It’s interesting to compare Kryptos and its unique history with the assertion proposed by Auguste Kerckhoffs that a cryptosystem should remain secure if everything but the keys were public knowledge. While the keys are theoretically given to us within the Kryptos installation, they are currently unknown so it is conceivable that Kryptos fulfills the conditions of the principle albeit unintentionally.

Design Principles:

  1. The system must be practically, if not mathematically, indecipherable;
  2. It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
  3. Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
  4. It must be applicable to telegraphic correspondence;
  5. It must be portable, and its usage and function must not require the concourse of several people;
  6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.

#1, for all intents and purposes K4 is indecipherable practically and mathematically (at this point). #2, Kryptos is in an open courtyard and the transcript is even provided by the CIA online. #3, the key(s) theoretically exist, are retrievable, will exist as long as the sculpture does but will remain the same forever. #4, if telegraphic is equivalent to internet communications then definitely as most of us have never seen it. #5, again, while for the final solution we need to be at the courtyard; the actual ciphertext is available worldwide. #6, I think we can all agree it was meant to be solvable and not impossible.

In many ways, despite the intentions of its authors, Kryptos presents a secure cryptosystem.