On September 2, 2025, a remarkable chapter in the history of cryptography came to a close when journalists Jarett Kobek and Richard Byrne uncovered the solution to the long-unsolved fourth encrypted message on the Kryptos sculpture, located outside the CIA headquarters in Virginia. This discovery ended a 35-year mystery that had fascinated cryptographers, art lovers, and intelligence enthusiasts alike. The story of Kryptos is not just a tale of secret codes; it is a microcosm of the evolving relationship between code makers and code breakers—a relationship that has shaped information security for thousands of years.
### The Kryptos Sculpture and Its Enigmatic Messages
Kryptos is a copper sculpture created by artist Jim Sanborn and installed in 1990 at CIA headquarters. It contains four encrypted messages, known as K1, K2, K3, and K4. The first three messages were solved in the 1990s, relatively soon after the sculpture’s unveiling. However, the fourth message, K4, remained an unbroken cipher for over three decades. It was a 97-character sequence that resisted all attempts at decryption—until the recent discovery in the Smithsonian archives revealed its plaintext.
### The Basics of Cryptography: From Caesar to Kryptos
Understanding how Kryptos was decoded requires a brief journey into the fundamentals of cryptography—the science of secret writing. At its core, cryptography aims to transmit messages securely so that only intended recipients can read them, while eavesdroppers see only meaningless gibberish. The original message is called the plaintext, and the transformed, unreadable version is the ciphertext. The process of converting plaintext into ciphertext is encryption, and reversing it is decryption, typically requiring a secret key shared between sender and receiver.
One of the earliest known encryption methods is the Caesar cipher, named after Julius Caesar, who used it to protect his communications. This cipher shifts each letter of the alphabet by a fixed number. For example, shifting by five turns “HELLO” into “MJQQT.” While clever for its time, the Caesar cipher is easily broken today because there are only 25 possible shifts to try.
Building on this idea, the substitution cipher replaces each letter with another letter, according to a scrambled alphabet. This dramatically increases the number of possible keys—from 25 in the Caesar cipher to over 403 septillion (26 factorial) in the substitution cipher. However, substitution ciphers are still vulnerable because they preserve the frequency of letters. For instance, the letter “E” is the most common in English, appearing about 12% of the time. A ciphertext letter that appears most frequently likely corresponds to “E.” Cryptanalysts use such frequency analysis to break substitution ciphers.
### The Vigenère Cipher and the First Two Kryptos Messages
Sanborn used the Vigenère cipher for the first two Kryptos messages, K1 and K2. Invented in the 16th century, the Vigenère cipher was once considered unbreakable and earned the nickname “le chiffre indéchiffrable” (the indecipherable cipher). Unlike simple substitution or Caesar ciphers, the Vigenère cipher applies multiple Caesar shifts in sequence, cycling through different shift values determined by a keyword.
For example, if the key is “SPY,” the first letter of the plaintext is shifted by 19 (S is the 19th letter), the second by 16 (P), the third by 25 (Y), and then the pattern repeats. This method frustrates straightforward frequency analysis because the same plaintext letter can be encrypted differently depending on its position.
However, the cipher can be broken if the key length is known or guessed. By isolating every nth letter corresponding to a particular key letter, cryptanalysts can apply frequency analysis to each subset, effectively reducing the problem back to simple Caesar ciphers. This approach was used to decipher K1 and K2, which were encrypted with the keys “PALIMPSEST” and “ABSCISSA,” respectively. Sanborn also used a modified alphabet for the shifts, which was etched onto the sculpture itself.
### The Transposition Cipher and the Third Kryptos Message
For the third encrypted message, K3, Sanborn switched to a transposition cipher. Instead of substituting letters, this cipher jumbles the letters of the plaintext according to a specific pattern or key, akin to an elaborate anagram. Unlike substitution c