I've spent a fair amount of time on K4, and my conclusion is that it's simply a poor puzzle. At this point 24 of 97 characters have been revealed, and yet there's seemingly still not enough information pointing to how the known plaintext corresponds to the ciphertext. Over the decades everything reasonable has been tried and eliminated, which means the solution is likely to be unreasonable.
I'm inclining to this too. I heard about it first on Usenet in the 90s, and started looking at it again seriously in June 2017 when I came across the Bauer paper.
But after the 2020 clues (another 13 letters), it became clear that it wasn't any single ACA cipher type, and it was probably something very difficult (because of K4's very low index of coincidence, i.e. 0.036 just below "random" 26-letter text at 1/26, plus the huge number of revealed plaintext letters "in place" i.e. letter-for-lettter correspondence).
That plausibly left a combination of two or more well-known cipher types, but if they were somewhat complex ciphers, the chance of solution would be rather remote.
Hence I always thought a "good" end to the puzzle would be like the book "Masquerade" by Kit Williams where the only guy in cahoots with the creator (Bamber Gascoigne) thought the initial puzzle was an unrealistic challenge, but Williams released clues which enabled two schoolteachers to solve it. So that part was satisfactory, even if hardly anybody remembers the solvers' names!
In contrast, the cribs for K4 haven't helped at all.
What makes a puzzle like this “unreasonable?” Like would it be a sort of “you had to know that you needed a bit of graffiti on a truck stop stall outside Anchorage” unfair scope issue or is there a different kind of unreasonable I cannot currently imagine?
It's easy to make a puzzle that's hard. "Guess the number in my head" is hard. It's not fun for the solver or reasonable. "Unscramble this text which was XORed with the Windows 3.1 solitaire EXE" is likewise.
Good puzzles, even hard ones, should have some idea which way to approach them and should offer a method of attack other than brute force.
The Wired piece has Sanborn saying the reserve should be "around $300,000."
It sounds like Sanborn really doesn't think it'll be solved before the auction date of 20 November (his 80th is on 14 November). If it does get solved due to this publicity bump, that's huge earnings foregone.
Perhaps he knows it is still an "unreasonable" challenge even with the 24 known letters.
You would think that one of the lessons of that is that someone could jump in right at the end and solve it after several clues were released. That hasn't worked with K4, which is increasing people's skepticism.
There are SO many things he might have done, with no pre-determined rules. Like, algo-scramble.
Starting with the n-char plaintext, make it a loop. Now move the second letter two places to its right, the third three places, and so on ... until arriving at the original nth letter (painted red?) Or, starting with the digits of pi, move the second letter 3 to the right, the third 1, the fourth 4, und so weiter.
Doing a frequency on 97 weird letters wouldn't help much.
In their example, "HELLO" is the plain text, "XMCKL" is the key, and the ciphertext is "EQNVZ". However, with a one time pad, an equally plausible plain text is "later" with the key "TQURI". Thus, without anymore data, it is simply impossible to know what the original message is.
Was the 10GB video file never released anywhere and is stored in a now bit rotted old HD in your basement?
Reasonable puzzles can be worked out (albeit maybe with a lot of work) with information provided by the puzzle or available somewhere in the environment.
Unreasonable puzzles (like some old Sierra games cough) are impossible without secret inside knowledge by the puzzle maker and/or brute force. And sometimes not even with brute force.
The hash/video example might just be an Easter egg hunt requiring looking across a wide set of videos (somewhat reasonable but boring), or completely unreasonable depending on circumstances.
Probably correct. Different from the other cyphers, the number of symbols is short, and correlating part of the plaintext that has been revealed gives poor measures for the full string length. It has been said that the other solutions are required to solve K4, so if the solution relies on something like character alignment, matrix coding or an even more convoluted permutation arrangement, this can look (or directly be) a one-time pad cypher which are arguably the most difficult to solve.
Well, outside of Sanborn and his collaborators, who knows. When the puzzles were first revealed and people started trying to crack them, some of them explored out of the box approaches like the design of the sculpture, odd-shaped letters, shadows of the symbols, it's geographic position, etc. However eventually all first 3 turned out to be classic cryptographic algorithms (Vigenere for K1 and K2, transposition for K3), with the information to solve them contained within the cyphertext of the sculpture. For K4, Sanborn has hinted that this may not be the case.
