Frequently Asked Questions

No. As of 2026, K4 remains unsolved after over 35 years. The public does not know either the full plaintext or the encryption method.

Over 502 experiments covering 671.0B++ configurations have been run, testing every major classical cipher family: Vigenère, Beaufort, columnar transposition, Playfair, Bifid, running keys, and more. All single-layer classical ciphers have been eliminated under direct positional correspondence (where ciphertext position N maps directly to plaintext position N). These eliminations do not rule out the same families as one layer of a multi-layer construction. Browse the full database to see what has been tested.

Yes. This is one of the most common suggestions we receive, and we’ve tested it extensively. We combined 14 different letter-rearrangement methods (columnar grids at all widths, rail fence, spiral, zigzag, double columnar, and more) with keyed substitution (Vigenère, Beaufort, and Variant Beaufort with every possible key length). Over 1.2 billion combinations were tested. None produced a solution.

We also mathematically proved that for 17 out of 25 possible key lengths, no rearrangement of any kind — not just the structured ones — can produce a valid solution with a repeating-key cipher. This proof holds for all 97! possible letter orderings (a number with 152 digits).

However, some combinations remain open: if the substitution uses a non-repeating key (like a passage from a book), the rearrangement + substitution model is still possible. This is still an open residual family, though the April 2026 audit no longer treats it as the project’s leading hypothesis. See the multi-layer category for full details.

K4 has 97 characters. The number of possible rearrangements of 97 characters is 97! (97 factorial), which equals approximately 10¹⁵². For comparison, there are roughly 10⁸⁰ atoms in the observable universe. Even if every atom in the universe were a computer testing one billion rearrangements per second, running for the entire age of the universe, you’d barely scratch the surface.

This is why we test structured rearrangement methods — methods a human could describe with a rule (like “write into 8 columns, read them in this order”). A human encryptor like Sanborn would have used a describable method, not a random shuffling.

We’ve tested hundreds of thematic keywords including KRYPTOS, PALIMPSEST, ABSCISSA, BERLIN, TUTANKHAMUN, SANBORN, SCHEIDT, COMPASS, SHADOW, SPHINX, and many more. But more importantly: the specific keyword doesn’t matter for most cipher types we’ve tested, because we tested every possible key of every possible length, which includes any keyword you could name.

The exception is running keys (where a long passage of text is the key). For those, the specific source text matters, and we’ve only tested texts that are publicly available. If Sanborn used a private or unpublished text, we wouldn’t have tested it.

All standard single-layer cipher families have been eliminated under direct positional correspondence and additive-key assumptions, including all repeating-key ciphers (proven impossible at every key length), all autokey ciphers (proven structurally impossible), and running keys from 60,000+ publicly available English texts (106 billion position-checks). We have also enumerated 105,692 two-layer compositions and 838,350 non-columnar three-layer compositions within our registered layer families with no signal above noise. Classical cipher space has infinite variation, so this does not rule out everything; it describes what we have tested. Open directions we are interested in include: (1) W-delimiter or other finite segmentation procedures; (2) punctuation-style marker conventions where carved W decrypts to a rare plaintext letter such as X, Q, or Z; (3) running keys from non-public or non-English source texts; (4) monoalphabetic + transposition + running-key compositions (our current detection method cannot distinguish real English keys from gibberish in this case); (5) bespoke procedural ciphers using Sanborn’s encoding charts or other physically motivated rules; (6) non-standard transpositions, homophonic or digraphic outer layers, and anything else not yet in our layer registry; (7) a genuinely novel mechanism we have not thought of. If you have an idea we have not tested, the Submit a Theory page is the fastest way to route it into our classifier. See also the Research Questions page.

Yes. Use the Submit a Theory page. Describe your idea in plain English and the theory classifier will check whether it matches anything in the elimination database. If your theory is genuinely novel, it will be queued for evaluation.

Every elimination includes a reproduction command you can run yourself. The codebase is fully open source. We also classify results by confidence tier and list explicit scope limitations for each elimination. If you find an error, report it and we will investigate.

kryptosbot.com is built by Colin Patrick (human lead) and Claude (AI computational partner, by Anthropic). The project began as a systematic attempt to solve K4 using computational cryptanalysis and evolved into a public elimination database so the community can build on our work rather than re-testing approaches already proven fruitless. This site does not know the solution and is not affiliated with the official Kryptos Keepers or their verification site.

K4 has only 97 characters, too short for most statistical attacks to distinguish signal from noise. Exhaustive testing has eliminated all standard periodic keys. Pure transposition is independently impossible (the ciphertext has 2 E’s but the cribs require 3), so K4 must involve at least some substitution. The exact multi-step structure is unknown. There are an astronomically large number of possible methods that could produce the 24 known letters, far too many to test one by one. Solving K4 requires identifying the specific method, not just trying all keys — and the public evidence currently available is not specific enough to identify that method. (Sanborn has publicly described K4 as using “two systems” of encipherment, but the public commentary is treated by this project as contextual hearsay, not as an operational mechanism specification.)