Skip to main content

Featured Post

Kryptos - The Cipher (Part 4) - Correctly positioned decryption of the word BERLIN

EASTNORTHEAST - This is not exactly the hint Jim Sanborn (JS) gave for K4 on the 29th of January this year. He only gave NORTHEAST - which refers to the positions 26-34 of K4's plaintext.  Beside BERLIN and CLOCK it is the third revealed plaintext word of K4. However, also this hint does not seem to help much.  However, it just so happened, that a member in the yahoo kryptos group had a conversation with Jim Sanborn due to a submitted solution. Sandborn's answer to the question contained again the last clue which surprisingly was EASTNORTHEAST at position 22-34. Jim Sanborns compass rose at CIA There is disagreement if Jim revealed this on purpose or he did it accidentially, but the new extended clue seem to be serious and valid.Interestingly, EASTNORTHEAST is exactly the direction which is illustrated on the compass rose on one of the stones around kryptos, also created by Jim Sanborn. Actually, i dont really kn...

Kryptos - The Cipher (Part 6-c) - Equal letter frequencies for two K4 groups

In this post I want to revisit an observation from years ago that seems to address K4 directly. It begins with a simple experiment: split the K4 ciphertext at every W. Once you do that, an unexpected frequency pattern emerges. A related discussion can be found in [1]

For a quick introduction, I put together a short video that explains the basic idea behind this “W-splitting” approach.

Video: Overview of the W-Splitting phenomenon

Collection of Facts

So, actually there are some surprising facts that come together here.

  1. The letter 'W' is distributed in such a way that K4 can be split into blocks of a reasonable length.

                               OBKR
    UOXOGHULBSOLIFBBWFLRVQQPRNGKSSO
    TWTQSJQSSEKZZWATJKLUDIAWINFBNYP
    VTTMZFPKWGDKZXTJCDIGKUHUAUEKCAR

    Each of the blocks has a suitable length to contain one or more english words.

    B1 = OBKRUOXOGHULBSOLIFBB
    B2 = FLRVQQPRNGKSSOT
    B3 = TQSJQSSEKZZ
    B4 = ATJKLUDIA
    B5 = INFBNYPVTTMZFPK
    B6 = GDKZXTJCDIGKUHUAUEKCAR
    
  2. Using 'W' as the splitting indicator removes one letter completely from the ciphertext. This leaves us with an alphabet of size 25. This may be suitable for some suggested approaches, such as using Polybius squares, but may cause problems for others.

  3. The known plaintext clues fit perfectly into the blocks without overlapping. Hence the blocks probably also reveal word boundaries, if we assume that words dont fall into two different blocks.

    B1 = OBKRUOXOGHULBSOLIFBB
    B2 = EASTNORTHEASTOT
    B3 = TQSJQSSEKZZ
    B4 = ATJKLUDIA
    B5 = INFBBERLINCLOCK
    B6 = GDKZXTJCDIGKUHUAUEKCAR
    

    You could speculate the "OT" after "EASTNORTHEAST" perhaps is "OF" or "TO" and the form letters "INFB" before "BERLINCLOCK" maybe something like "FROM".

  4. The six blocks are arranged into two groups but not arbitrarily, but based on their parity.

    Group 1
    B1 = OBKRUOXOGHULBSOLIFBB
    B3 = TQSJQSSEKZZ
    B5 = INFBNYPVTTMZFPK
    
    Group 2
    B2 = FLRVQQPRNGKSSOT
    B4 = ATJKLUDIA
    B6 = GDKZXTJCDIGKUHUAUEKCAR
  5. The two groups have the same number of letters (46), which is necessary for the most prominent feature: the frequency distribution of the letters in the two blocks is identical.

Letter frequency - Group 1
5
B
4
O
4
S
3
F
3
K
3
T
3
Z
2
I
2
L
2
N
2
P
2
Q
2
U
1
E
1
G
1
H
1
J
1
M
1
R
1
V
1
X
1
Y
0
A
0
C
0
D
0
W
Letter frequency - Group 2
5
K
4
A
4
U
3
D
3
G
3
R
3
T
2
C
2
I
2
J
2
L
2
Q
2
S
1
E
1
F
1
H
1
N
1
O
1
P
1
V
1
X
1
Z
0
B
0
M
0
W
0
Y

The labels differ, but the histogram shape is exactly the same in both groups.

Speculations

So how could such a pattern arise? Whatever the explanation is, it does not look like the accidental by-product of an ordinary cipher. Standard substitutions, transpositions, or Vigenère-like methods can certainly produce local irregularities, but they do not naturally produce two parity-based groups of equal length that also share an identical frequency profile after splitting on a single letter. That does not rule such methods out completely, but it strongly suggests that some additional organizing rule is present.

I asked Sanborn if he was surprised that K4 has remained unsolved for 35 years. He was not. The K4 code was devised “in collaboration with a cryptographer who encrypts national security secrets”, Sanborn said.

I asked if a solution existed at all. What better way to ensure the long shelf life of a cipher and there- fore a sculpture? What cleverer bit of conceptual art at the heart of the American intelligence com- munity? He shrugged this off.

“It is a solid system, and I fucked with it.”
“What do you mean you fucked with it?”
“I can’t say.”

Interview Jim Sanborn - Financial Times Weekend

This statement—“It is a solid system, and I fucked with it.”—has always stood out to me. It suggests that K4 may not be based on a fundamentally new cipher, but rather on a known, “solid” construction that was deliberately altered. In other words: the difficulty might not come from the core method itself, but from the way it has been modified.

You can easily take a solid system then "fuck with it" - i.e. change/tweak it in some direction - to make a new or even (in your eyes) harder system. And that kind of modification can go in very different directions. Starting from a sound system, even small tweaks can have disproportionate effects:

  1. The system may become unintentionally weaker
  2. The system may lose uniqueness (multiple valid decryptions)
  3. The system gets too hard to be broken by current methods

The last point is particularly interesting in the context of the observations above. A carefully—or even carelessly—introduced constraint could force the ciphertext into exhibiting artificial symmetries, such as the identical frequency profiles seen in the two groups. This would not necessarily strengthen the cipher in a classical sense, but it could significantly obscure its structure and mislead standard analytical approaches.

From that perspective, the W-splitting phenomenon might not be a coincidence at all, but a side effect of such a “tampering” step. Perhaps two components were combined under an additional rule. Perhaps a balancing constraint was imposed. Or perhaps a transformation was applied that preserves certain global statistics while destroying local interpretability.

However, this also raises a more uncomfortable possibility: what if the modification was not clean? If the system was “messed with” in a way that breaks some of the usual assumptions cryptanalysts rely on, then we may be facing something that is not just difficult—but structurally awkward. Not unsolvable, but resistant to the kinds of methods we instinctively try first.

In that sense, the symmetry observed here might be less of a direct clue and more of a warning. It tells us that something artificial is going on—but not necessarily what. Any convincing approach to K4 should therefore not only explain the ciphertext, but also account for these imposed regularities. Ignoring them feels risky. Over-interpreting them may be just as dangerous.

So perhaps the right takeaway is this: instead of asking which cipher produces K4, we may need to ask which cipher, once “fucked with”, produces something that looks like this.

[1] https://glthr.com/a-fresh-perspective-on-kryptos-k4

Comments

  1. This was also covered in a stack exchange discussion in the mid 2010's as perhaps you are aware. The other interesting point that came up was that if you split the Morse code pairs into the two groups you get almost identical frequency analysis.

    And even better if you change the unknown R in RQ to C, CQ being an actual short hand for "General Call" to anyone listening, then you get perfect frequency match between the two groups. Credits to Bobson on that stack exchange post.

    Sorry if this was already known info, but it is interesting that again the Morse code may still hold clues. Love the blog coverage, keep up the great work.

    ReplyDelete
    Replies
    1. To add I should have mentioned that the Morse code example ignored the two pairs with incomplete words (ie digetal interpretati / tisyour position). So in that way it is like a lot of the Morse clues, there is always a bit of a question of how one is meant to take certain parts and not others. Here perhaps it was the fact those sets were incomplete words and thus disregarded.

      Delete
    2. Hi, thank you very much. I wasn't familiar with that, but I'll definitely check it out.

      Delete

Post a Comment

Popular posts from this blog

Kryptos - The Cipher (Part 4) - Correctly positioned decryption of the word BERLIN

EASTNORTHEAST - This is not exactly the hint Jim Sanborn (JS) gave for K4 on the 29th of January this year. He only gave NORTHEAST - which refers to the positions 26-34 of K4's plaintext.  Beside BERLIN and CLOCK it is the third revealed plaintext word of K4. However, also this hint does not seem to help much.  However, it just so happened, that a member in the yahoo kryptos group had a conversation with Jim Sanborn due to a submitted solution. Sandborn's answer to the question contained again the last clue which surprisingly was EASTNORTHEAST at position 22-34. Jim Sanborns compass rose at CIA There is disagreement if Jim revealed this on purpose or he did it accidentially, but the new extended clue seem to be serious and valid.Interestingly, EASTNORTHEAST is exactly the direction which is illustrated on the compass rose on one of the stones around kryptos, also created by Jim Sanborn. Actually, i dont really kn...

Kryptos - The Cipher (Part 1) - Introduction

Introduction. Since I think that KRYPTOS does not need any introduction, I will only give you a brief description of one of the most famous and only partially solved ciphers known today: KRYPTOS - Von Jim Sanborn - Jim Sanborn, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=8253447 KRYPTOS was constructed in Nov. 1990 on the ground of the CIA Headquarter in Langley, Virginia by Jim Sanborn It contains 4 ciphers (K1,K2,K3,K4) on its left side and some kind of Vigenère-Table on its right side K1, K2 and K3 were solved by James Gillogly in 1999. Afterwards, the CIA and later the NSA claimed that they had a solution to the first three ciphers at an earlier point in time Ed Scheidt, a cryptoanalyst and former director of the CIA, gave Sanborn the input of possible cryptographic techniques to use K1 is a variant of the Vigenère-Cipher (Quagmire 3) with the codewords KRYPTOS and PALIMPSES...

Kryptos - The Cipher (Part 3) - K4 Intentional vs. non-intentional errors

This post is about is more or less a collection of several approaches and facts that has been said as well as some speculations. B-ary integer representation According to [1] during a Question and Answer round, Jim Sanborn was asked again about the hint BERLIN. The question was if N decodes to B, Y decodes to E, etc, etc. and Jim confirmed it does. Emphatically . It is written, that Jim Sanborn rattled through the entire crib: \begin{align}   \texttt{N} &\stackrel{\text{decode}}{\rightarrow} \texttt{B} \\   \texttt{Y} &\stackrel{\text{decode}}{\rightarrow}  \texttt{E} \\   \texttt{P} &\stackrel{\text{decode}}{\rightarrow}  \texttt{R} \\   \texttt{V} &\stackrel{\text{decode}}{\rightarrow}  \texttt{L} \\   \texttt{T} &\stackrel{\text{decode}}{\rightarrow}  \texttt{I} \\   \texttt{T} &\stackrel{\text{decode}}{\rightarrow}  \texttt{N} \end{align} When the same q...