/~naor/PAPERS/waldo.ps (1999)
Quisquater, J.-J., Quisquater, M., Quisquater, M., Quisquater, M., Guillou, L., Guillou, M.A., Guillou, G., Guillou, A., Guillou, G., Guillou, S., Berson, T.: How to explain zero-knowledge protocols to your children. In: Advances in Cryptology—CRYPTO’89. Lecture Notes in Computer Science, vol. 435, pp. 628–631. Springer, Berlin (1990)
Schneier, B.: The solitaire encryption algorithm. http://www.schneier.com/solitaire.html (1999)
Sudoku. Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Sudoku (based on Oct 19th 2005 version)
Vadhan, S.P.: Interactive proofs and zero-knowledge proofs. In: Lectures for the IAS/Park City Math Institute Graduate Summer School on Computational Complexity. http://www.eecs.harvard.edu/~salil/papers/pcmi-abs.html
Yato, T.: Complexity and completeness of finding another solution and its application to puzzles. Masters thesis, Univ. of Tokyo, Dept. of Information Science (2003). Available: http://www-imai.is.s.u-tokyo.ac.jp/~yato/data2/MasterThesis.ps
Author information
Authors and Affiliations
Corresponding author
Additional information
Research of R. Gradwohl was supported by US-Israel Binational Science Foundation Grant 2002246.
Research of M. Naor was supported in part by a grant from the Israel Science Foundation.
Research of B. Pinkas was supported in part by the Israel Science Foundation (grant number 860/06).
Research of G.N. Rothblum was supported by NSF grant CNS-0430450 and NSF grant CFF-0635297.
Rights and permissions
About this article
Cite this article
Gradwohl, R., Naor, M., Pinkas, B. et al. Cryptographic and Physical Zero-Knowledge Proof Systems for Solutions of Sudoku Puzzles. Theory Comput Syst 44, 245–268 (2009). https://doi.org/10.1007/s00224-008-9119-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00224-008-9119-9