Patterson's Cipher for Jefferson
A four-layer transposition cipher that Thomas Jefferson called "the most perfect cipher he had ever seen" — and could not himself solve. It stumped the American founders for 206 years before falling to a 21st-century hill-climbing search.
Why This Matters
In December 1801, Robert Patterson — a respected American mathematician and vice provost of the University of Pennsylvania — sent President Thomas Jefferson a cipher he believed could never be broken. Jefferson, a sophisticated cryptographer in his own right (designer of the wheel cipher in Hall VII), was so impressed that he forwarded the system to Secretary of State James Madison with an endorsement calling it "the most perfect cipher he had ever seen."
Patterson included a specimen ciphertext for Jefferson to decrypt. The key followed in a separate letter. Jefferson tried. Jefferson failed. He wrote back asking for hints. Madison tried. Madison failed. The cipher was archived in Jefferson's papers, unresolved.
It stayed unresolved for 206 years. In 2007, Lawren Smithline at Princeton's Center for Communications Research read about the cipher in an NSA history journal, recognized it as a hill-climbing problem, and broke it. The plaintext turned out to be the opening lines of the Declaration of Independence — Patterson had used a patriotic source text for his demonstration. This exhibit walks through Patterson's four-layer construction, Jefferson's failed attempts, and the modern search algorithm that finally cracked it.
Patterson was, on paper, the right person to design an American state cipher. He was vice provost of the University of Pennsylvania, a published mathematician, friend of Benjamin Franklin, and would later serve as director of the United States Mint under Madison and Monroe. His December 19, 1801 letter to Jefferson is preserved in the Library of Congress's Jefferson Papers.
Jefferson received the proposal at exactly the right moment to be receptive: he was newly inaugurated, building out the State Department's diplomatic correspondence apparatus, and acutely aware of the European cabinets noirs (see Cabinet Noir) reading every American dispatch they could intercept. A genuinely unbreakable cipher would have been a strategic asset.
Three weeks later, after struggling with the specimen, Jefferson wrote again — this time confessing failure and asking Patterson for hints. We have those letters too. Patterson sent more guidance. Jefferson still couldn't recover the plaintext. Eventually the correspondence trailed off; the cipher was filed away; the Patterson system was never adopted by the State Department, and Jefferson kept using his own less-elegant systems.
Patterson's design stacks four independent transformations on top of an N-row by M-column grid. The key is a list of small numbers — one set per row.
Layer 1 — Write the plaintext into a grid (column-by-column)
Take the plaintext and write it into a grid of N rows. The grid is read column-by-column. Patterson typically used 40 rows.
Layer 2 — Insert random junk letters at the start of each row
For each row, insert a secret number of meaningless letters at the start. The count varies row-by-row according to the key. The decryptor must know exactly how many junk letters to skip in each row.
Layer 3 — Right-shift each row by a different amount
Cyclically shift each row right by a row-specific amount (also from the key). What falls off the right wraps back to the left. Different shifts on different rows scramble the column structure that any straightforward column-reader attack would rely on.
Layer 4 — Permute the row order
Finally, shuffle the rows themselves into a new secret order. The rows are no longer in their natural sequence — row 17 might now be the 1st row of the ciphertext, row 4 might be the 2nd, etc. The ciphertext is then read off column-by-column from this scrambled grid.
The key is the full set: per-row junk-counts, per-row right-shifts, and the row permutation. With a 40-row grid, the search space is roughly: row-order permutations (40! ≈ 10⁴⁷) × per-row junk-counts (say up to 8 per row, so 8⁴⁰ ≈ 10³⁶) × per-row shifts. This is hopelessly far beyond pencil-and-paper attack. It is also far beyond brute-force computer attack — Smithline's break required hill-climbing, not exhaustion.
Smithline's attack treats the cipher's key as a point in a high-dimensional search space and uses a fitness score — how English-like is the candidate plaintext? — to climb toward the correct key.
The fitness function used N-gram frequencies of English letters and bigrams (pairs of letters). Real English has very specific bigram statistics: TH, HE, IN, ER are extremely common; QZ, VX, JX are nearly nonexistent. A candidate plaintext that scores high on English-ness is much more likely to be on the right track than one that scores low.
The search loop:
- Pick a starting point in the key space (random row-permutation, random junk-counts).
- Decrypt with that key — get a candidate plaintext.
- Score it for English-ness using the N-gram fitness function.
- Make a small random change (swap two rows; tweak one junk-count by ±1).
- Re-decrypt, re-score. If the score went up, accept the change. If it went down, sometimes accept it anyway (simulated-annealing-style randomness to escape local maxima).
- Repeat for thousands of iterations.
Below is a stylized visualization of what the search trajectory looked like. Real Smithline runs were much longer — these rows are illustrative.
Once the fitness score crossed a threshold and started spitting out recognizable English fragments, Smithline could see the plaintext was the Declaration of Independence and finish the decryption manually. The whole search took minutes of compute time.
Jefferson's correspondence with Patterson and Madison about the cipher survives. The letters are remarkable for their honesty: a sitting US President, an accomplished cryptographer, openly admitting he could not break a cipher mailed to him by a friend.
These letters are now part of the Library of Congress's Jefferson Papers (Series 1, General Correspondence) and have been digitised. They are the historical record of the moment the system was actually accepted as unbreakable — by the only people who needed to break it.
| Patterson lesson | Modern echo |
|---|---|
| Cipher strength is relative to attacker capability | Quantum cryptography deprecation: today's "strong" ciphers may fall to algorithms that don't yet exist |
| Asymmetric effort: encrypt in hours, decrypt in centuries | The standard threat model — attacker may have far more compute than designer expected |
| "Perfect cipher" claims age badly | Why every modern algorithm is published for adversarial review, not declared perfect |
| Hill-climbing + good fitness function beats huge search spaces | Same technique: hill-climbing in modern cryptanalysis; broke Double Transposition in 2013, the M-209 in the 2010s, the Mary Stuart letters in 2022 |
| The patriotic-plaintext signal helped Smithline confirm the break | Modern: known-plaintext attacks; chosen-plaintext attacks; the cryptanalyst always wants any anchor in the plaintext space |
| Designer | Robert Patterson (1743–1824) |
| Year | December 1801 |
| Recipient | Thomas Jefferson |
| Layers | Grid + junk + row-shift + row-permute (4) |
| Years unsolved | 206 (1801 → 2007) |
| Solver | Lawren Smithline, Princeton CCR |
| Method | Hill-climbing + N-gram fitness |
| Plaintext | Declaration of Independence (opening) |
| Solution paper | American Scientist 97(4), 2009 |
- Smithline, Lawren. Using Computers to Decrypt Jefferson's Cipher. American Scientist 97(4), 2009. ↗
- Tomokiyo, Satoshi. Patterson's Cipher for Jefferson — Challenge Solved After 200 Years. Cryptiana. ↗
- Library of Congress — Thomas Jefferson Papers (Patterson correspondence). ↗
- Wikipedia — Robert Patterson (mathematician). ↗