Classical Ciphers

Cryptography Fundamentals

Chapter 2 · Classical Ciphers — Substitution, Transposition & Frequency Analysis

Chapter 1 introduced the vocabulary — plaintext, ciphertext, cipher, key — in the abstract. This chapter puts real, historical ciphers behind those words, and builds toward a genuinely important point: every classical cipher, no matter how clever, eventually falls to the same weapon — statistics. Understanding exactly why sets up Chapter 3's Enigma machine as something more than a historical curiosity — it was a serious, partially successful attempt to defeat this exact weakness mechanically.

The Caesar Cipher — Simplest Substitution

Named for Julius Caesar, who reportedly used it for military messages: shift every letter of the alphabet forward by a fixed amount. A shift of 3 turns A into D, B into E, and so on, wrapping around at the end.

Plaintext: HELLO WORLD Shift: +3 Ciphertext: KHOOR ZRUOG

The key here is just the shift amount — a single number between 1 and 25. ROT13 (shift 13) is the same idea, still occasionally used today for puzzle spoilers, precisely because it offers no real security — its own reversal is trivial to spot.

A 25-key keyspace is not a real defence
With only 25 possible shifts, an attacker can simply try every single one — a "brute-force" attack that takes seconds by hand and is instantaneous by computer. The Caesar cipher's weakness isn't subtle; it's the entire keyspace.

Substitution Ciphers, Generalized

A monoalphabetic substitution cipher generalizes Caesar's idea: instead of a fixed shift, use any arbitrary one-to-one mapping from plaintext letters to ciphertext letters. There are 26! (about 4×10²⁶) possible mappings — brute force is completely infeasible here, unlike Caesar's 25 keys.

And yet monoalphabetic substitution is still comprehensively broken — not through brute force, but through a completely different kind of attack.

Frequency Analysis — Breaking Substitution Ciphers

Every natural language has a distinctive statistical fingerprint. In English text, E is by far the most common letter (roughly 12.7% of all letters), followed by T, A, O, I, N — often remembered by the mnemonic ETAOIN SHRDLU. A monoalphabetic substitution cipher maps each plaintext letter to always the same ciphertext letter — which means it preserves this frequency fingerprint perfectly, just relabeled.

Given enough ciphertext, an analyst counts how often each ciphertext symbol appears, matches the most frequent symbol to E, the next most frequent to T, and so on — then refines using common short words ("THE", "AND"), double letters, and known digraphs/trigraphs. No matter how large the keyspace, the underlying language's statistics leak straight through the substitution.

English letterApprox. frequency
E12.7%
T9.1%
A8.2%
O7.5%
I / N~7%
Z / Q<0.1%

Transposition Ciphers

A completely different family: instead of replacing letters, rearrange their order. The rail fence cipher writes the message in a zigzag across several "rails" and reads them off row by row; columnar transposition writes the message into a grid and reads the columns out in a key-defined order.

# Rail fence, 3 rails: Plaintext: W E A R E D I S C O V E R E D Rail 1: W . . . E . . . C . . . R . . . D Rail 2: . E . R . D . S . O . E . E . D . Rail 3: . . A . . . I . . . V . . . . . . Ciphertext: WECRDIOVEEREDAI...

Because a transposition cipher never changes which letters appear — only their order — the letter frequencies of the ciphertext are identical to the plaintext's, which defeats a naive frequency-count attack outright. But it introduces a different weakness: the ciphertext is a pure anagram of the plaintext, and short, structured messages are often recoverable by testing plausible word fragments and grid dimensions — a real weakness, just a different one than substitution's.

The Vigenère Cipher — "Le Chiffre Indéchiffrable"

For roughly 300 years, the Vigenère cipher (popularized in the 16th century) was considered unbreakable — French for "the indecipherable cipher." It's a polyalphabetic substitution cipher: instead of one fixed shift (Caesar) or one fixed mapping (monoalphabetic substitution), it cycles through multiple different shifts, determined by a repeating keyword.

Plaintext: A T T A C K A T D A W N Keyword: L E M O N L E M O N L E # repeated to match length Shift by: L=11 E=4 M=12 O=14 N=13 L=11 ... Ciphertext: L X F O P V E F R N H R

Each letter of the keyword selects a different Caesar shift for the letter beneath it — "ATTACK" gets encrypted with a different effective cipher at nearly every position, so the same plaintext letter (the two T's in ATTACK) can produce two completely different ciphertext letters. That single property is exactly what defeats a direct frequency count: the ciphertext's letter frequencies are smeared across multiple shifted alphabets rather than reflecting English's fingerprint directly.

Breaking Vigenère — the Kasiski Examination

Vigenère's real weakness is that the keyword repeats. If a keyword is 5 letters long, then every 5th letter of ciphertext was shifted by the same keyword letter — meaning the ciphertext is actually 5 separate, interleaved Caesar ciphers, each individually breakable by ordinary frequency analysis once you know that 5 is the key length.

Friedrich Kasiski published the practical break in 1863: look for repeated sequences of 3+ letters in the ciphertext. If the same plaintext fragment happens to align with the same part of the repeating keyword twice, it produces the same ciphertext fragment twice — and the distance between those two repeats must be a multiple of the key length. Find several such repeated fragments, take the greatest common divisor of their distances, and the key length falls out.

Once the key length is known, Vigenère collapses back to Chapter 1's problem
Split the ciphertext into that many interleaved groups (every 5th letter together, for a length-5 key), and each group is now a simple single-shift Caesar cipher — solvable by the exact frequency analysis covered earlier in this chapter. "Unbreakable" polyalphabetic substitution turns out to reduce to a handful of the easiest cipher in this chapter, once the repeating structure is found.

Why All Classical Ciphers Eventually Fall

Every cipher in this chapter shares one structural weakness: each is a fixed, repeating transformation — a single shift, a single substitution alphabet, or a substitution alphabet that repeats every few letters. Fixed and repeating transformations always leave some statistical fingerprint of the underlying language intact, and given enough ciphertext, that fingerprint is always recoverable.

Bridging to Chapter 3
Enigma is, underneath everything, also a polyalphabetic substitution cipher — mechanically, it's not a different category of cipher from Vigenère at all. Its genuine innovation was generating a completely new substitution alphabet on every single keystroke, via rotors that physically advance after each letter, making its "keyword" length effectively many millions of characters before any repetition occurs. That's precisely why Chapter 3 matters technically and not just historically — Enigma was a serious mechanical attempt to eliminate the repeating structure that broke Vigenère.
None of this belongs anywhere near real security today
Every cipher in this chapter is broken by hand, by a single person, often within minutes for short messages. They're taught here for the ideas they establish — substitution, transposition, keyspace size, frequency analysis — not as anything to actually rely on. Chapter 5 onward covers the modern ciphers (AES and friends) that real systems use instead.

Hands-On Exercises

Exercise 1

Decrypt the Caesar-ciphertext WKLV LV IXQ. You don't know the shift in advance — explain your approach and give the shift amount and the plaintext.

📄 View solution
Exercise 2

You have a 300-letter monoalphabetic substitution ciphertext. The letter Q appears 38 times (by far the most), and F appears 27 times (second most). Using this chapter's frequency table, what would you guess Q and F map to first, and what would you do next to confirm or refute the guess?

📄 View solution
Exercise 3

While Kasiski-examining a Vigenère ciphertext, you find the trigram QVX repeated at two positions 24 letters apart, and the trigram MPZ repeated at two positions 18 letters apart. What key lengths does this evidence support, and why?

📄 View solution

Chapter 2 Quick Reference

  • Caesar cipher — fixed shift, only 25 keys, broken by brute force alone
  • Monoalphabetic substitution — 26! keys (brute force infeasible), broken by frequency analysis (ETAOIN SHRDLU) instead
  • Transposition — rearranges letters rather than replacing them; preserves letter frequency but is a pure anagram, breakable by structure
  • Vigenère — polyalphabetic, cycles through shifts via a repeating keyword; broken by the Kasiski examination (repeated ciphertext fragments reveal the key length), then reduces to several Caesar ciphers
  • Shared weakness across every cipher here: a fixed, repeating transformation always leaks the underlying language's statistics eventually
  • Next chapter: The Enigma Machine — a polyalphabetic cipher that generates a new substitution alphabet on every keystroke, mechanically attacking exactly this weakness