Right outside the United States capitol lies the headquarters of the Central Intelligence Agency. The building was completed back in 1961, but a major overhaul in the late-1980s led to the creation of this courtyard, right here. To enhance the aesthetics of the new facility, the CIA commissioned a local artist named Jim Sanborn to decorate the courtyard as well as the west entrance with some artwork.
By early 1990, the first glimpse of this artwork appeared in an article by the Washington Post. In the background lies a large sheet of metal perforated by multiple rows of letters. It was some sort of code.
A secret message that, according to Sanborn, had been concealed by at least two different ciphers. In late June, the four copper plates upon which the code had been inscribed were installed in the northwest corner of the courtyard. The sculpture attracted immediate attention from CIA cryptanalysts, who organized a sweepstake for someone to crack the code.
But, despite their best efforts, the code remained intact. Being located at the heart of the Agency meant the sculpture was off-limits to the public. A private dedication ceremony was held in early November, but it wasn't until March the following year that images of the complete installation began trickling out to the masses.
It starts with three granite and copperplate constructions placed near the west entrance. One of the slabs features a compass rose pointing towards a naturally magnetized rock known as a lodestone. Furthermore, strings of Morse code can be found on flat sheets of copper interlaced with the stonework.
Moving through the atrium and into the courtyard, we're greeted by a shallow pond flanked by two featureless slabs of granite. No codes nor markings to speak off on these two. Finally, we reach the main attraction.
A curved screen of copper with hundreds of punched-out letters supported by a trunk of petrified wood. The screen encircles a small fountain surrounded by two boulders. There are 1 736 characters in total, which can be divided into two parts.
The left side is the ciphertext containing the secret message, while the right side is what's known as a Vigenère table. The table offered a major clue for how the ciphertext was meant to be solved because a Vigenère table is typically used in combination with a Vigenère cipher. Not only that, but Sanborn revealed in early interviews that the upper half of the ciphertext had indeed been encoded using a Vigenère cipher.
It works like this. We start by writing down an alphabet. The most obvious would be the English alphabet of 26 letters, but Sanborn did something a bit different.
He used what's known as a keyed alphabet. Basically, you select a keyword and move the letters of that word to the front of the alphabet. In Sanborn's case, he chose the keyword KRYPTOS, stemming from an ancient Greek word for "hidden".
Okay, so we move the K to the front, followed by the R, then the Y, P, T, O, and S. This keyed alphabet is then repeated underneath the first but shifted one letter to the left. So it starts with the letter R and the K is moved to the end.
The next alphabet is shifted once more, so it starts with Y and ends with R. This process is repeated all the way down, until we end up with 26 rows and 26 columns for each letter in the alphabet. Alright, so that's how you construct a Vigenère table using the keyword KRYPTOS.
Now, the text on the sculpture is a bit different. In addition to the table, Sanborn added two index rows and a column composed of the standard English alphabet. These indices are sometimes added for convenience as it can simplify the encryption and decryption process, but they're not strictly necessary.
Furthermore, these four columns have been repeated at the end here, like so. This repetition has no impact on the encryption or decryption process, so they might've been added for aesthetic reasons to symmetrize the left and right side of the sculpture. You may have also noticed this rather conspicuous L off to the side here, but we'll get to that one later in the video.
All we have to care about right now is the actual Vigenère table, which is this part in the middle. Okay, so let's now use this table to encrypt a message. Something simple, like, say, SECRET MESSAGE.
I know, I have a creative mind like the world has never seen. The first thing we need is another keyword. Let's say the keyword is HIDDEN.
Because SECRET MESSAGE is longer than HIDDEN, we simply repeat the keyword until it matches the length of the plaintext above. Once that's done, we're now ready to encrypt. The first letter of the plaintext is S, so we find the row that starts with S in the Vigenère table.
The first letter of the keystream is H, so we find the column that starts with H. The letter at which this row and column intersect is the first letter of the ciphertext. In this case, that letter is Q.
The second letter pair is E and I. So we find the row that starts with E and the column that starts with I which intersect on the letter K, making K the second letter of the ciphertext. By repeating this process for all the letter pairs, we end up with a ciphertext that looks like this.
That's it. That's how you encrypt a message using a Vigenère cipher. Likewise, by following these steps in reverse, you'd be able to decrypt the message.
But, as you can imagine, that only works if we know the keyword. Without that keyword, which functions very much like a password, it becomes significantly more difficult to crack the code. This is the situation that those taking a stab at Kryptos found themselves in back in the early 1990s.
They were faced by this wall of ciphertext, and the only person who knew the keyword was Jim Sanborn. For the next decade or so, both professional and amateur cryptanalysts took turns at solving Kryptos without success. The occasional mention would pop up on various discussion forums and chat rooms but, otherwise, Kryptos quickly faded from public consciousness.
Even Sanborn himself later admitted he kind of forgot about Kryptos as he went to work on other projects. But all that changed on June 8, 1999, when a computer scientist from Southern California named Jim Gillogly announced that he had finally broken through. Gillogly was a former president of the American Cryptogram Association and used some bespoke software on his top-of-the-line Intel Pentium II home computer to brute force solutions to Kryptos in just four days.
Except, Gillogly was unable to crack the entire code. He discovered that Sanborn had divided the ciphertext into four distinct segments. Gillogly managed to solve the first three, known as K1, K2, and K3, but K4, comprising the final 97 characters, refused to budge.
Not only that, but when he called the CIA's Office of Public Affairs, Gillogly was informed that a technical analyst by the name of David Stein had beaten him to the punch. Equipped with nothing but pencil and paper and minimal knowledge of cryptology, Stein had spent the better part of a decade tinkering away at Kryptos before finally cracking the code in early 1998. Weirdly enough, this was reported as early as November of that year, many months before Gillogly made his announcement, yet barely anyone seems to have noticed.
Nevertheless, Stein had likewise been stumped by K4 and only managed to solve the first three sections. But, as it turns out, Stein was not the first to solve it either. In the wake of Gillogly's announcement, it came to light that members of the National Security Agency had secretly solved K1 through K3 all the way back in 1992.
Few details were given at the time, but their efforts were later outlined in a series of declassified documents, so let's now take a look at how the NSA partially solved Kryptos. Sometime in late 1991, a group of NSA cryptanalyst interns were given a tour of CIA headquarters. They took an immediate interest in Kryptos and, upon returning to NSA headquarters, formed a small study group to try and crack the code.
While the ciphertext is composed of 865 letters, there are also four question marks. The assumption made by members of the study group was that the question marks divided the code into five segments. But after a few days of trying, this assumption failed to yield results.
They wrote of one segment that it seemed to be a "completely random system" that would be "very difficult to break," and had no idea how to approach K4. As if placing a curse upon all future codebreakers, they wrote, "This part may be unbreakable. " About a year later, in early November 1992, the CIA officially challenged the NSA to solve Kryptos.
The challenge was accepted by four veteran cryptanalysts, who began making headway almost immediately. Unlike the previous group, they ignored the question marks and, instead, turned their attention to something known as frequency analysis. It works like this.
Every language uses certain letters more frequently than others. In English, the most frequent letter is E while letters like X, Q, and Z are among the least common. So if we count the letters in a piece of English text, like, say, the beginning of the Wikipedia article about cryptography - again, creative mastermind at work here - we'd expect to find a lot more Es, Ts, and As than Bs, Zs, and Ks.
Sure enough, that's exactly what we find. 42 Es and not a single K. The beauty of this approach is that it works even if the letters are scrambled.
After all, we're only interested in the frequency of letters, not their positions. So even if we turn our Wikipedia sample into gibberish by rearranging the letters, we still get the exact same result, hinting that this text was originally written in English. In cryptology-speak, this method of encryption is known as transposition.
A transposition cipher will transpose or move characters around but, otherwise, leave them unchanged. It differs from a substitution cipher which, as the name suggests, can substitute or replace characters. We've already seen an example of this with the Vigenère cipher, where letters are supplanted by new ones according to a Vigenère table.
This substitution of letters will often render frequency analysis far less useful, if not outright ineffective. Alright, back to Kryptos. What the NSA cryptanalysts did was to simply count all the letters in each row of the Kryptos ciphertext.
Once they were done, they found that rows 15 through 25 produced a frequency count that strongly resembled English. Notice, for instance, how there are plenty of Es and Ts but not a single J nor Z. In other words, this middle portion of Kryptos had probably been encoded using a transposition cipher, while the rows above and below had probably been encoded using a substitution cipher.
By this point, the NSA team assumed the ciphertext had been divided into three segments and felt pretty confident this upper portion was a Vigenère cipher, as Sanborn himself had publicly stated. So the next logical step was to try and suss out the keyword. There are a few different ways to go about this, but a common one is to exploit certain repeating patterns left behind by the encoding process.
Remember how, in a previous example, the keyword HIDDEN was repeated until it matched the length of the plaintext. Well, that repetition can reveal information about the length of the keyword. Imagine we wanted to encode the message IDEAL CONCEALMENT OF MANY DOCUMENTS using the keyword MYSTERY.
The resulting ciphertext would look like this. Notice how the string E-A-L becomes W-T-P both here and here. Likewise, the string M-E-N-T becomes D-C-Z-R both here and here.
This only happens when there's an alignment of letters in both the plaintext and the keystream below. E and S becomes W, E and S becomes W. M and R becomes D, M and R becomes D, and so on.
In other words, identical pairings will always produce the same letter. So imagine now that we only had the ciphertext. We'd quickly notice the repetitions of the letters W-T-P and D-C-Z-R.
We could then measure the distance between these repetitions. Okay, so there are seven letters between the beginnings of these two and fourteen letters between the beginnings of these two. This strongly implies the length of the keyword is seven and, sure enough, the keyword MYSTERY is seven letters long.
Fortunately for the NSA team, repetitions like these were indeed present in the Kryptos ciphertext. Take this one, for instance. The beginnings of these two identical strings are separated by eight letters.
This meant the keyword was probably eight letters long, or possibly a factor of eight. So the keyword had a length of 8, 4, 2, or 1. But eight was still the most probable, as a four-letter keyword or below would likely have been a bit too easy to crack.
By this point, the NSA team could've just run the ciphertext through a program and checked it against all eight-letter words in an English dictionary. But Sanborn could, theoretically, have used a random jumble of letters or a word of his own invention, so they opted for a different approach. First, they evened out the rows, like so, and divided the ciphertext into eight-letter chunks.
This way, they could be certain that every eighth ciphertext letter had been enciphered using the same keyword letter. For instance, imagine that the keyword was OBSCURED. The first letter of that keyword is O, so every eighth ciphertext letter must've been enciphered using the letter O.
This means that if the same letter appears at intervals of eight in the ciphertext, like, say, the letter R, here, here, here, and a few more times, we have these identical pairings I mentioned before. We have R-O, R-O, R-O, all the way down, which means all of these Rs must represent the same letter in the plaintext. And that's the key to breaking the cipher.
Knowing that certain letters represent the same letter in the plaintext makes the cipher vulnerable to frequency analysis. After all, if all these Rs represent the same letter, and the same is true of all the other letters in the ciphertext, we can just count the letters. The letters with high frequency counts probably represent letters like E and T while letters with low frequency counts probably represent letters like Q and Z.
And so, that's what the NSA team did. They counted a bunch of letters, tried different combinations, until, eventually, they found something that began to resemble English. For instance, at one point they ended up with this and noticed the words SIX, FIVE, and SEVEN appeared to be forming near the end here.
All that was left to do was guessing the remaining letters and, just like that, the first portion of Kryptos had been solved. It's a bit difficult to see when the text is lumped together like this but if we add some spacing between the words, it becomes a lot more readable. We'll examine this plaintext in a moment, but first we need to address this mess at the top.
What the NSA team discovered was that rows 3 through 14 had been enciphered using one keyword, while the two uppermost rows had been enciphered using a different keyword. In other words, the Kryptos ciphertext was actually composed of four distinct segments, not three as initially assumed. So the portion they solved first was actually the second segment, which would later become known as K2.
Alright, once K2 had been unlocked, they immediately set their sights on K3. As previously mentioned, frequency analysis indicated K3 had been encoded using a transposition cipher, so a substitution cipher like the one used to encode K2 was definitely off the table. While there are many different kinds of transposition ciphers, they often rely upon some sort of matrix.
For instance, imagine we wanted to conceal the plaintext THIS IS A SECRET MESSAGE. We would then pick a keyword like CLOAKED and write down the message in a grid, or matrix, like so. Then we assign a number to each letter in the keyword based on their alphabetical order.
So A, C, D, E, K, L, O. Then we rearrange the columns in numerical order. Finally, we write down the letters in each column to generate the ciphertext.
Fairly simple stuff. But that simplicity is also the weakness of a cipher like this one because you can sort of guess your way to a solution with a lot of patience, a bit of luck, and some knowhow. And that's precisely what the NSA team did.
They quickly noticed there's only one Q in the entire K3 ciphertext. They also knew that plenty of English words that begin with Q are followed by a U and there were only five Us. So they simply took the Q along with a few letters before and after and wrote them down as a column.
Then they did the same with the five Us and placed them next to the first column. Some of the letter combinations were problematic, like Y-Y and H-H, which would be unlikely to show up in an English word. But other columns looked more promising, like the H-E in this pair of columns which could be the end of THE, the most common word of all.
So they tried a few T-columns, followed by some more columns, and a few more columns, and that was pretty much it. They eventually recovered the entire plaintext through nothing more than educated guesswork. In fact, the assumption that Q would be followed by a U proved to be wrong, but they still managed to find the solution.
They also realized that the last four characters were actually part of K4 rather than K3. Alright, so that was K3 unlocked, on to K1. The reason the NSA team tackled K3 ahead of K1 is because the latter was only 63 characters long.
Generally speaking, the shorter the ciphertext, the more difficult it is to break. Fortunately, the K1 ciphertext was just another Vigenère cipher. All they had to do was repeat the steps taken to solve K2 and, eventually, they recovered the entire K1 plaintext, which reads as follows.
Moving on to the K2 plaintext, it reads like this. Finally, we have the K3 plaintext, which reads as follows. Alright, so what the hell does any of that mean?
Well, something that immediately stands out is how all three segments include exactly one misspelled word. In K1, the first L in ILLUSION has been replaced with a Q. In K2, the O in UNDERGROUND has been supplanted by a U.
In K3, the word DESPERATELY is missing the third E and has had the second E substituted for an A. The prevailing belief within the Kryptos community is that these typos are deliberate. They're typically perceived as some sort of clue, and Sanborn has indeed implied or outright stated that that's the case on multiple occasions.
However, Sanborn has also made statements where it almost sounds like he's only pretending as though the typos were deliberate. Looking at the overall meaning of the plaintext it's, well, difficult to parse, and, according to Sanborn, that's very much by design. The K1 plaintext is very short but seems to be alluding to shadows and how they're illusions formed by the absence of light.
Light and shadow is a common theme in Sanborn's opography (opus-ography; synonym: oeuvre) so, perhaps, some sort of pattern will form when the sculpture is struck by sunlight at just the right angle or something to that effect. The K2 plaintext is a bit more straightforward by plainly stating that something was buried at these coordinates, which point to a location a few meters south of the sculpture. But in 2013, Sanborn apparently confirmed that what he buried at this location has since been removed.
According to a summary of a post-convention dinner attended by Sanborn, the item was a bronze geodetic survey marker made by the United States Geological Survey. They're typically used for things like topography and measuring the distance between locations. That being said, it sounds like the survey marker was only meant to elucidate the meaning of the final plaintext, rather than offer clues for deciphering the code.
Looking at the rest of the K2 plaintext, it makes reference to something invisible and using the Earth's magnetic field. This could be alluding to a compass which, in turn, could be a reference to the compass rose etched into the stonework by the west entrance. The remaining portions seem to be about the survey maker.
It was buried or transmitted into the ground at an unknown location, followed by the coordinates of that location. Furthermore, Langley is a nickname for the CIA because it's based out of Langley, Virginia, and Sanborn has confirmed that WW is a reference to former CIA Director William Webster. Sanborn once said the K2 plaintext was meant to look like an "interrupted radio transmission".
It's not uncommon for the letter X to denote periods in radio communications, and Sanborn has confirmed that that is indeed what the multiple Xs sprinkled throughout the plaintext are meant to represent. The only real question mark surrounding the K2 plaintext is this final sentence ID BY ROWS. But we'll circle back to that one in a moment.
The K3 plaintext is a lot easier to parse because it's just an extract from the 1923 book The Tomb of Tut-Ankh-Amen. It recounts the moment British archaeologist Howard Carter stumbled upon the tomb of the ancient Egyptian pharaoh Tutankhamun. Sanborn later explained that he included this passage because he wanted to instill in the solvers of Kryptos a semblance of the exhilaration experienced by the Egyptologists.
The only thing that doesn't make much sense about the K3 plaintext is this final Q. It's not in the sourcetext, and it just looks out of place. Some have speculated it's a reference to a character like Q in the James Bond franchise or the godlike Q in Star Trek because it sounds like the question is addressed to someone named Q.
Sanborn did once briefly reference Star Trek in an interview, but it doesn't sound like he's the kind of person to include a pop culture reference in his work. The NSA cryptanalysts were able to solve K1 through K3 in as little as two days, although some documents suggest it took them at least a month. But despite their best efforts, the final 97 characters proved too much of a challenge.
After Jim Gillogly's independent solution received widespread media attention in 1999, thousands more joined the fray and began tinkering away at K4. But in spite of this renewed interest, the final 97 characters have resisted all attempts at decipherment. As indicated by the NSA, part of what makes K4 so difficult is its length.
At 97 characters, it's the second-shortest segment behind K1. On the bright side, K1 was eventually solved, so it's not like K4 is prohibitively short. I mean, it's not like it's literally unbreakable.
Wait, it is possible to solve, right? It's a question that invariably shows up in any discussion about Kryptos. What if Sanborn just threw together a bunch of random letters at the end to keep people guessing forever?
I mean, it's a great way to extend the longevity and relevance of an art piece. On the other hand, Sanborn has very explicitly stated on multiple occasions that K4 is solvable. When the CIA commissioned Sanborn to create Kryptos back in the late 1980s, he received help from a CIA cryptographer named Edward Scheidt.
Alright, I'm just gonna give my Irish viewers some time to process that surname. Alright, much like Sanborn, Scheidt is adamant the code is solvable. But I must emphasize here that Scheidt doesn't actually know the solution.
He's merely saying that when he and Sanborn devised a general outline for the code, the plan was to create something that could be deciphered. But it's interesting that Scheidt says "deciphered or extracted" because there is indeed more than one way to recover the plaintext. In fact, there's good reason to believe none of the previous segments were solved in the way they were intended to be solved.
Remember, the NSA solved K1 through K3 not by finding the keywords but, instead, by exploiting certain patterns and weaknesses in the ciphers. The same is true of the methods employed by David Stein and Jim Gillogly. To use an analogy, they hotwired a car instead of finding the keys.
So, the question is, how were we supposed to find those keys? Let's start with K2. Alright, so through cryptanalysis, the NSA team deduced the keyword of K2 had a probable length of eight, and this was confirmed once they successfully extracted the plaintext.
At this stage, there are a few different ways to reveal the actual keyword. A really neat way of doing it is to truncate the Vigenère table so that the number of rows matches the length of the keyword. In this case, the keyword has a length of eight so we only need the first eight rows, not counting the first one which will act as an index.
Then, we simply offset each row or alphabet according to the plaintext, like this. The first letter of the plaintext is I while the first letter of the ciphertext is V, so we slide the first row until the V is in the I-column. The second letter pair is T and F, so we slide the second row until the F is in the T-column.
Once we've done that for each of the eight rows, the eight-letter keyword ABSCISSA is spelled out vertically in the first column. The word abscissa is a mathematical term that typically refers to the X coordinate of a point in a two-dimensional graph. So graph, point, coordinates, ordinate, abscissa.
It's unclear how this relates to Kryptos, but some believe it's a metaphor for the treasure-hunting idiom, "X marks the spot. " Another interpretation is that the process of finding letters in a Vigenère table sort of resembles points in a graph, where the abscissa and ordinate are the columns and rows. Anyway, once the keyword was known, people started looking for ways to recover ABSCISSA without first knowing the plaintext.
After a lot of searching, they came up with a plausible theory. Remember those granite and copperplate constructions by the west entrance inscribed with Morse code? Well, if you didn't, now you do, and here's the translation.
There are a few immediate takeaways. The second I in DIGITAL has been swapped for an E and the next line is likely meant to say INTERPRETATION, but the code is cut off so the final N is missing and the O ends up looking like a T. DIGITAL INTERPRETATION could mean there's some sort of digital component to solving Kryptos which is consistent with a comment made by Sanborn.
T IS YOUR POSITION could mean a lot of things. According to some Kryptos enthusiasts, Sanborn once told them the Morse code actually continues underneath the blocks of granite, so the full sentence could be something like WHAT IS YOUR POSITION. VIRTUALLY INVISIBLE is similar to the first line of K2, while SHADOW FORCES is reminiscent of K1.
As for LUCID MEMORY, RQ, SOS, and the 27 seemingly superfluous Es? Who knows? Alright, so that's what the Morse code says, now, back to the keyword search.
If we take the last four letters of VIRTUALLY and the first four letters of INVISIBLE and use ALLYINVI as a keyword for K2, we find the word ABSCISSA spelled out right here. The reason this works is because the sequence ALLYINVI also appears in the K2 plaintext in the phrase TOTALLY INVISIBLE. We're basically using part of the plaintext to reveal the keyword instead of using the keyword to reveal the plaintext.
In fact, this works with any eight-letter sequence of the plaintext as long as it's offset at intervals of eight. So if we use the first eight-letter sequence, ITWASTOT, we'll get ABSCISSA here. If we use the next eight-letter sequence, ALLYINVI, we get ABSCISSA here.
Using the third sequence, SIBLEHOW, we get ABSCISSA here, and so on. Presuming this was intentional and Sanborn didn't just happen to use two similar phrases without realizing one could accidentally expose the keyword of the other, it's still unclear how we were supposed to know to rearrange part of the Morse code to read ALLYINVI as opposed to any other sequence of letters. Another option is to take this one E at the end of VIRTUALLY and move it to the front, then we ignore the six Es at the beginning of the next line, and append INVISIBLE.
Plugging that in as a keyword will also produce ABSCISSA because the first eight letters act as padding to ensure ALLYINVI falls into place. In fact, we can use any eight letters before ALLYINVI, and it works just the same. But again, it's unclear how someone was supposed to deduce that those specific letters had to be organized in that specific way.
Sure, Sanborn might've expected us to simply guess by trying different Morse code fragments and successively prepending them with letters. There's even a cryptographic term for this technique, which is crib dragging. But it would still have been nice to have, at least, one solution that relied exclusively on clues and deductive reasoning rather than tedious guesswork.
As far as I can tell, Sanborn has never confirmed whether ABSCISSA was supposed to be acquired in this way, but it's the least convoluted theory for the time being. Moving on to K1, the suspected keyword length was ten and, sure enough, if we modify the Vigenère table like before, we find the ten-letter keyword PALIMPSEST spelled out vertically in the first column. A palimpsest is a reused manuscript or document.
If you erased the text from the page of a book and wrote new text in its place, that's a palimpsest. It's a word that fits the theme of Kryptos in multiple ways, not least of all because the curved copper screen resembles a scroll or the flowing page of a book. Another interesting find is that the combined letters of PALIMPSEST and ABSCISSA can be used to construct the anagram PS ITS AS SIMPLE AS ABC.
Anyway, unlike the keyword for K2, no one really knows how PALIMPSEST was supposed to be found. The only half-decent theory seems to be one that relies on palindromes within the Morse code, which is when a sequence of letters reads the same forwards and backwards. The idea is to take some of these palindromes while ignoring others, and to then stack them in a particular order to form the word PALIMPSEST.
But the process feels very contrived, so I'm not gonna go into detail here. You can check out the references if you want to learn more. Moving on to K3, things get a bit tricky because there's more than one way to recover the plaintext.
The easiest one is so simple it's almost laughable. All you have to do is count every 192nd character. That's it.
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15. . .
. . .
189, 190, 191, 192. The first letter is S. 1, 2, 3, 4, 5, 6.
. . .
. . 143, 144, 145.
If we reach the end, we just loop back around and keep going. 146, 147, 148, 149, 150. .
. . .
. 189, 190, 191, 192. The second letter is L.
Keep going like that and you'll recover the entire K3 plaintext. There are a bunch of other decryption methods I could explore here, including one that quite convincingly utilizes the keyword KRYPTOS. But there is one method that's not just theory but actually has some evidence behind it.
In 2013, Sanborn released this encoding chart, which he used to encode the K3 plaintext. It's very low resolution, but notice what looks like an arrow in the lower left-hand corner. For many Kryptos enthusiasts, this all but confirmed what they had long suspected.
Namely, that the K3 ciphertext had been generated by simply rotating the plaintext. It works like this. First, we write down the K3 plaintext in a 42x8 grid.
That's 42 characters per row across eight rows. We then rotate the text 90 degrees clockwise. Using this new orientation, we write down the characters, row by row, in a 14x24 grid.
You'll notice the text now matches the encoding chart, and all we have to do to generate the K3 ciphertext is rotate the text once more. There you go. The encoding chart even has the word END written in the corner here to mark the end of the ciphertext.
But there is one problem with this approach. It leaves out the question mark at the very end of K3. Notice how it's not included in the encoding chart.
This has led many to suspect that this final question mark is actually the beginning of K4 rather than the end of K3. Now, an argument against that is that the sourcetext of K3, The Tomb of Tut-Ankh-Amen, does end with a question mark, and it would, of course, make a lot more sense for a question mark to fall at the end of a sentence rather than the beginning of one. Sanborn has repeatedly refused to answer whether it belongs to K3 or K4, but has confirmed it is nothing more than a question mark.
Presuming it does belong to K4, the fact the question mark appears at the beginning might be a clue that K4 is written in reverse. Speaking of question marks, remember that inscrutable final sentence of K2? Ever since K2 was first deciphered back in 1992, the phrase ID BY ROWS or possibly ID BY ROW S has been a complete mystery.
But in late 2005, a Kryptos enthusiast by the name of Monet Friedrich was crib dragging different keywords through K2 when she noticed something odd. If you move the first A of ABSCISSA to the end and plug that in as a keyword, the last sentence of K2 becomes PLAYER TWO. It wasn't given much attention at the time because, well, discoveries like these are not that uncommon.
Shifting letters around and trying different keywords is bound to generate the occasional text that just so happens to be legible. But, this time, it was different because, half a year later, Sanborn informed the Kryptos community that he'd made a mistake by omitting an S between this E and W near the end of the K2 ciphertext. If we add that S back in, the final sentence no longer reads ID BY ROWS but X LAYER TWO.
Something that immediately comes to mind is that a palimpsest is a document with two layers of text. Anyway, the fact that this omission still produced something legible was pure chance, and it's why it took Sanborn 16 years to detect his mistake. He apparently assumed ID BY ROWS was some sort of cryptographic jargon and didn't realize there was something wrong with the actual code.
This does, of course, raise the rather concerning possibility that the reason K4 hasn't been solved is because it, too, contains some sort of mistake that Sanborn has missed. That is a bit concerning. In a subsequent interview, Sanborn said he was "pretty sure" that K4 is "fairly accurate.
" A few years later, Sanborn said in yet another interview that he'd completely forgotten the K4 plaintext, once again. So whether Sanborn has actually gone back and double-checked the intended steps for solving K4 remains unknown, and the possibility of a mistake can't be completely ruled out. That being said, K2 was deciphered in spite of a mistake so even if K4 contained a similar typo, it wouldn't necessarily be rendered unsolvable.
Another reason to be optimistic about the solvability of K4 is the fact that Sanborn has gotten increasingly impatient for someone to solve it. So to nudge the process along, Sanborn finally caved and offered a clue in late 2010. The clue was a fragment of the K4 plaintext.
Specifically, the word BERLIN, located here. So K4 can somehow be decoded such that the letters N-Y-P-V-T-T are supplanted by the word BERLIN. Not only that but Sanborn also released the encoding charts he used to create K1 and K2 which supposedly contain some sort of revelatory information.
All that's really been gleaned from these charts so far is that the IQLUSION typo in K1 was the result of changing the first S in PALIMPSEST to a C. Meanwhile, the K2 chart does not include the UNDERGRUUND typo. This could mean IQLUSION was deliberate while UNDERGRUUND was not, just as it could, you know, not mean that.
Even though Sanborn stated he wouldn't offer another clue until 2020, he apparently changed his mind and disclosed a second clue only four years later. This time, it was the word CLOCK, located right next to the previous clue. So this portion of the K4 ciphertext can somehow be decoded into BERLIN CLOCK.
The clock in question is probably this one. It displays the time using a series of red and yellow lights and is indeed located in Berlin. But its relevance to Kryptos remains a mystery.
Six years later, in early 2020, Sanborn disclosed yet another clue. This time, it was the word NORTHEAST, located here. Less than a year later, in the midst of the pandemic, Sanborn released his latest clue, which was the word EAST.
Even though nearly one quarter of the K4 plaintext has now been disclosed, the final segment remains undeciphered. Something I've learned about Kryptos over the past few months is that everything you can think of has already been tried. I mean, not literally, of course, but that's certainly what it feels like.
There were so many times during my research where I had an idea for how it might've been done, only to find that someone already tried that some 20-odd years ago. I mean, we're talking thousands of people trying every conceivable permutation of every conceivable cipher for over thirty years. It's especially impressive considering Sanborn is not a cryptographer and, at his own admission, is bad at math.
[SANBORN I am what I like to refer to myself as an anathemath. Which means I have- I'm afraid of mathematics. I do not have math skills.
I was taught physics, but only baby physics. I was taught math in summer school because I didn't pass math in high school. So, basically, there are other ways to make codes rather than using algorithms, the bane of my existence.
Instead, he's an artist with a background in archeology who, somehow, managed to create a code that's withstood billions upon billions of cracking attempts and even stumped the NSA. On the other hand, the fact that Kryptos was made by a non-expert and does not require advanced mathematics makes it all the more likely for a layperson to solve it. If anything, a creative and artistically minded amateur may actually have a better chance of solving K4 by thinking outside the box in a way that computer algorithms and professional cryptanalysts may struggle to do.
One of the leading hypotheses entertained by the NSA back in the early 1990s was that K4 had been enciphered not just once but multiple times over. The idea is that Sanborn took the K4 plaintext and ran it through a Vigenère cipher, like the one used to encode K1 and K2. Then he took the resulting ciphertext and ran that through a transposition cipher, like the one used to encode K3.
This second layer of ciphertext was then carved into the sculpture. According to Edward Scheidt, the plan for K4 was to somehow conceal the English language to curb the use of frequency analysis, which, as we now know, was instrumental in solving the previous three segments. We can only guess what exactly that means, but cipher stacking would be a very simple yet effective way to mask the language of the plaintext and disrupt the use of frequency analysis.
Another proposed solution is to use what's known as the Hill cipher. The reasoning behind this one is tied to that conspicuous L in the Vigenère table mentioned near the beginning of the video. While many believe the L is merely an oversight, others believe it's a deliberate clue because its inclusion means the word HILL can be spelled out vertically on the side here.
Others believe the solution has something to do with the letters D-Y-A-H-R at the beginning of K3, which have this odd spacing that makes them stand out from the rest of the code. A possible anagram of these letters is the word HYDRA, but whether that's meaningful is, of course, anyone's guess. As you can imagine, there are hundreds of theories and, out of sheer desperation, many turn to scrutinizing everything Sanborn and Scheidt has ever said in the hopes of narrowing down the list.
Exhibit A: this video. But that is, perhaps, not such a good idea. Although, not even the fact that he can't be trusted can be trusted because Sanborn has said the complete opposite in other interviews.
Disinformation and dubious benevolence aside, Sanborn has taken steps to ensure the solution to K4 isn't lost to time. It will either be put up for auction or passed on to someone else in the event of his death. So, one way or another, we will hopefully get that answer at some point in the future.
Who knows? Maybe one of you watching this video right now will be the one to break the unbreakable. Think about it, these 97 or so characters are all that stand between you and history.
Everyone will know your name. We're talking interviews, talk shows, podcasts, conferences, the whole circus. Centuries from now, students will be bored out of their minds as they read that one chapter about the history of cryptography that bears your name.
All you need to do is throw some symbols into a blender, and you'll become immortal. You'll forever be remembered as the person who defeated the American intelligence community at their own game. The genius who solved Kryptos when no one else could.
Then, when you finally do solve it, we can all look back at videos like this one and laugh at how wrong we were or be astonished by how close we got. So what are you still doing here? Go and solve the damn thing.