The second encrypted message from the Zodiac Killer is one of the world’s most famous unsolved cryptograms. According to computational linguist Tom Juzek, it will never be solved because no solution exists.

Throughout the late 1960s, the Zodiac Killer, one of history’s most famous unidentified serial murderers, terrorized the San Francisco area in a spree of heinous attacks. He murdered at least five people and seriously injured two. He sent over a dozen taunting letters to the public, in which he boasted about his acts and made fun of the police. The case has never been solved.


The four Zodiac cryptograms

For crypto history enthusiasts, the Zodiac Killer is especially interesting, as four of his letters included encrypted messages. Here’s the first one (it was solved by Donald and Betsy Harden in 1969):


The three other encrypted messages are unsolved to date. Here’s the second message:


This is message #3 (only one line of the letter is encrypted):


And finally, this is the fourth Zodiac cryptogram (two lines encrypted):


For those who speak German, here’s a radio interview I recently gave:


The second Zodiac cryptogram

Messages #3 and #4 are quite short and have a flat letter frequency distribution. This means that the correct solution, it there is one, cannot be distinguished from false ones, which makes these cryptograms virtually unsolvable. For this reason, codebreakers usually focus on the second Zodiac Killer message. As it consists of 340 letters, it is sometimes referred to as Z340.


The first Zodiac message (also known as Z408) proved to be encrypted in a homophonic cipher (this means that a cleartext letter may have several different ciphertext counterparts). As the second cryptogram looks similar to the first, it is reasonable to assume that it was created with the same type of cipher. However, all attempts to find a homophonic substitution table that decrypts Z340 have failed so far. Apparently, the Zodiac Killer, after his first cryptogram had been broken within a short time, tried to make his second try more difficult.

Of course, it is possible that the second Zodiac Killer cryptogram is just a nonsense message (the can be said for the Voynich Manuscript, the McCormick notes, the Debosnys cryptogram and many other unsolved crypto mysteries).

Tom Juzek, a computational linguist, has now published an interesting blog post about Z340 that delivers a number of statistical arguments that support the nonsense hypothesis (thanks to blog reader Ralf Bülow for the hint). This post was published on March 16, 2018. I had never heard of Tom Juzek before. He has never been active in the crypto history community. Perhaps, this will change in the future. I wouldn’t mind seeing works like these at crypto history conferences.

As Juzek correctly states, the letter, bigram and trigram frequencies of Z340 are consistent with a homophonic cryptogram. As an additional statistical tool, Juzek introduces the “mean squared distance from one” (MSD), which is computed for every n-letter-group (ngram) that appears in the cryptogram. The MSD values of a homophonic cryptogram are different from the ones a random sequence over the same alphabet with the same letter frequencies produces.

When checking the MSD values of Z340, Juzek found out: these values stay the same, no matter in which order the letters of the cryptogram are read. Especially, reading Z340 in the usual order renders the same results as reading it backwards or column-wise. This is strong evidence that Z340 is not a homophonic cryptogram. Even if read backwards or column-wise, Z340 does not behave like a real cipher.

There are a few more statistical analyses Juzek conducts. For instance, he examines a homophonic cipher of his own creation on twenty real texts and twenty random letter sequences. The twenty real texts are taken from sources like one of the non-encrypted Zodiac Killer letters, other letters from serial killers, the book of Genesis and Karl Marx’ The Capital. The twenty random letter sequences were created with a Python script. The cipher Juzek uses is similar to Z408. The following diagram shows the result of this test:


As can be seen, Z340 associates with the fake ciphers. Interestingly, the other true ciphers form their own cluster, away from Z408, implying that the encryption mechanism used for them is a lot stronger than the encryption mechanism of Z408.


A fake or not a fake?

Other tests Juzek describes in his paper strengthen the nonsense hypothesis, too. Nevertheless, Juzek’s work is not a proof that Z340 is a fake cryptogram (and Juzek doesn’t claim that it is). However, Juzek has delivered some interesting evidence that supports the hoax hypothesis.

Generally speaking, the nonsense hypothesis appears to make sense. I can well imagine that the Zodiac Killer wanted to create an unsolvable crypto mystery, after his first encryption had proven weaker than he had expected. Perhaps, to be on the safe side, he decided to create an encrypted message that is unsolvable because there is no solution.

If you follow Juzek’s arguments or if you have a different opinion about Z340, please let me know.

Further reading: The Zodiac Killer code is solved – at least in this new movie


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (7)

  1. #1 Klaus Schmeh
    4. Mai 2018

    Wolfgang Wilhelm via Facebook:
    Auch eine Idee, andere damit zu beschäftigen, Codes zu knacken, die überhaupt keine sind. Verwirrung beim Feind zu stiften ist immer gut 😉 Gibt es irgendwelche neuere Beispiele für diese Art von Geheimdienst-Trollerei? 🙂

  2. #2 David Oranchak
    4. Mai 2018

    Juzek’s analysis is very good but I’m not sure it sufficiently considers the possibility of transposition methods that could have been applied prior to the substitutions. For example, there is a significant spike in the appearance of repeating bigrams at period 19, which possibly suggests some kind of transposition. (More info on ngram bias:

    Transpositions disrupt the normal occurrences of repeating ngrams, so you have to reverse the transposition operations before counting up the ngrams.

    I’m really curious what Juzek’s analysis would yield if it also considered a wide variety of transposition methods. What effects would this have on the mean squared distance measurement, and how would it compare to known “true” transposition ciphers?

  3. #3 David Oranchak
    4. Mai 2018

    I should add that Juzek acknowledges the transposition possibility in the addendum of his blog post.

  4. #4 Hans Regli
    4. Mai 2018

    Nat Geo hat vor kurzem eine ganze Serie ausgestrahlt zum diesem Thema, “The Hunt for the Zodiac Killer”. In der letzten Episode wird der letzte Code (wenn ich das noch richtig in Erinnerung habe) durch einen Menschen geknackt, der Computer konnte es hingegen nicht. Wen’s interessiert…

  5. #5 Michael
    4. Mai 2018

    “Is the second Zodiac Killer message a fake?”


    Es sind im Text einige putzige Stellen, wie z. B. in der letzten Zeile “Z O delta A I K”, die wohl dazu verleiten sollen, sich näher mit dem Chiffre zu befassen.

  6. #6 Stefan
    9. Mai 2018

    Hallo Klaus,
    ich habe mir den Brief mit dem Zodiac Code mit „my name is“ angeschaut und durchdacht.
    Wenn der Zodiac Killer tatsächlich seinen echten Namen in dem Brief verschlüsselt hat, dann müsste man über einen Namensabgleich von San Fransisco und Umland den Täter möglicherweise ermitteln können. Ich gehe davon aus, dass der Killer in oder um San Fransisco lebte und arbeitete, weil dort die Morde geschahen und die Briefe aufgegeben wurden. Laut Zodiac-Code sind Buchstabe 1 und 12, Buchstabe 3 und 11, sowie Buchstabe 5,7 und 9 identisch. Bedeutet suchen sie nach einem 13 stelligen Namen bei dem vor allem Buchstabe 5,7 und 9 identisch sind. Das ist natürlich die Nadelsuche im Heuhaufen, aber eine mögliche Option, den Namenscode zu knacken. Man bräuchte dazu alle Namensregister/Melderegister von San Fransisco und Umgebung zwischen 1967 bis 1979, und müsste genau nach diesen Namenskonstellationen 13 Buchstaben 1 + 12 / 3 + 11 / und vor allem 5,7 + 9 identisch suchen. Hat der Killer nicht gefakt und tatsächlich seinen richtigen Namen in dem Brief verschlüsselt, könnte man so möglicherweise auf die Lösung kommen. Ein Versuch wäre es auf diese Art und Weise mal wert. Ich glaube kaum, dass es so viele 13 stellige Namen mit dieser Buchstabenkombination gibt. Viele Grüße Stefan

  7. #7 Ian
    26. September 2018

    I ran this cipher in AZ Decrypt as a slice selection in the form of a 4 line “rail fence” cipher. The software returned a seemingly randomized sequence of the “th” digraph. Each digraph was followed by a random vowel or two, an occasional consonant, then another “th” digraph, over and over again. I get the same result as a 3 line fence cipher. If not some decoding error with the software itself, I am at a loss to explain it. If the cipher is a fake I would have expected much more randomness. So why the “th” digraph repeated over and over and over?