Classical Ciphers
Cryptography Fundamentals
Chapter 2 · Classical Ciphers — Substitution, Transposition & Frequency Analysis
Chapter 1 introduced the vocabulary — plaintext, ciphertext, cipher, key — in the abstract. This chapter puts real, historical ciphers behind those words, and builds toward a genuinely important point: every classical cipher, no matter how clever, eventually falls to the same weapon — statistics. Understanding exactly why sets up Chapter 3's Enigma machine as something more than a historical curiosity — it was a serious, partially successful attempt to defeat this exact weakness mechanically.
The Caesar Cipher — Simplest Substitution
Named for Julius Caesar, who reportedly used it for military messages: shift every letter of the alphabet forward by a fixed amount. A shift of 3 turns A into D, B into E, and so on, wrapping around at the end.
The key here is just the shift amount — a single number between 1 and 25. ROT13 (shift 13) is the same idea, still occasionally used today for puzzle spoilers, precisely because it offers no real security — its own reversal is trivial to spot.
Substitution Ciphers, Generalized
A monoalphabetic substitution cipher generalizes Caesar's idea: instead of a fixed shift, use any arbitrary one-to-one mapping from plaintext letters to ciphertext letters. There are 26! (about 4×10²⁶) possible mappings — brute force is completely infeasible here, unlike Caesar's 25 keys.
And yet monoalphabetic substitution is still comprehensively broken — not through brute force, but through a completely different kind of attack.
Frequency Analysis — Breaking Substitution Ciphers
Every natural language has a distinctive statistical fingerprint. In English text, E is by far the most common letter (roughly 12.7% of all letters), followed by T, A, O, I, N — often remembered by the mnemonic ETAOIN SHRDLU. A monoalphabetic substitution cipher maps each plaintext letter to always the same ciphertext letter — which means it preserves this frequency fingerprint perfectly, just relabeled.
Given enough ciphertext, an analyst counts how often each ciphertext symbol appears, matches the most frequent symbol to E, the next most frequent to T, and so on — then refines using common short words ("THE", "AND"), double letters, and known digraphs/trigraphs. No matter how large the keyspace, the underlying language's statistics leak straight through the substitution.
| English letter | Approx. frequency |
|---|---|
| E | 12.7% |
| T | 9.1% |
| A | 8.2% |
| O | 7.5% |
| I / N | ~7% |
| Z / Q | <0.1% |
Transposition Ciphers
A completely different family: instead of replacing letters, rearrange their order. The rail fence cipher writes the message in a zigzag across several "rails" and reads them off row by row; columnar transposition writes the message into a grid and reads the columns out in a key-defined order.
Because a transposition cipher never changes which letters appear — only their order — the letter frequencies of the ciphertext are identical to the plaintext's, which defeats a naive frequency-count attack outright. But it introduces a different weakness: the ciphertext is a pure anagram of the plaintext, and short, structured messages are often recoverable by testing plausible word fragments and grid dimensions — a real weakness, just a different one than substitution's.
The Vigenère Cipher — "Le Chiffre Indéchiffrable"
For roughly 300 years, the Vigenère cipher (popularized in the 16th century) was considered unbreakable — French for "the indecipherable cipher." It's a polyalphabetic substitution cipher: instead of one fixed shift (Caesar) or one fixed mapping (monoalphabetic substitution), it cycles through multiple different shifts, determined by a repeating keyword.
Each letter of the keyword selects a different Caesar shift for the letter beneath it — "ATTACK" gets encrypted with a different effective cipher at nearly every position, so the same plaintext letter (the two T's in ATTACK) can produce two completely different ciphertext letters. That single property is exactly what defeats a direct frequency count: the ciphertext's letter frequencies are smeared across multiple shifted alphabets rather than reflecting English's fingerprint directly.
Breaking Vigenère — the Kasiski Examination
Vigenère's real weakness is that the keyword repeats. If a keyword is 5 letters long, then every 5th letter of ciphertext was shifted by the same keyword letter — meaning the ciphertext is actually 5 separate, interleaved Caesar ciphers, each individually breakable by ordinary frequency analysis once you know that 5 is the key length.
Friedrich Kasiski published the practical break in 1863: look for repeated sequences of 3+ letters in the ciphertext. If the same plaintext fragment happens to align with the same part of the repeating keyword twice, it produces the same ciphertext fragment twice — and the distance between those two repeats must be a multiple of the key length. Find several such repeated fragments, take the greatest common divisor of their distances, and the key length falls out.
Why All Classical Ciphers Eventually Fall
Every cipher in this chapter shares one structural weakness: each is a fixed, repeating transformation — a single shift, a single substitution alphabet, or a substitution alphabet that repeats every few letters. Fixed and repeating transformations always leave some statistical fingerprint of the underlying language intact, and given enough ciphertext, that fingerprint is always recoverable.
Hands-On Exercises
Decrypt the Caesar-ciphertext WKLV LV IXQ. You don't know the shift in advance — explain your approach and give the shift amount and the plaintext.
You have a 300-letter monoalphabetic substitution ciphertext. The letter Q appears 38 times (by far the most), and F appears 27 times (second most). Using this chapter's frequency table, what would you guess Q and F map to first, and what would you do next to confirm or refute the guess?
While Kasiski-examining a Vigenère ciphertext, you find the trigram QVX repeated at two positions 24 letters apart, and the trigram MPZ repeated at two positions 18 letters apart. What key lengths does this evidence support, and why?
Chapter 2 Quick Reference
- Caesar cipher — fixed shift, only 25 keys, broken by brute force alone
- Monoalphabetic substitution — 26! keys (brute force infeasible), broken by frequency analysis (ETAOIN SHRDLU) instead
- Transposition — rearranges letters rather than replacing them; preserves letter frequency but is a pure anagram, breakable by structure
- Vigenère — polyalphabetic, cycles through shifts via a repeating keyword; broken by the Kasiski examination (repeated ciphertext fragments reveal the key length), then reduces to several Caesar ciphers
- Shared weakness across every cipher here: a fixed, repeating transformation always leaks the underlying language's statistics eventually
- Next chapter: The Enigma Machine — a polyalphabetic cipher that generates a new substitution alphabet on every keystroke, mechanically attacking exactly this weakness