Jim Sanborn - Open Letter

➤A few days ago Jim Sanborn made an announcement - he wrote an open letter to the community, which is shown below and be accessed here [2]: 

Nov 12, 2025

Another open letter to the kryptos community:

K4 has not been solved or decrypted. The scrambled plain text was found, but without the coding method or key, this is a very important distinction. The method of decryption also known as the Key is in this auction and is still very much a secret. As is the discovered plain text which is still unpublished, In fact several people have seen the K4 plain text over the years but have chosen to not release it for the greater good and have long since forgotten what it says.

Todays K4 clues:

1. Two events had a significant role to play while I was writing the plain text of Kryptos in 1988.The first was my second trip to Egypt in late 1986, and the second was the fall of the Berlin Wall
   
   
2. The Berlin Clock in K4 is the World Clock in Berlin that was the gathering place for the crowds that brought down the Berlin wall.
   
   
3. The Codes of Kryptos from the morse code at the beginning through K5 are about delivering a message.
   
   
4. I have hinted at the existence of something following K4 dozens of times in interviews over the decades. The Kryptos K2 plain text even reads "its buried out there somewhere"

But you also must understand that during the construction of Kryptos my activities were carefully monitored, as were the activities of my employees. Each of us had an escort (my escort badge is in this auction) who was with us, always, yes even during bathroom breaks. In addition, each evening our sites were electronically scanned for anything we left behind.

We are doingserious heavy construction, excavating, moving tons of earth and stone and pouring Concrete. If I were to leave something there on site it would have to be semi-ephemeral, undetectable and carefully hidden.

Proof-of-Concept piece: In 1988 When I was designing Kryptos and after I decided to use code, I had to know if and how long it would take to cut 2000 letters through heavy copper plate, and would it distort the cut letters when it was rolled into a curve. So, I made the heavy copper "proof-of-Concept" piece that is in the auction just to be sure I could do it.        

Multiple Versions: In a similar way whenI wrote the plain text sections K1-K4 l had to be sure that the words and the coded letters would fit on the curved copper panel, iustified margin to margin top to bottom, so I made multiple versions of the text, with different lengths and coding. Onlya couple survive today, and both are in the auction.

Kryptos Endings: In 1988, Just like in the cinema industry, I also made several "endings" to Kryptos and had to decide which one to choose. I assumed that the Morse code and K1-K3 would be decrypted very quickly a year at the outside, and I thought K4 would fall with new Technology in ten years. But did I really want it to end that soon?

Of course not! so I made multiple "alternate" scenarios. Only one of them has survived and is in the auction and is now referred to as K5.

Why am I talking about K1-5 now, it's because the winner of this auction, the new Krypos Keeper, has to have this information to maintain Krvptos's authenticity and have the right and potential license, to release K5, announce new clues and verify decrypts from where ever the Keeper is located.

K5 Hints: As I just said, I fully expected that K4 would be cracked many years ago and that an "alternate scenario" would have been announced at that time. But because of intervening decades and the imminent transfer of Kryptos at auction to a new keeper, and other recent events I must roughly define what K5 is:

K5 is 97 characters long, has a similar coding system to K4. has the words BERLINCLOCK in the same position as in K4, and at the discretion of the new owner other K5 Clues may be announced after its released.

When, and if, K5 is released it will also have more global reach and most importantly since the K5 code is not physically on the serpentine screen at CIA a copy of it will however be accessible to the public and be located in a public space.

About Kryptos Followers: To clear up some confusion in the press I have found that in 30 years of responding to thousands of potential decryptors that only one person responded in a hostile manner, that's kind of amazing really because I was delivering unwelcome news to many people who had worked sometimes for years on Kryptos. Thousands of code breakers from around the world have been very polite, deferential and engaging.

The Avatar: In the last few months l have been working with a serious innovator in the Al voice industry on an automatic system for responding to Kryptos code enguiries. This sophisticated system developed by lgor Jablokov at Pryon Corporation will eliminate the burden of manually verifying K4 and K5 decryptions. This system can be transferred to the new Kryptos Keeper after the auction if they would like to use it.

That's it, all the best, Jim Sanborn

"Mighty" Euler Quotients

 ▉ Fermat quotients have been mentioned several times in this blog. The definition is 

\begin{equation}q_p(2) = \frac{2^{p-1}-1}{p},\;\;p \in \mathbb{P} \end{equation} One can extend this definition to composite integers $n$, which are called Euler quotients. \begin{equation} q^*_n(2) = \frac{2^{\varphi(n)}-1}{n},\;\;n \in \mathbb{N} \end{equation} In this short post, i would like to demonstrate the power of these Euler Quotients.

 

Suppose you have an Oracle $\mathcal{O}$ that, given an integer $n$, returns $q^*_n(2)$. Only one such query is allowed. We treat $q^*_n(2)$ simply as a binary string and show that this string contains enough information to compute things that are otherwise hard to compute.

Therefore we assume that $n=p\cdot q$, for two distinct primes $p,q$ of the form $p \equiv q \equiv 7\pmod{8}$ and $2$ has order exactly $(p-1)/2$ and $(q-1)/2$ respectively. 

Then you can use the $q^*_n(2)$ to compute the following information:

1. Factorization of $n$. The term $(2^{\varphi(n)}-1)$ is an integer with $\varphi(n)$ bits. If we let $m$ be the bitlength of $n$, we can conclude that $q^*_n(2)$ is an integer of length $\varphi(n)-m-1$. Hence we get 

\begin{equation} \lfloor \text{log}_2(q^*_n(2))\rfloor + \lfloor \text{log}_2(n)\rfloor + 1 = \varphi(n) \end{equation}

From $\varphi(n)$ you can trivially compute $p,q$, since \begin{equation} \varphi(n) = (p-1)(q-1) = n-(p+q)+1\end{equation} From this you get $p+q$ and and hence $p$ and $q$. According to the law of quadratic reciprocity, it holds that $\binom{p}{q}\binom{q}{p} = -1$ ,for two primes of the given form. We assume w.l.o.g $\binom{q}{p} = -1$ ($\binom{\cdot}{\cdot}$ is the Legendre symbol.)

2. Class number h(-p). Point 1 was not particularly surprising. However one could compute the class number $h(-p)$, which is related to the Hamming Weight (HW) of $q^*_n(2)$. (Note: $h(-q)$ can not be computed in this way, due to the Legendre symbol $\binom{p}{q} = 1$). The relationship is \begin{equation} \frac{\text{HW}(q^*_n(2))}{4} = \frac{\varphi(n)}{8} - \frac{h(-p)}{2} \end{equation} hence

\begin{equation} \frac{\varphi(n)}{4} -  \frac{\text{HW}(q^*_n(2))}{2} = h(-p)\end{equation}

3. Class number h(-n). The class number is related to the number of "real" quadratic residues $<n/4$, i.e. all integers $<n/4$ with $\binom{i}{q}=\binom{i}{p}=1$. Therefore, counting the number of consecutive pairs of $0$s in the binary representation of $q^*_n(2)$ is sufficient. We denote this with $C(q_n^*(2), [0, 0])$. However, we must prepend leading zeros to the binary representation of $q_n^*(2)$ so that its length is exactly $\varphi(n)$. 

\begin{equation} 2C(q^*_n(2),[0,0])- 4h(-p)- 2\left(\left\lfloor \frac{n}{4} \right\rfloor - \left\lfloor \frac{q}{4} \right\rfloor - \left\lfloor \frac{p}{4} \right\rfloor\right) = h(-n) \end{equation}

4. Class number h(-q). Here we do a little trick. We multiply $q^*_n(2)$ by $p$ and then compute its Hamming weight:

\begin{align} &\frac{q-1}{2} - 2\left(\frac{2}{p-1}\frac{\text{HW}(p\cdot q^*_n(2))}{4}\right)
= \frac{q-1}{2} - \frac{\text{HW}(p\cdot q^*_n(2))}{p-1}
= h(-q)
\end{align}

Note: For all information above ($\varphi(n), h(-p), h(-q), h(-n))$ that we got from $q^*_n(2)$ there exist no efficient algorithm if $n$ is large (except in special cases).

Example

Ed Scheidts Mayan Symbols

 ▉ In this post I want to talk about a thing from the Kryptos universe that are not directly related to the statue.

▉ Mayan Symbols ▉

I think everyone who knows Kryptos knows Ed Scheidt. The former Chairman of the Cryptographic Center at the CIA and founder of the cryptosystems used around the Kryptos statue. As already shown in Part 4 of my Kryptos series, in the driveway of Ed Scheidts house, there are two symbols:

Figure 1 - Garage driveway of Ed Scheidt

We denote the left symbol set with $S_1$ and the right one with $S_2$. It took me a while to find his house on Google Maps - Street View. To save you some time, here is the link with a view on the driveway. I you go back in time in Streetview, you can see that the symbols were already there in 2012. But it is impossible to say when they were built. $S_1$ is clearly visible from the street, $S_2$ is hidden in the view. But you can use Maps (iOS) to see their positions (See Figure 2):

Figure 2 - Birds view of the driveway with marked positions of the two symbols

Proof: Otherwise you could break X

⬛ Some of you may be familiar with this situation. From time to time you find yourself thinking about a new approach to a problem that you know is difficult. And although you know that you should
probably be doing something more productive, you try new ideas to tackle the problems.

And every now and then you stumble across a more or less basic fact that prevents your idea from working. I will try to give some examples that may surprise you. I will focus on the three main problems: discrete logarithm problem, factorization problem and the class number computation problem.

Often the examples come from situations that similar to:

    Alice: "I have a great idea. What if you could find some object O that has property P and Q."

    Bob: "Perfect, O is well known and P and Q seem not that restrictive."

A few days later.

    Alice: "I can not find such an object. All objects either have P or Q but not both."

    Bob: "Yeah, you are right, probably there is some theorem that we don't know."

There are probably many more examples or better ones. But at least all of the three examples below crossed my road during the last years.

Kryptos - The Cipher (Part 5)

ONE of the most surprising facts about Kryptos is that no one has yet discovered the expected way to find the keywords for K1 and K2. And perhaps this missing fact is the key to why we are stuck with K4. I don't think Sanborn wanted us to bruteforce the solutions (as we did), but somehow left a clue that we haven't seen yet.

Most people believe, that the morse code messages around Kryptos should somehow encode at least the first codeword for K1 (= Palimpsest). That's why the Morse code message are often called K0.

The Morse code messages are part of two pieces of granite with contained copper plates. I found two very interesting drawings of these two installations by Monet Friedrich on [1]: