A New Clue for the Kryptos Sculpture

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he’s getting tired of waiting.

Did we mention Mr. Sanborn is 74?

Holding on to one of the world’s most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home.

Many felt they had solved the puzzle, and wanted to check with Mr. Sanborn. Sometimes forcefully. Sometimes, in person.

Elonka Dunin, a game developer and consultant who has created a rich page of background information on the sculpture and oversees the best known online community of thousands of Kryptos fans, said that some who contact her (sometimes also at home) are obsessive and appear to have tipped into mental illness. “I am always gentle to them and do my best to listen to them,” she said.

Mr. Sanborn has set up systems to allow people to check their proposed solutions without having to contact him directly. The most recent incarnation is an email-based process with a fee of $50 to submit a potential solution. He receives regular inquiries, so far none of them successful.

The ongoing process is exhausting, he said, adding “It’s not something I thought I would be doing 30 years on.”

Another news article.

EDITED TO ADD (2/13): Another article.

Posted on February 6, 2020 at 6:14 AM16 Comments


Erik February 6, 2020 6:25 AM

This feels like the contrapositive of “Anyone can design a crypto system they themselves cannot break.”

Tatütata February 6, 2020 8:15 AM

Perhaps the sculpture stands at the wrong site, i.e, Langley rather than Fort Meade.

I thought the CIA had more of a lead pipe and poisoned cigar culture, and the NSAw were the brainier lot. (Although “collect it all” is more like a tribe of raccoons happily rummaging through the city’s garbage. They ain’t called “trash pandas” for nuthin’, and are just as shy when they get caught.) According to the NYT article, part(s?) of the message have indeed been solved by cryptographers.

But what is the purpose of the grossly bloated security state together with the hypertrophied military arm, if its product is ultimately processed by a walnut size brain?

msb February 6, 2020 9:52 AM

@Tatütata, it sounds like you are describing a T-Rex–a cold-blooded giant that really has no place in modern society.

Clive Robinson February 6, 2020 11:10 AM

@ Erik,

This feels like the contrapositive

It might feel like that, but it’s not.

The shorter the message is the harder it is to work out what it’s meaning is. This is because of the lack of structure to test for. The longer the message or the more messages sent under the same key the more structure is revealed. But that may not be sufficient, thus the more messages you need under other keys to determine the methods used.

Eventually sufficient structure is revealed such that an unambiguous method is revealed and from this key schedules etc can be worked out.

The less traffic the less certainty…

For instance one way to attack a pencil and paper cipher if you suspect it is a transposition cipher from a frequency analysis is to “anagram” it out looking for repeated pattern lengths that will reveal the size of the transposition blocks.

But you would be led down a false path if infact it was a polyalphabetic substitution cipher that used a method to modify the ciphertext to have the same or sufficiently similar statistics to transposed plaintext.

So I could use a simple method of transcoding where I convert the normal plaintext alphabet (A..Z) into a variable size alphabet with a much flatter statistic (0..7,80-99) then use a numeric One Time Pad (OTP) to encrypt the transcoded plaintext into equiprobable ciphertext. This I then transcode back into the normal plaintext alphabet (A..Z) with statistics sufficiently similar to normal plaintext for the assumed language in use.

If you try to anagram the transcoded ciphertext you will find some patterns possibly even what you think are messages[1] but they will be meaningless. The shorter the message within reason the more likely you are to find what you think are partial patterns but your time will be wasted. Because the actual strength of the system is the “equiprobable plaintext” of the OTP.

There is a limit for any encipherment system where it is not possible to be certain you have a valid message or not. Rather than type in an explanation of “Unicity distance”, I’ll give a link instead,


[1] The problem with unbounded random text is that beyond a certain size it will always have some kind of patterns to be found. Worse as we know from “Bible Code Hunters” you will find hidden messages in any sizable block of text.

Mike B February 6, 2020 12:01 PM

I have a sneaking suspicion that when the answer is released we will discover that the author made something equivalent to a one time pad (ie unsolvable). The types of clues makes me thing that this is also some form of Moon Logic Puzzle that is only solvable in the reverse direction by anyone other than the creator.

Sed Contra February 6, 2020 2:02 PM

I thought it was obvious – “Too wise you are, too wise you be, I see you are too wise for me” – no ?

JonKnowsNothing February 6, 2020 2:05 PM

I find it rather curious that with all the high level polymaths in the world, abounding in security services everywhere, for which their brains are used to power the powerful, that no one has figured it out.

It does not say much that all these folks cannot solve the puzzle.

It’s not the Voynich Manuscript, with all sorts of secondary problems. It’s a puzzle that has a solution, a known-knowable output.

Well, my job at least never hinged on my being more brilliant than an Enigma Machine.

Hopefully, I’ll still be around to enjoy the solution…

Of course, someone may have solved it and is just throwing a spanner in the works….

ht tps://en.wikipedia.org/wiki/Kryptos
ht tps://en.wikipedia.org/wiki/Kryptos#Solutions
ht tps://en.wikipedia.org/wiki/Kryptos#Clues_given
ht tps://en.wikipedia.org/wiki/Voynich_manuscript
ht tps://en.wikipedia.org/wiki/Enigma_machine
ht tps://en.wikipedia.org/wiki/Jim_Sanborn
ht tps://en.wikipedia.org/wiki/Three-body_problem
ht tps://en.wikipedia.org/wiki/Orbital_mechanics
ht tps://en.wikipedia.org/wiki/The_Three-Body_Problem_(novel)

(url fractured to prevent autorun)

Ismar February 6, 2020 2:42 PM

I am surprised that Clive has not solved this puzzle already or what about those super computers with AI ????

Mike D. February 6, 2020 9:35 PM

@JonKnowsNothing To solve the puzzle is to declare that you had the capability to solve the puzzle. Anathema to a spook.

JonKnowsNothing February 6, 2020 10:29 PM

@Mike D.

To solve the puzzle is to declare that you had the capability to solve the puzzle.

This is the funniest reverse logic laugh in a long time. WOOTS!

It reminds me of the Old Days when we had to use IP addresses in binary format. There was also the slash portion to contend with.

It was perfectly predictable that 2+ Senior Engineers would run down a rat hole over the “meaning of life” and any design review meeting would be totally derailed by One Upmanship Bit Flipping games.

Don’t flip bits if you can’t tilt at windmills.

ht tps://en.wikipedia.org/wiki/IPv4
ht tps://en.wikipedia.org/wiki/IPv4#Address_representations
ht tps://en.wikipedia.org/wiki/File:Ipv4_address.svg
ht tps://en.wikipedia.org/wiki/Tilting_at_windmills
(url fractured to prevent autorun)

Random Comment February 7, 2020 5:44 AM

The puzzle is way above my current brainpower and intellect but i’m guessing if computers have not solved it already, it’s because there is a variable missing to them.

Looking at the shape of the statue and the parts shaded from the sun, it makes me wonder if the shaded/lit up parts need to be treated differently. Also as the creator was involved in the placing of the statues there, what in those shadows would change if the statue was moved to the location in the earlier deciphered text? If there is a constant time involved somewhere of course….and not sure if rotation could fit if there is nothing to say how much to rotate. Unless the NORTHEAST clue relates.

That angle has probably been looked at before because the popular image shows a shadow though. I still think there is a variable thats not related to the actual

Clive Robinson February 7, 2020 9:58 AM

@ Random Comment,

The puzzle is way above my current brainpower and intellect but i’m guessing if computers have not solved it already, it’s because there is a variable missing to them.

On the assumption the plaintext and ciphertext are the same length and that the plain text is one or more sensible English language phrases it could be “brute forced” into all the messages that would fot that length.

How fast the whole message could be done is not exactly relevant[1], because as each word is assumed correct various tests can be performed for relevance to the transform from ciphertext to plaintext[2]. If there is a “method” and not just random luck then the level of confidence you have on the message goes up.

Thus the real battle is keeping not the plaintext secret but the method secret. That is making the space the method works in to large or complex to be found with any given length of message below certain limits.

The Germans tried to do this with their Lorenz cipher machine in essence all it was was a stream cipher where the stream was generated by short pattern cycles. Any one pattern cycle would have been obvious if the message was twice as long as the pattern cycle. So the designers used another pattern the length of which was prime to the first cycle. This produced a much longer cycle which was as long as the product not the sum of the two pattern cycles. The designers figured if they kept adding pattern cycles at some point the method would not be visable despite the length of the message.

It was broken because somebody made a mistake[3]. Two long messages using the same key setting were sent, the difference in length was smallish but apparent and the ciphertexts started off the same then diverged. This gave information about the encryption method that had untill that point not been available.

The problem with this statue is there is just one short message under this unknown encipherment method. Even giving hints such as short parts of the plaintext does not realy help in discovering the method.

[1] See a certain well known social media sight brute forcing it’s name for a secret Tor service identifier.

[2] Look up the “sawbuck” cryptanalysis technique for one simple example, given in Bauer F.L. — Decrypted Secrets: Methods and Maxims of Cryptology ISBN 978-3-662-03452-1.

[3] The reason was the operator sent the equivalent of “Message Number 123” in one message and as the equivalent of “Message No 123” in the other message. Upto that point the two ciphertexts had been the same as you would expect then they diverged again as you would expect. The British having got both ciphertexts and assuming they were the same message went through them and worked out how to seperate the two key streams and then the various periods in use in the encryption method. It was a work of some genius and long hours by the fruits of this work that gave rise to Tommy Flowers developing the first electronic based automatic cryptanalysis machine COLOSUS, that he was wise enough to make more flexible by making it programable. Thus technically the first electronic computer.


JonKnowsNothing February 20, 2020 12:54 AM

re: Solving the Puzzle
disclaimer: I am horrid at puzzles of any type.

This puzzle reminds me of a great episode on Star Trek the Next Generation: Darmok.

It is difficult to translate what you have no cultural reference for just as it is difficult to translate idioms. Determining meaning from words or numbers or allusions or hand waving or facial expression all depends on cultural reference.

A rose by any other name…

But if you are The Petit Prince… your rose is unique.

It maybe the puzzle has mathematical difficulties but it’s also a function of having no context about the puzzle.

Picture jigsaw puzzles have a frame, piece shape, sometimes a multicolored image and sometimes a defined scene.

Here we have nothing. There are no frames. No images. Whatever the reference is no one except the sculptor knows.

The jam is, he already admitted to a goof/error/false information embedded in the sculpture which means it’s a puzzle with pieces missing.

He said that he made an error in the sculpture by omitting an “X” used to separate sentences, for aesthetic reasons

We also have the problem of professional obfuscation withholding information: 8 years before revealing a findings.

The NSA also claimed that some of their employees had solved the same three passages, but would not reveal names or dates until March 2000, … had solved passages 1–3 in late 1992.

It may be a problem similar to the French Diplomatic Cipher of the ~1900s which was unbroken for a long time due to its simplicity. Once broken, the archives of stored messages spewed their secrets.

It maybe they have already solved it and get a good laugh at the rest of us still scratching our heads.

As it seems that the context is about time, Time will tell. Hope I’ll be around to have a good laugh about it.

ht tps://en.wikipedia.org/wiki/Darmok
ht tps://en.wikipedia.org/wiki/Kryptos#Solution_of_passage_2
ht tps://en.wikipedia.org/wiki/Chronos
ht tps://en.wikipedia.org/wiki/Cronus
ht tps://en.wikipedia.org/wiki/The_Little_Prince

James Parsons April 10, 2020 9:47 PM

so just coming across this and something is really bugging me. why does everyone who posts a picture or representation always reverse the cipher? I say this because if you notice the particular attention to detail in this beautiful piece of art and everything is deliberate, then why are the letters on the second half disordered the way they are if not for a very particular reason. I think that in order to truly understand the solution you have to understand the problem. gonna keep the rest of my thoughts on this close to my chest but that just really bothered me

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.