What may be one of CIA’s best kept secret may be about to be exposed. In 1989 a DC sculptor named James Sanborn was commissioned to erect statuary in the CIA courtyard to commemorate the opening of the new CIA headquarters building in Langley, Virginia. The statuary, consisting of a copper screen 8-feet by 12-feet in size, is curved in the shape of an ancient scroll. The letters of an encrypted message, consisting of four parts, were punched into the half-inch copper, and the statuary was given the codename “Kryptos.”  Three of the cipher messages were solved within ten years, but no one has been able to crack the final part of the Kryptos puzzle. Not for lack of trying. For many thousands of would-be code crackers worldwide, Kryptos has become an object of obsession. Dan Brown has even referred to it in his novels.


Getting a bit frustrated by the wait, the sculptor who created Kryptos, has offered a clue. He has provided the answers to six letters in the sculpture’s final 97 character passage. The six cipher letters are NYPVTT and when deciphered, they read BERLIN. This leaves 91 more cipher letters to be solved. Before going to CIA I had worked at NSA as a foreign language cryptanalyst, with experience in low-level hand ciphers (graph paper and pencil) not unlike those used in Kryptos. In 1997 during a visit to CIA hqs, I had some success in identifying the underlying cipher systems in the first three parts of Kryptos (see: kryptos-cia.com). These three ciphers were successfully solved shortly thereafter by a CIA computer scientist.   


I was unable to identify Part-IV, the final 97 letter cipher system, but I was convinced that it was a hand system, not computer-generated, and not an unbreakable “one-time pad.”  I have suggested in CIA and NSA newsletters, that the final part of Kryptos may be a “Playfair” system. A 5 x 5 matrix containing a 25-letter alphabet, with letters I & J occupying the same cell.  It can be used by anyone with a few minutes practice, and it can be a very secure system. My guess is the 25-letter A-Z alphabet in the matrix is mixed with a “keyword,” such as the word Kryptos, which was used as a keyword in the first two Kryptos ciphers.


During WW2 the German army used a Playfair system for some of their tactical messages. They made it more secure by double-encryption – first enciphering the plain text letters, and then re-enciphering the cipher text letters!   A mathematician named Mariam Rajewski, from the Polish intelligence service, was employed by the British to break German “double-Playfair” messages.  Actually it was Rejewski who broke the famous German “Enigma” cipher, and incorporated his decryption algorithm into an electro-mechanical apparatus called the “bombe,” used to recover key changes. For decades the British code service at Bletchley Park has taken credit for breaking the Enigma and designing the bombe. The bombe was exfiltrated from Poland just ahead of the German advance. Because he was a foreign national Rejewski was not allowed into the top secret facilities, but was employed outside Bletchley Park breaking German double-Playfair messages.


Because the clue is letter-for-letter, six cipher letters NYPVTT for six plaintext letters BERLIN, I believe that the unbroken Kryptos cipher may be a double-playfair. The other possibility is what was known at NSA as a “running-key sequence,” placing the plaintext letters over the letters of a verse from the Bible, a newspaper article, a weather report, and applying a numerical additive—a very secure and very handy system, requiring no books or cipher materials, when in the field under deep cover. The only requirement is predetermined articles from a newspaper, financial page, racing results, or verse from the King James bible!


Richard Gay of Blue Hill is a former NSA operations officer, and CIA operative overseas in the Clandestine Service.