The Kryptos Sculpture: An Enigma Within the CIA’s Own Walls

By Kathleen Hablutzel and Zampa Provenzale

Jim Sanborn created the sculpture Kryptos in 1990 to stand within the CIA headquarters in Langley, Virginia. The sculpture is made primarily of copper and is shaped like an “s,” meant to resemble a piece of paper being printed. Hollowed out encrypted words cover the statue. The message is separated into four sections, each with its own encryption. Put together, the four decrypted messages from a riddle. Sanborn used the Vigenère Cipher for the first two passages and transposition for the third. The fourth passage has yet to be decrypted more than thirty years later. Sanborn is not a professional cryptographer, he is a sculptor. With only a brief crash course on cryptography Sanborn managed to create a cipher that has fooled the CIA and many experienced cryptographers for decades. This is a prime example of a computation that is easier forwards than backwards: this beginner cryptographer created a cipher strong enough to foil experts.

The Kryptos sculpture in a courtyard of the CIA’s headquarters. The sculpture derives its mystery from the four encrypted passages covering the statue, one of which remains unsolved after 30 years.

Passages 1 and 2

Sanborn encoded the first and second passages using the Vigenère Cipher, which encodes each letter in a message based on a keyword. If we number the letters of the alphabet, and sum each letter in the message with the number of its corresponding key letter, the sum gives the number of the new letter in the ciphertext, as shown below. (If the sum exceeds 26, we subtract 26.)

Since the keyword is usually much shorter than the message, we repeat the keyword over the length of the message.

This cipher’s strength is that the same letter won’t necessarily encode the same way in different parts of the ciphertext. In the example above, T encodes to R sometimes and X other times, because we encoded T with different letters from the key. However, sometimes repeated letter sequences in our message will align with the key in the same way, resulting in the same encryption in our ciphertext.

In order to align with the key the same way, the distance between repeated segments must be a multiple of the length of the keyword. Thus, we can exploit this weakness in the Vigenère Cipher to guess at the key length, by factoring distances between repeated segments and looking for the most common factor.

Since the distances for both repeated segments have a common factor of 3, the key is likely of length 3.

Once we have a guess for the length of the keyword that encrypted our message, we can find each letter of the key using a frequency analysis. If we separate the letters of the message into groups based on which key letter would encode them, we can guess the key letter for each group based on which letters are most frequent in the ciphertext. The most common letters in English are ETAOIN, so the most frequent letters in the ciphertext probably correspond with one of these. In this example, the key is YES.

We perform a frequency analysis on each of these three groups of letters, one group per letter in the key, to determine the key letter.

This two-step method of breaking the Vigenère Cipher, finding the key length and then finding each letter of the key, is called Kasiski Analysis, and this is the method the CIA and NSA could have used for breaking the passages on Kryptos.

Activity

Given Sanborn’s keywords for the first and second passage and how Sanborn numbered his alphabet, see if you can decode each message! (Hint: If ciphertext = message + key, then message = ciphertext — key)

Sanborn’s adapted alphabet numbering, starting with the letters of KRYPTOS.

Passage 1 Key: Palimpsest

Passage 1 Ciphertext:

EMUFPHZLRFAXYUSDJKZLDKRNSHGNFIVJ
YQTQUXQBQVYUVLLTREVJYQTMKYRDMFD

Passage 2 Key: Abscissa

Passage 2 Ciphertext:

VFPJUDEEHZWETZYVGWHKKQETGFQJNCE
GGWHKK?DQMCPFQZDQMMIAGPFXHQRLG
TIMVMZJANQLVKQEDAGDVFRPJUNGEUNA
QZGZLECGYUXUEENJTBJLBQCRTBJDFHRR
YIZETKZEMVDUFKSJHKFWHKUWQLSZFTI
HHDDDUVH?DWKBFUFPWNTDFIYCUQZERE
EVLDKFEZMOQQJLTTUGSYQPFEUNLAVIDX
FLGGTEZ?FKZBSFDQVGOGIPUFXHHDRKF
FHQNTGPUAECNUVPDJMQCLQUMUNEDFQ
ELZZVRRGKFFVOEEXBDMVPNFQXEZLGRE
DNQFMPNZGLFLPMRJQYALMGNUVPDXVKP
DQUMEBEDMHDAFMJGZNUPLGEWJLLAETG

If you found that process tedious, you’re not alone! Thank goodness we have computers to do the encryption and decryption for us! Try out our Vigenère Cipher encrypter and decrypter below:

(If this embed breaks, try another online Vigenère Cipher encrypter/decrypter here.)

When decrypted, passages 1 and 2 read as follows:

Passage 1 Plaintext:

BETWEEN SUBTLE SHADING AND THE ABSENCE OF LIGHT LIES THE NUANCE OF IQLUSION

Passage 2 Plaintext:

IT WAS TOTALLY INVISIBLE HOWS THAT POSSIBLE ? THEY USED THE EARTHS MAGNETIC FIELD X THE INFORMATION WAS GATHERED AND TRANSMITTED UNDERGRUUND TO AN UNKNOWN LOCATION X DOES LANGLEY KNOW ABOUT THIS ? THEY SHOULD ITS BURIED OUT THERE SOMEWHERE X WHO KNOWS THE EXACT LOCATION ? ONLY WW THIS WAS HIS LAST MESSAGE X THIRTY EIGHT DEGREES FIFTY SEVEN MINUTES SIX POINT FIVE SECONDS NORTH SEVENTY SEVEN DEGREES EIGHT MINUTES FORTY FOUR SECONDS WEST X LAYER TWO

The coordinates in the second passage are near the Kryptos sculpture at the CIA headquarters.

Passage 3

Sanborn used transposition ciphers on Passage 3, where he rearranged the letters in the message by fitting the text into a box, chopping out columns of the box and stacking those on top of each other, and so on. Check out this article for a visual unraveling of the third section.

Passage 3 Plaintext:

SLOWLY DESPARATLY SLOWLY THE REMAINS OF PASSAGE DEBRIS THAT ENCUMBERED THE LOWER PART OF THE DOORWAY WAS REMOVED WITH TREMBLING HANDS I MADE A TINY BREACH IN THE UPPER LEFT HAND CORNER AND THEN WIDENING THE HOLE A LITTLE I INSERTED THE CANDLE AND PEERED IN THE HOT AIR ESCAPING FROM THE CHAMBER CAUSED THE FLAME TO FLICKER BUT PRESENTLY DETAILS OF THE ROOM WITHIN EMERGED FROM THE MIST X CAN YOU SEE ANYTHING Q ?

In this passage, Sanborn paraphrases archaeologist Howard Carter’s account of raiding the Egyptian pharaoh King Tutankhamun’s tomb for the first time.

Passage 4

The fourth passage still remains to be decrypted, even after 30 years. Over the past decade, Sanborn has revealed four clues about the plaintext, as shown below:

Clues given thus far regarding the plaintext of the fourth passage.

This passage is hard to decrypt because we don’t know Sanborn’s method or key, and there are so few letters that any kind of frequency analysis would be difficult. For example, if we were breaking a Vigenère cipher with a key length of 5 on a passage of length 100, we would need to perform a frequency analysis on groups of 20 letters, which is too small for accurate results.

If you’d like to try decrypting passage 4 yourself, here are all 100 letters in a copy and paste-able form:

Passage 4 Ciphertext:

OBKR
UOXOGHULBSOLIFBBWFLRVQQPRNGKSSO
TWTQSJQSSEKZZWATJKLUDIAWINFBNYP
VTTMZFPKWGDKZXTJCDIGKUHUAUEKCAR

While the encryption technique for the fourth passage remains a mystery, in all likelihood it is a simple method. Sanborn is a sculptor, not a cryptographer, and he only learned cryptography in order to make the statue. Sanborn, now 75, has stated that if he dies before the fourth passage is decrypted, the solution will be put up for auction. Thus, regardless of how long it takes, someone will be able to verify the solution when Passage 4 is finally decrypted.

Kryptos and Theory of Computation

We chose the Kryptos sculpture because it is a great real-world example of how breaking ciphers can be extremely difficult without knowing the key or method, especially on short passages of plaintext. We also enjoyed seeing how a method for breaking a more complicated cipher (the Vigenère cipher/Kasiski analysis) was built on a simpler method we learned in class (the Caesar cipher/frequency analysis), and we thought the Vigenère cipher’s method of matching plaintext letters to key letters reminded us of a one-time pad, but with a key much shorter than the length of the message. Kryptos shows us that amateur cryptographers with Theory of Computation-level skills have the power to build fairly complex encryptions!

Contributions

Kathleen Hablutzel: Discussed the cryptographic methods for each passage and the connections to Theory of Computation, coded the Vigenère encrypter/decrypter, created figures, compiled the blog post and additional readings section.

Zampa Provenzale: Wrote introduction and compiled video clips and voice over.