Kryptos

Kryptos is one of the most famous cryptographic mysteries of our time.

Since its unveiling at CIA headquarters in 1990, Jim Sanborn's sculpture has taunted the world's best codebreakers and puzzle enthusiasts. The NSA solved three of the four passages of its encrypted message. So did Jim Gillogly, a California cryptographer, working alone in 1999. But the fourth passage, K4, has remained unsolved for more than three decades.

When Jim put his private Kryptos archive up for auction in November of last year, we knew we wanted to play a part in protecting this unique piece of cryptographic history. We’re honored to announce that we are the new stewards of the Kryptos secret. And in keeping with our love of puzzles, we decided not to ruin the mystery even for ourselves: We worked with Jim and used modern cryptography to set up an automated system to verify submissions without us ever seeing the answer.

We also want to encourage the development of more sophisticated techniques for solving the puzzle. So, in addition to unveiling a new site for K4, we’re hosting an ongoing capture-the-flag-style challenge featuring 10 new puzzles we created, each with a $1,000 prize.

Securing Kryptos from everyone — even ourselves

Cryptography makes digital trust possible. It's why you can send a message only one person can read, and why digital money works without banks. It's also puzzle-solving at its purest.

For Kryptos, we’re keeping K4’s answer secret from ourselves, while preserving our ability to verify if submissions are correct. We used one-way cryptographic functions and secure hardware to lock Jim's answer in a system that confirms correct solutions without anyone (including us) ever seeing what he wrote.

You can see the answers to K1, K2 and K3 on our new site, and when you think you've solved K4, you can submit your answer there as well. The verifier checks it against a solution that Sanborn provided. To prevent brute forcing the solution, there’s a $1 fee to submit an answer.

Sanborn also provided the ciphertext for another 97-character puzzle, known as K5, that he created at the same time. We plan to release K5 in the future.

Kryptos has endured for more than 13,000 days. Thousands have tried to crack it. CIA employees walk past it every day. It's been featured in novels, analyzed in academic papers, and debated in forums worldwide.

But it's still unsolved.

The clues are out there. The tools are better than ever. And now there's an automated system that verifies your solution instantly. It’s your turn to try to solve K4.

Q&A

What is the capture-the-flag challenge?

We want to encourage the development of tools to better attack problems like K4. There has been an explosion in AI-assisted attempts on Kryptos, but none have succeeded yet. One possible reason is that there is no feedback loop that solvers can use to test if their tools are getting better at attacking these kinds of problems.

Our virtual capture-the-flag challenge features 10 new Kryptos-style puzzles of increasing difficulty. Anyone can participate. The challenge is live now and there will be cash prizes of $1,000 for the first solver of each puzzle. The puzzles and leaderboard will remain open until the puzzles are solved. Official rules can be found here.

How does your technical solution for K4 verification work?

We set up a new computer with a terminal for Jim to enter the plaintext solution to K4. On that device, a program ran the plaintext through a one-way function (a SHA256 hash). It sent the hash to Google’s Cloud Key Management Service, which generated a unique verification tag (a hash-based message authentication code, or HMAC) that can only be reproduced by sending a SHA256 hash of the plaintext to the same cloud-based key. The plaintext never left the device, and we wiped the laptop afterward.

What do I get if I solve K4?

The answer.

Special acknowledgment to Dave White and samczsun for their partnership and help throughout this project.