It’s interesting to compare Kryptos and its unique history with the assertion proposed by Auguste Kerckhoffs that a cryptosystem should remain secure if everything but the keys were public knowledge. While the keys are theoretically given to us within the Kryptos installation, they are currently unknown so it is conceivable that Kryptos fulfills the conditions of the principle albeit unintentionally.
Design Principles:
- The system must be practically, if not mathematically, indecipherable;
- It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
- Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
- It must be applicable to telegraphic correspondence;
- It must be portable, and its usage and function must not require the concourse of several people;
- Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
#1, for all intents and purposes K4 is indecipherable practically and mathematically (at this point). #2, Kryptos is in an open courtyard and the transcript is even provided by the CIA online. #3, the key(s) theoretically exist, are retrievable, will exist as long as the sculpture does but will remain the same forever. #4, if telegraphic is equivalent to internet communications then definitely as most of us have never seen it. #5, again, while for the final solution we need to be at the courtyard; the actual ciphertext is available worldwide. #6, I think we can all agree it was meant to be solvable and not impossible.
In many ways, despite the intentions of its authors, Kryptos presents a secure cryptosystem.
Obviously.
There are two things that make it different though. The first is that K4 is very short. Even then, we don’t know if it’s 97 or more characters. It could be less. That’s not a lot to go on. Second, there is tons of information that precedes it. So you can hide keys and other things within it without attracting TOO much attention. Sure, the misspellings are interesting, but how many people have the time to hide the keys and perhaps even the ciphertext in this manner? Most encryptions use one algorithm. Even if it’s a compound algorithm, it’s the same procedure the entire way through. No so with Kryptos.
Perhaps this multiplicity is actually making K4 more secure than even Kerckhoffs’ Principle’s would suggest. Not only can you hide the keys and ciphers, but you can also create misdirections.
Can we really say it’s not the same with Kryptos though? The deviation from Kerckhoffs results from the intention, it’s intended more as a riddle/puzzle/game and can therefore have separate parts. Instead of trying to impart a message to an agent, it’s set up to challenge us. It’s basically just a 5-6 part riddle that uses cryptology. The Morse code, K1, K2 and K3 all technically use one algorithm for enciphering/deciphering. How can we say K4 is more than a compound algorithm or a masking technique covering a cipher? Besides an abundance of misunderstood clues, hints, misdirection and lack of progress that can be explained away as part of the game; how can we assume it’s something more exotic?
We could assume it’s something weird because no one has solved it. Or just that no one really cares anymore.