Hands on Z408

Tom Voigt managed to gain access to the evidence room (presumably at SFPD) to have a closer look one of the three parts of the original Z408 cipher:

He says that inspecting the back of the paper reveals Zodiac used a second pen of a different color. Click the above link to see his short video of the experience. I look forward to hearing more about his visit.

2017 Symposium on Cryptologic History

Good news: My presentation proposal for this year’s crypto symposium was accepted!

Title: The Unsolved Zodiac 340 Cipher: Features or Phantoms?

Abstract: The Zodiac Killer’s first cipher was a simple substitution cipher that was quickly solved by amateur codebreakers. But after almost 50 years, his second cipher is still unsolved. Current research is focused on unusual statistical features found in the unsolved cipher. Are these features evidence of the underlying encryption scheme used by the killer? Did he use a type of classical cipher or invent a homemade scheme? Or are the features actually phantoms leading us down the wrong path? This talk will try to sort out the good and bad clues in the cipher text, and will invite the codebreaking audience to participate in this promising research.

The 2015 symposium was really fascinating and I was privileged to attend many interesting presentations. In my own presentation there, I presented a broad overview of the Zodiac ciphers and some of their unusual clues and features. In my upcoming talk I will try to provide more details about the interesting cryptographic clues in the unsolved 340-character cipher. My hope is that attendees will gain information that will help them make new discoveries about the 340 that may one day lead to its solution.

Ciphers that resemble Zodiac’s 340-character cryptogram

I believe the best way to keep attacking the Zodiac’s 340-character cipher is to create more test ciphers that share many of its features. If we can easily crack test ciphers under many different schemes, and the Zodiac 340 still won’t break under the same attacks, then the schemes can be systematically eliminated.

I collected about 200 test ciphers to compare with the 340, and posted a detailed summary of my approach here:


Long story short: Many people have created many test ciphers, and in most cases they share some but not all of the features of Zodiac’s 340. I’m hoping to help close that gap so we can at least start with a really good set of test ciphers.

The Zodiac Ciphers – What do we know, and when do we stop trying to solve them?

Here is a video of my talk from the 2015 Cryptologic History Symposium held at the Johns Hopkins University Applied Physics Lab:

I had limited time for the talk, so I recorded a new bonus section at the end to go over some additional material about the ciphers. The talk is basically a snapshot of what we know about the unsolved Zodiac ciphers, and a way to rule out different ideas of how the 340 was constructed. I was in the “Crimes and Ciphers” panel, moderated by FBI historian John Fox. Also presenting in this panel was Dan Olson, the chief of the FBI’s Cryptanalysis and Racketeering Records Unit (CRRU). He gave an interesting talk about the history and achievements of the CRRU. During his talk he played this short NBC news clip featuring Dan and the work of CRRU: https://www.youtube.com/watch?v=ROfjcaGwLgM.

German author Klaus Schmeh, who has written several books on encryption technology, also gave an interesting talk about unsolved ciphers from unsolved crimes. You can watch Klaus’ talk here: https://www.youtube.com/watch?v=P9hWLo8bJXw

The conference was a really enjoyable experience for anyone interested in the history of codemaking and codebreaking. I met many fascinating people, heard many interesting stories, and learned many new things. I posted some details of my experiences here: http://www.zodiackillersite.com/viewtopic.php?p=42643#p42643

A similar meeting is coming up in Charlotte in Spring 2015: http://www.cryptosymposium.com/

Zodiac Pattern Drawer

UPDATE, Feb 7, 2016: The Zodiac Pattern Drawer site at sbabaker.com went down, so I attempted to mirror the tool here: http://zodiackillerciphers.com/zodiac-pattern-drawer/

Computer science professor Ryan Garlick at the University of North Texas has been enlisting his students to try out different ways to solve Zodiac’s 340-character cryptogram. Many people believe that the 340 needs to be re-arranged before it can be cracked. So, this year, Dr. Garlick’s students developed the “Zodiac Pattern Drawer”, a web-based tool that lets you re-arrange the 340 and download the result.

Screenshot of Zodiac Pattern Drawer

Basically, you start with the original cryptogram, and click around in it to draw a different path through its symbols. Your rearranged symbols appear on the right, and when you are done, you can download a text file that contains a numerical representation of the new cryptogram. You can then take that file and feed it to an automatic solver such as zkdecrypto or AZdecrypt.

To get started, read the user guide and watch the tutorial video.

Hopefully someone can find a rearrangement that leads to a solution!

Speaking at the 2015 Cryptologic History Symposium

The Cryptologic History Symposium sponsored by the NSA’s Center for Cryptologic History is coming up this fall, and they have accepted a paper proposal I recently submitted. The symposium will be on October 22nd and 23rd this year in Laurel, MD, and covers many fascinating topics involving the history of cryptology. I attended the 2013 symposium and it was extremely interesting – be sure to read my article about it to get a sense of what’s covered.

For this year’s symposium, I will be giving a presentation in the “Ciphers and Crime” panel called “The Zodiac Ciphers: What do we know and when do we stop trying to solve them?” The talk will be a quick overview of the case, details on the ciphers, many observations about their contents, and results of my experiments designed to rule out different ways Zodiac may have constructed the unsolved 340-character cryptogram. It’s going to be very challenging to pack so much info into the 25 minutes they have allotted to me. Here is the abstract for my paper:

Over 45 years ago, the serial killer known as Zodiac taunted the San Francisco Bay area with cryptic letters that were widely published in newspapers. One letter contained a cryptogram (Z408) which was quickly solved by a high school teacher. A second cryptogram (Z340) was sent a few months later. It appeared similar in construction to the first, but remains unsolved to this day. The killer later mailed two additional smaller cryptograms (Z13 and Z32) which also remain unsolved. Here we summarize many facts and observations known about Zodiac’s cryptograms. Many hypotheses on the construction of Z340 have been explored but no solution has been found. Systematic exclusion of hypotheses is difficult and tedious. We attempt to address this with multi-objective optimization programming to generate cryptograms simulated under various construction hypotheses. The simulated cryptograms are artificially evolved to maximize similarities to the real Z340. If, under a given hypothesis, we can solve the numerous simulated cryptograms, and Z340 was constructed using the same hypothesis, then the solution to Z340 should be easily found. If it is not, then this failure provides strong evidence against a specific hypothesis. Thus hypotheses can be systematically excluded.

There is more information about the conference at this link. The proceedings may seem dry and academic, but if you have any interest at all in the history of codemaking and codebreaking, I guarantee you will be intrigued by the range of topics covered at these symposiums.

Hope to see you there! And thanks to Klaus Schmeh for encouraging me to submit a presentation.

Did a chess grandmaster solve the 340?

The World Chess Federation in Las Vegas, NV is involved in a dispute over trademark infringement. The web site for the World Chess Federation has a profile of its founder Stan Vaughan which includes this claim:

Grand Master Stan’s expertise as a cryptanalyst led him being noted for having solved two of the most important previously unsolved ciphers in the world: The Shugborough Hall Monument cipher for which he had received an award from the Reform Club, and the Zodiac Serial Killer 340 character cipher. Stan was also a National Trivial Pursuit Champion of 1986.

I cannot find any references that mention his solution. Does anyone know anything about it? I am attempting to contact Mr. Vaughan to see if he will give more information about his solution.

How to know that you haven’t solved the Zodiac-340 cipher

Do you think you’ve solved the Zodiac 340 cipher? University of North Texas professor Ryan Garlick has written a handy guide that you should read. Once featured on the National Geographic documentary “Code Breakers“, Dr. Garlick has studied the Zodiac ciphers for many years, and has even recruited his students to try to solve them. He knows how to spot bad solutions, and his guide shows you how you can easily spot them, too. Bad solutions usually have common symptoms, such as symbols representing multiple letters, liberal use of anagramming, gibberish that needs to be highly interpreted, frequent changing of the cipher keys, and the use of fake patterns such as numerology. To his guide I would add my litmus test: If your approach can generate many different and equally compelling plaintext messages, then you can’t prove your approach is the one used by Zodiac to encrypt his message. The best example is the known solution for the 408-character cipher. There is only one overall solution that can be generated with that method, and it results in a coherent message requiring no elaborate manipulations of the key. You could quibble over some misspellings and mistakes, but they do not result in a brand new message that it totally different from the known solution.

Kevin Fagan recently wrote that many theories about the Zodiac Killer case are still being made, despite the case being 45 years old. If you have cracked the cipher, stand apart from all the bad ideas by making sure your solution does not show the problems mentioned in Garlick’s guide. Then maybe you are on the right track. Good luck!

The Most Pattern-Seeking Animal of All

Much has already been written about the dubious content of the recently published book The Most Dangerous Animal of All: Searching for My Father . . . and Finding the Zodiac Killer by Gary L. Stewart and Susan Mustafa. It joins a crowded pantheon of weakly supported books, and yet went on to make a profitable appearance on the New York Times bestseller list for non-fiction eBooks.

Michael Butterfield does a good job of pointing out the major problems with the evidence presented in Stewart’s book. There is also a lengthy thread on Mike Morford’s forum, and many posts on Tom Voigt’s forum. You can look at Stewart’s evidence and judge for yourself.

But here I will focus on the the book’s claims about the ciphers. The authors write that Stewart’s sleazy father, Earl Van Best Jr., was the Zodiac Killer, and his name appears in three of the killer’s cryptograms. The authors suggest that this is proof that their suspect is indeed the Zodiac killer.

Let’s look at how they found his name in the Zodiac’s 340-symbol cryptogram:

Using the kanji style of writing he had learned as a child in Japan, [Earl Van Best Jr.] began on the right side of the page, arranging letters and symbols in vertical columns. Instead of a coded message, he included his full name, written backwards.

[New York literary agent B. G. Dilworth] pulled up some images of the ciphers on his computer and at random began studying the 340 cipher, looking for my father’s name. He began by looking for the name Best.

Working his way from right to left backwards across the cipher, he found the name, Earl Van Best Junior. Van had put one letter of his name in each column.

Here’s what Dilworth’s discovery looks like:

Each column has one symbol marked. Here’s what they look like when you write them out from left to right:

But let’s write them from right to left instead, as Dilworth found them:

So, we’re getting closer, but it still does not look quite right. To overcome this, Dilworth allows some symbols to resemble other letters. For example, he treats the half-filled circle as the letter E. Here are the symbols with Dilworth’s interpretations:

Dilworth indulges in a bit of freedom with his approach. The problem, though, is that it causes at least hundreds of thousands of other names to appear in the ciphers. How can you know for sure that Earl Van Best Junior, a name among thousands, is the correct one? You can’t, unless you assume that you’ve already correctly identified your suspect.

Here’s a small sampling of the abundant names you can find using the same approach.

Timothy B. Greenwood

Clifton D. Pritchett

Carl B. Powell Junior

Earl Vasquez Junior

In fact, using Dilworth’s method, you can find many other similar Earls, such as: Earl Van Cook Junior, Earl Van Bell Junior, Earl Van Diaz Junior, Earl Van Cole Junior, Earl Van West Junior, Earl Leo Best Junior, Earl Bob Best Junior, Earl W Powell Junior, Earl B Little Junior, Earl T Howell Junior, Earl Clayton Junior, Earl Clifton Junior, Earl Wendell Junior, Earl B Patton Junior, Earl C Abbott Junior, Earl L O’Neill Junior , Earl a Osborn Junior, Earl O Hayden Junior, Earl C Albert Junior, Earl V Madden Junior, Earl Tolbert Junior, Earl F Bowden Junior, Earl Colbert Junior, Earl Boswell Junior , Earl Conklin Junior, and on and on and on. They are all appearing due to coincidence. Earl Van Best Junior is appearing due to the same kind of coincidence.

The book says:

To assure himself this was not a coincidence, B. G. used the same method to try to find his own name. It wasn’t there

He must not have looked hard enough, because it is there:

B.G. Dilworth

“Dilworth” even appears in the 408!

Gary Stewart himself appears

Gary Stewart’s full name appears in the decoded 408

Even his co-author Susan Mustafa appears in the 408

Dilworth also says:

He then looked … for more common names like Jane Brown and Mary Smith. He couldn’t find any first and last names in the same sequence

Once again, he didn’t look hard enough. Jane Brown can be found if you apply the method from top to bottom, and other common names are easily found:

Jane Brown

Betty Scott

Dorothy Collins

You can try it for yourself with this search gadget. You can also look at the 170,000 names I’ve found so far here (male names) and here (female names).

The book also says:

Even though the cipher had been decoded, they couldn’t take the next step of deciphering the killer’s name, because they didn’t know what name to look for.

Unfortunately, what this really means is: If you start with a name ahead of time, you can force it to appear within the cryptograms. This is how so many unreliable solutions are conjured from thin air. We see it repeatedly, and the pattern is usually this: The solver tries to generate a specific name, and eventually figures out a technique to make it appear. But the technique usually generates many other names. Since the solver has a strong desire to promote their suspect, all the other names are conveniently ignored.

You still need to prove that your solution isn’t just appearing by chance, like a face in the clouds.

Now let’s look at the authors’ claims about the 408 cipher:

I found a version on the Internet where the decoded message had been typed above the Zodiac’s cipher. I approached the three sections of the cipher as if they were a seek-a-word puzzle, looking at a particular letter and then looking vertically, diagonally, and across for my father’s name.

I saw it right away, plain as day: EV Best Jr.

Here’s the 408 with the decoded message printed above the cipher:

And here’s where he found E.V. Best Jr:

Notice how the name is permitted to flow in multiple directions, and can skip a symbol. As expected, that name is appearing purely by chance. Many other names can be found by chance as well:


A.T. West Jr.

H.T. King Sr.

N.L. Peck Sr.




Will Blair

Will Bean

Theo Nash

Lee Allen (Arthur Leigh Allen?)

Ted O’Dell

Ned Williams

Rob Forrest

Theodore (Kaczynski?)

Dan Eilliot

(Richard) Gaikowski

(Fred) Manalli

F(red) Manalli



Again, there’s no way to accept “E.V.Best Jr” as a correct interpretation unless you already accept Stewart and Mustafa’s story.

Lastly, Stewart attempts to connect their story with Zodiac’s 13-letter cryptogram:

My father then included a new cipher with thirteen characters, including letters and symbols — the exact number of letters in Earl Van Best Jr.

The only connection there is that the length of “Earl Van Best Jr” is the same length as the 13-letter cryptogram. This is an extremely weak connection, since there are millions of names that are thirteen letters long. And the authors don’t bother to explain what any of the symbols mean!

I don’t doubt that Stewart’s father was a bad man and committed many terrible acts. But Stewart and Mustafa have tried to convince us that simple coincidences in the ciphers are proof Van Best was the Zodiac Killer. Stewart has made many rounds in the media to promote his book. His efforts were very successful – his “non-fiction” book sold many copies. But both the media and his publisher remain agnostic over the truth of his claims, sadly reinforcing the profit cycle of folklore and misinformation.