Cryptographic and Physical Zero-Knowledge Proof Systems for Solutions of Sudoku Puzzles

  • Ronen Gradwohl
  • Moni Naor
  • Benny Pinkas
  • Guy N. Rothblum
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4475)


We consider cryptographic and physical zero-knowledge proof schemes for Sudoku, a popular combinatorial puzzle. We discuss methods that allow one party, the prover, to convince another party, the verifier, that the prover has solved a Sudoku puzzle, without revealing the solution to the verifier. The question of interest is how a prover can show: (i) that there is a solution to the given puzzle, and (ii) that he knows the solution, while not giving away any information about the solution to the verifier.

In this paper we consider several protocols that achieve these goals. Broadly speaking, the protocols are either cryptographic or physical. By a cryptographic protocol we mean one in the usual model found in the foundations of cryptography literature. In this model, two machines exchange messages, and the security of the protocol relies on computational hardness. By a physical protocol we mean one that is implementable by humans using common objects, and preferably without the aid of computers. In particular, our physical protocols utilize scratch-off cards, similar to those used in lotteries, or even just simple playing cards.

The cryptographic protocols are direct and efficient, and do not involve a reduction to other problems. The physical protocols are meant to be understood by ”lay-people” and implementable without the use of computers.


Cryptographic Protocol Playing Card Random Coin Computational Hardness Commitment Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Balogh, J., Csirik, J.A., Ishai, Y., Kushilevitz, E.: Private computation using a PEZ dispenser. Theoretical Computer Science 306(1-3), 69–84 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Blum, M.: How to Prove a Theorem So No One Else Can Claim It. In: Proc. of the International Congress of Mathematicians, Berkeley, California, USA, pp.1444–1451 (1986)Google Scholar
  3. 3.
    Crépeau, C., Kilian, J.: Discreet Solitary Games, Advances in Cryptology - CRYPTO’93. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 319–330. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  4. 4.
    Fagin, R., Naor, M., Winkler, P.: Comparing Information Without Leaking It. Comm. of the ACM 39, 77–85 (1996)CrossRefGoogle Scholar
  5. 5.
    Oded Goldreich, Modern Cryptography, Probabilistic Proofs and Pseudorandomness, Springer, Algorithms and Combinatorics, vol. 17 (1998)Google Scholar
  6. 6.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)CrossRefzbMATHGoogle Scholar
  7. 7.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing But their Validity, and a Methodology of Cryptographic Protocol Design. J. of the ACM 38, 691–729 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Computing 18(1), 186–208 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Gradwohl, R., Naor, M., Pinkas, B., Rothblum, G.N.: Cryptographic and Physical Zero-Knowledge Proof Systems for Solutions of Sudoku Puzzles.
  10. 10.
    Gradwohl, R., Naor, E., Naor, M., Pinkas, B., Rothblum, G.N.: Proving Sudoku in Zero-Knowledge with a Deck of Cards (January 2007),
  11. 11.
    Hayes, B.: Unwed Numbers. American Scientist Vol. 94(1), (January- February 2006)
  12. 12.
    Moran, T., Naor, M.: Basing Cryptographic Protocols on Tamper-Evident Seals. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 285–297. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Moran, T., Naor, M.: Polling With Physical Envelopes: A Rigorous Analysis of a Human Centric Protocol. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 88–108. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Naor, M.: Bit Commitment Using Pseudo-Randomness. Journal of Cryptology 4, 151–158 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Naor, M., Naor, Y., Reingold, O.: Applied kid cryptography or how to convince your children you are not cheating (March 1999),
  16. 16.
    Jean-Jacques, Q., Myriam, Q., Muriel, Q., Michaël, Q., Louis, G., Marie Annick, G., Gaïd, G., Anna, G., Gwenolé, G., Soazig, G., Berson, T.: How to explain zero-knowledge protocols to your children. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 628–631. Springer, Heidelberg (1990)Google Scholar
  17. 17.
    Schneier, B.: The solitaire encryption algorithm (1999),
  18. 18.
    Vadhan, S.P.: Interactive Proofs & Zero-Knowledge Proofs, lectures for the IAS/Park City Math Institute Graduate Summer School on Computational Complexity,
  19. 19.
    Sudoku, Wikipedia, the free encyclopedia (based on Oct 19th 2005 version),
  20. 20.
    Yato, T.: Complexity and Completeness of Finding Another Solution and its Application to Puzzles, Masters thesis, Univ. of Tokyo, Dept. of Information Science. (January 2003) Available:

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Ronen Gradwohl
    • 1
  • Moni Naor
    • 2
  • Benny Pinkas
    • 3
  • Guy N. Rothblum
    • 4
  1. 1.Department of Computer Science and Applied Math, The Weizmann Institute of Science, Rehovot 76100Israel
  2. 2.Incumbent of the Judith Kleeman Professorial Chair, Department of Computer Science and Applied Math, The Weizmann Institute of Science, Rehovot 76100Israel
  3. 3.Department of Computer Science, University of Haifa, HaifaIsrael
  4. 4.CSAIL, MIT, Cambridge, MA 02139USA

Personalised recommendations