Autokey Cipher

A Vigenère-style cipher where the key extends using plaintext (or ciphertext) rather than repeating.

Family: Polyalphabetic substitution (Vigenère variant) Era: Classical (19th century variants; common in puzzles) Strength: Weak–medium (crib-sensitive)

Try in Encoder / Decoder → Try in Breaker → Open Tools →

History & context

Autokey was designed to fix a major weakness of Vigenère: repeating keys create periodic patterns that reveal the key length (Kasiski/IoC). Autokey reduces repetition by extending the keystream using text itself. In puzzle cryptography, Autokey is popular because it’s one step harder than Vigenère but still crackable when you have a crib, a known header, or predictable plaintext structure.

How Autokey Cipher works

Plaintext-autokey (common): • Keystream = KEYWORD + PLAINTEXT (then truncated to message length) • Encrypt: C[i] = (P[i] + K[i]) mod 26 • Decrypt: P[i] = (C[i] - K[i]) mod 26, but K after the seed depends on recovered plaintext This creates a feedback loop: once you recover some plaintext, you recover more of the keystream automatically.

Core rules

Seed keyword provides the first keystream letters.
Keystream continues with plaintext (or sometimes ciphertext in another variant).
Non-letters are usually skipped for keystream advancement (implementation dependent).
If you recover a plaintext fragment, you can extend the keystream from it.

Worked example

Seed key: KEY Plaintext: ATTACKATDAWN Keystream: KEYATTACKATDA (seed + plaintext, truncated) Encrypt using Vigenère arithmetic with this keystream.

How to encode / decode

Step-by-step

Pick a seed keyword (letters only).
Normalize plaintext/key rules (uppercase, letters-only advancement).
Build keystream = seed + plaintext (truncate to length).
Encrypt each letter like Vigenère using the matching keystream letter.
Preserve or strip punctuation consistently with your chosen convention.

💡 Tip: Autokey variants differ. The big question: does the keystream extend with plaintext or ciphertext, and does it advance over punctuation? Make sure your tool and your puzzle use the same convention.

How to break a Autokey Cipher

Autokey is harder than repeating-key Vigenère because the usual key-length attacks weaken. The most practical break is a **crib attack**: guess a likely plaintext word/phrase, then use it to bootstrap the keystream. Once the guess is correct, decryption rapidly becomes self-sustaining because recovered plaintext generates more keystream.

Practical checklist

Look for predictable structure: greetings, headers, 'THE', 'ATTACK', 'FLAG{', dates, etc.
Guess a crib at a position; derive keystream letters for that region.
Use derived keystream to decrypt forward; recovered plaintext extends the keystream.
If output becomes increasingly readable, the crib is likely correct.
If output collapses into nonsense quickly, try a different crib or alignment.

What frequency looks like

Autokey often looks less periodic than Vigenère because the keystream changes with plaintext. IoC and Kasiski can be less decisive. Frequency analysis is more of a triage tool here: it tells you it’s classical/polyalphabetic, but cribs do the heavy lifting.

Signals to look for:

Less clear repeating structure than Vigenère with short repeating key.
Still alphabetic and language-linked (not random bytes).
If you try Vigenère key-length scans and nothing clean appears, Autokey is a suspect.
Crib success produces a strong ‘snowball’ effect in readability.

Mini example

Try guessing the plaintext contains 'THE' near the start. If that guess produces readable continuation (not just a single word), you likely found the right alignment.

Common mistakes

Using the wrong Autokey variant (plaintext-autokey vs ciphertext-autokey).
Wrong key advancement rules over punctuation/spaces.
Assuming you can estimate key length like standard Vigenère (often misleading).
Not testing multiple crib alignments (off by 1–2 characters is common).

Variants

Plaintext Autokey (common).
Ciphertext Autokey (keystream extends with ciphertext).
Running-key cipher (keystream is long external text; cousin concept).

Practice

Practice by encrypting with a short seed like 'KEY', then try breaking it by guessing 'THE' or a known header near the start.

Try these prompts

Encrypt a paragraph with seed 'KEY' and try to recover plaintext using a crib.
Try the same plaintext with different punctuation handling and see how breaks differ.
Construct a ciphertext-autokey example and compare breaking difficulty.
Use a known phrase like 'MEETAT' and test alignments.

FAQ

Why is Autokey harder than Vigenère?

Because it reduces repeating-key periodicity, weakening key-length detection.

What’s the best way to break it in puzzles?

Cribs. A correct guessed word can bootstrap the keystream and snowball into full recovery.

Does Autokey keep spaces/punctuation?

Usually punctuation is preserved, but key advancement rules vary by implementation.