Cryptography Overview

Cryptography is the practice of disguising information so that only the intended reader can understand it. Every classical cipher is based on one of two main ideas:

Substitution — swapping each letter for a different letter or symbol.
Transposition — keeping the letters but changing their order.

This page explains the most well-known ciphers in plain language and shows you how to break them yourself using The Cipher Lab’s interactive Tools and Cipher Encoder / Decoder.

💡 Tip: To start analysing any cipher, run your text through the Frequency Analyzer — it highlights the most common letters, which often exposes the key.

Each cipher below has a quick overview. Click Learn more to open a dedicated page with full history, how to encode, how to break, and frequency-analysis signals.

Substitution Cipher

Learn more →

A substitution cipher replaces every letter in the alphabet with another. The mapping stays the same for the entire message — that consistency is exactly what you exploit to break it.

Plaintext: HELLO WORLD Ciphertext: QEBBY TBOBD

How to Break It (fast)

Use frequency + word patterns. In English, E/T/A/O/I are common. If spaces are kept, word lengths and repeats give huge clues.

What the frequency looks like: Monogram frequencies keep the same overall “English shape” (one letter is still the most common, a few are medium, many are rare), but the labels are swapped. Bigrams/trigrams also look English-ish but with letters renamed.

Deep dive

What leaks (weakness)

Letter frequency: ciphertext inherits English distribution.
Repeats: double letters (LL, EE) and repeated short words.
Word shapes: patterns like _H_ can hint “THE”.

Practical breaking steps

Run frequency: guess E/T/A/O/I candidates.
Find “THE”, “AND”, “OF”, “TO” using patterns.
Lock confirmed letters, then iterate (it snowballs).

Visual mapping idea (example)

A fixed alphabet swap for the whole message.

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: QWERTYUIOPASDFGHJKLZXCVBNM

Learn more Open Tools Try Encoder / Decoder

If you get even 6–10 letters right, the rest becomes much easier. Keep a running mapping and don’t “un-guess” without a reason.

Caesar Cipher

Learn more →

The Caesar cipher shifts every letter by the same number of positions in the alphabet. After Z, it wraps back to A.

Shift: 3 Plaintext: HELLO → Ciphertext: KHOOR

How to Break It (fast)

There are only 25 possible shifts. Brute force them and pick the one that produces readable English.

What the frequency looks like: Exactly like normal English, just shifted: the frequency curve is unchanged. A chi‑square match against English over all 25 shifts usually pops the right one immediately.

Deep dive

How it works (math)

Convert letters to numbers A=0..Z=25. Encrypt: (x + s) mod 26. Decrypt: (x − s) mod 26.

Fast sanity checks

Common hits: “THE”, “AND”, “ING”.
ROT13 is special: shift 13 decrypts itself.

Shift wheel (+3)

Just a rotated alphabet.

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Shift+3: DEFGHIJKLMNOPQRSTUVWXYZABC

Learn more Try Encoder / Decoder Frequency Tool

Vigenère Cipher

Learn more →

Vigenère uses a keyword to apply multiple Caesar shifts. The shift changes through the message based on the key letters.

Key: KEY Plaintext: ATTACKATDAWN Ciphertext: KXRKGIKXREQF

How to Break It (fast)

Find the key length first (Kasiski / IOC), then solve each column as a Caesar cipher.

What the frequency looks like: Frequencies get “flattened” compared to English (lower IoC, less obvious E/T/A peaks). If you split the text by key position, each slice looks like a Caesar‑shifted English distribution.

Deep dive

Key length tools

Kasiski: repeated ciphertext chunks → distances share factors ≈ key length.
IOC: split into k columns; the correct k makes columns look “English-like”.

Then solve

For each column, run frequency like Caesar.
Combine shifts → keyword.
Decrypt and refine (errors stand out quickly).

Column split idea k=3

Every 3rd character goes into the same bucket.

Cipher: K X R K G I K X R E Q F Col 1: K K K E Col 2: X G X Q Col 3: R I R F

Learn more Try Encoder / Decoder Tools (freq)

Once you know the key length, Vigenère becomes several smaller Caesar ciphers — one for each key position.

Affine Cipher

Learn more →

Affine encrypts letters using multiplication and addition mod 26. It’s stronger than Caesar, but still small enough to brute force.

Key: (a=5, b=8) Plaintext: AFFINE → Ciphertext: IHHWVCS

How to Break It (fast)

Brute force all valid (a,b) pairs and score the outputs for English.

What the frequency looks like: Like Caesar/Substitution: monogram frequencies keep the English-like curve but permuted. A chi‑square test over valid (a,b) pairs is typically very effective.

Deep dive

Formula

With A=0..Z=25: E(x)=(a·x+b) mod 26. Decrypt: D(y)=a⁻¹·(y−b) mod 26.

Valid keys

You need gcd(a,26)=1 so an inverse exists. Valid a values: 1,3,5,7,9,11,15,17,19,21,23,25. b can be 0–25.

Breaking

Try all valid a and all b.
Pick the best-looking plaintext.

Affine intuition linear

Multiply stretches the alphabet; add shifts it.

E(x)=(a·x+b) mod 26 a=5,b=8: A(0)->I(8) B(1)->N(13) C(2)->S(18)

Learn more Try Encoder / Decoder Tools

Playfair Cipher

Learn more →

Playfair encrypts pairs of letters using a 5×5 key square (I/J combined). It hides single-letter frequencies — but digraph patterns leak.

Key: MONARCHY HELLO → GYIYQ

How to Break It (fast)

Use digraph frequency + cribs. For serious cracking, heuristic search (hill-climbing) is common.

What the frequency looks like: Single-letter frequencies are less helpful because encryption works on digraphs. You’ll often see fewer obvious English bigrams, no doubled letters (like “LL”), and digraph patterns dominate instead.

Deep dive

Rules

Same row: take letters to the right (wrap).
Same column: take letters below (wrap).
Rectangle: swap corners (same row, other column).

Plaintext prep

Split into pairs.
If a pair repeats (LL), insert filler (often X): HE LX LO.

Breaking

Look at digraphs like TH/HE/IN/ER.
Try cribs and test quickly with tools.

Example 5×5 square (I/J)

Built from keyword, then remaining letters.

M O N A R C H Y B D E F G I K L P Q S T U V W X Z

Learn more Try Encoder / Decoder Tools

Hill Cipher

Learn more →

The Hill cipher encrypts blocks of letters using matrix multiplication mod 26. It’s a classical cipher that directly uses linear algebra.

Key Matrix: [[3,3],[2,5]] Plaintext (HI) → Ciphertext (RC)

How to Break It (fast)

If you know matching plaintext/ciphertext blocks, you can solve for the matrix. Otherwise, brute force only works for tiny keys.

Deep dive

How it works

Choose block size n (e.g. 2).
Convert letters to numbers.
Compute C = K·P mod 26.

Key requirement

K must be invertible mod 26 (det(K) must have an inverse mod 26).

Breaking

Known plaintext: enough pairs → solve for K.
Otherwise: use automated search with strong scoring.

Block math n=2

Two letters become a vector, multiplied by the matrix.

P=[H,I]=[7,8] K=[[3,3],[2,5]] C=K·P mod 26

Learn more Try Encoder / Decoder Tools

Autokey Cipher

Learn more →

Autokey is a Vigenère variant where the key extends using the plaintext itself, reducing repetition and hiding key-length patterns.

Key: KEY → Extended Key: KEYATTACK Plaintext: ATTACKATDAWN Ciphertext: KXRKGIQXREQF

How to Break It (fast)

Use cribs (“DEAR”, “ATTACK”, known headers). Once a chunk of plaintext is guessed, the key stream can unravel.

Deep dive

What changes vs Vigenère

After the initial keyword, the key becomes the plaintext stream. That kills repeating-key repeats.

Breaking

Guess a plausible plaintext fragment (crib).
Use it to derive key letters for that region.
Because the key becomes plaintext, recovering plaintext grows the key too.

Key grows concept

Key stream after the seed keyword is plaintext.

Key: K E Y A T T A C K ... Plaintext: A T T A C K A T D A W N

Learn more Try Encoder / Decoder Tools

Transposition Ciphers

Learn more →

Transposition ciphers rearrange letters instead of replacing them. Letter frequency stays roughly English, but words are scrambled.

Key: ZEBRAS Plaintext: WEAREDISCOVEREDRUN Ciphertext: EVLNEACDTKESEAQROFO

How to Break It (fast)

Try likely widths (column counts), look for word fragments, and use cribs if you suspect certain words appear.

Deep dive

How to spot

Frequency looks “normal” but nothing decodes like substitution.
Vowels appear at normal rates.

Breaking workflow

Test widths (2..20 etc) and score outputs for English.
For columnar: test short keys or use heuristic search for longer keys.
Cribs: try placing a suspected word into a grid.

Grid concept idea

Fill row-wise, read column-wise (often by key order).

WEARE DISCO VERED RUNXX (padding)

Learn more Try Encoder / Decoder Tools

Bacon Cipher

Learn more →

Bacon’s cipher hides letters as patterns of As and Bs — often disguised using two text styles (case, font, bold/normal).

AABAA AABAB ABBAB → HELLO

How to Break It (fast)

Identify the two styles, map them to A/B, group into 5s, and decode.

Deep dive

Decoding steps

Pick a rule: Style 1 = A, Style 2 = B.
Read off the A/B stream.
Group into chunks of 5.
Convert each chunk into a letter (variant-dependent).

Common gotcha

Copy/paste often destroys formatting. If styles disappear, use screenshots or inspect the HTML.

Two-style idea A/B

Upper/lower (or bold/normal) becomes bits.

a A b a a -> A B A A A Group by 5 -> decode

Learn more Try Encoder / Decoder Tools

Morse & Enigma

Learn more →

Morse is an encoding (no secret key), while Enigma is a rotor-based cipher that changes substitution with every key press.

HELLO → •••• · ·−·· ·−·· −−−

Deep dive

Morse basics

Not a cipher: it’s reversible without a secret.
Spacing matters: letter gaps vs word gaps.

Enigma overview

Enigma uses rotors + plugboard. The “key” is rotor order, ring settings, start positions, and plugboard pairs.

How it was broken (high level)

Cribs (guessed plaintext fragments).
Constraints + automation (bombes).

Encoding vs cipher key?

Quick way to tell what kind of “mystery text” you have.

Encoding: reversible without secret Cipher: reversible only with key

Learn more Community Posts Try Encoder / Decoder

If someone says “Morse cipher”, they usually mean “Morse encoding” — there’s no key to crack, just decoding.

Frequency analysis

Frequency analysis is the classic first step in breaking many “pen-and-paper” ciphers. It doesn’t guess the key. It measures the shape of the text: which letters and patterns repeat, and how closely that resembles real language.

What it looks at

Letter counts (A–Z): In English, E/T/A/O/I/N are common. Substitution ciphers keep these counts (just relabeled).
Digraphs & trigraphs: Common pairs like TH, HE, IN and triples like THE, AND.
Index of Coincidence (IoC): A quick “how clumpy are letters?” signal. Random text is low; natural language is higher.
Chi‑square vs English: A score of how far the letter distribution deviates from expected English.
Repeats: Repeated n‑grams can hint at transposition vs substitution, and can help key‑length guesses in polyalphabetic ciphers.

What it tells you (fast triage)

Substitution vs transposition: transposition tends to preserve overall letter counts (so frequencies can still look “English-ish”), while substitution changes which letters are common but the distribution shape remains similar.
Is it polyalphabetic (e.g. Vigenère)? IoC often drops compared to plain English when multiple alphabets are used, and periodic structure can appear.
Is it probably not a classic cipher? Very high entropy / lots of non‑letters can suggest encoding (Base64/Hex), compression, or binary data.

How to use it in the lab

Paste text into Encoder / Decoder to strip/normalize if needed (remove spacing, keep letters only, etc.).
Run analysis: check IoC + chi‑square first, then scan the top bigrams/trigrams.
Use the result to pick the right tool:
- Looks monoalphabetic: try Caesar/Affine/Substitution.
- Looks transposition‑ish: try Railfence/Columnar/Permutation.
- Looks polyalphabetic: try Vigenère and test likely key lengths.

Frequency analysis won’t magically “solve” everything, but it’s a powerful filter: it narrows your search space so you don’t waste time on the wrong family of ciphers.