Vigenère Cipher: The 'Unbreakable' Cipher That Was Finally Broken
The complete history and mechanics of the Vigenère cipher — the polyalphabetic cipher that stumped cryptanalysts for 300 years. Includes free online tool.
The Vigenere cipher is the most famous polyalphabetic cipher in history — and the one that carried the longest false reputation for being unbreakable. For roughly 300 years, from its publication in the 16th century until the mid-19th century, it was known as le chiffre indéchiffrable (the undecipherable cipher). Cryptanalysts across Europe failed to crack it. Then Charles Babbage and Friedrich Kasiski independently found the key to breaking it, and the cipher's invincibility collapsed.
Understanding how the Vigenere cipher works — and how it was broken — is one of the most instructive lessons in the history of cryptography.
How the Vigenere Cipher Differs from Caesar
A Caesar cipher shifts every letter by the same amount. If the shift is 3, every A becomes D, every B becomes E, and so on. This uniform shift means the cipher is monoalphabetic — one alphabet throughout the entire message — and frequency analysis breaks it easily.
The Vigenere cipher uses a keyword to apply a different shift to each letter. The first letter might be shifted by 3, the second by 7, the third by 4, and so on — depending on the keyword. Since different letters in the plaintext are shifted by different amounts, the single-alphabet frequency pattern is destroyed.
This is what makes it polyalphabetic: multiple substitution alphabets, cycling through them based on the keyword.
The Vigenere Square (Tableau)
The Vigenere tableau is a 26×26 grid where each row is the alphabet shifted by one position:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B: B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C: C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
...
Z: Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
To encrypt a letter: find the row corresponding to the keyword letter, then find the column corresponding to the plaintext letter. The intersection is the ciphertext letter.
To decrypt: find the row for the keyword letter, locate the ciphertext letter in that row, and read the column header.
In practice, you don't need the full tableau. Each keyword letter just tells you how far to shift: A=0, B=1, C=2 ... Z=25.
Encoding Step-by-Step
Let's encrypt ATTACKATDAWN with keyword LEMON:
Plaintext: A T T A C K A T D A W N
Keyword: L E M O N L E M O N L E
Key shift: 11 4 12 14 13 11 4 12 14 13 11 4
A + 11 = L
T + 4 = X
T + 12 = F
A + 14 = O
C + 13 = P
K + 11 = V
A + 4 = E
T + 12 = F
D + 14 = R
A + 13 = N
W + 11 = H
N + 4 = R
Ciphertext: LXFOPVEFRNHR
Notice that the letter A appears four times in the plaintext but encrypts to four different ciphertext letters (L, O, E, N). This is exactly what makes Vigenere resistant to simple frequency analysis — the same plaintext letter doesn't consistently produce the same ciphertext letter.
Decoding Step-by-Step
Decoding reverses the process. Subtract the keyword letter's value from the ciphertext letter (wrapping around if needed).
Decrypt LXFOPVEFRNHR with keyword LEMON:
Ciphertext: L X F O P V E F R N H R
Keyword: L E M O N L E M O N L E
Key shift: 11 4 12 14 13 11 4 12 14 13 11 4
L - 11 = A
X - 4 = T
F - 12 = T
O - 14 = A
P - 13 = C
V - 11 = K
E - 4 = A
F - 12 = T
R - 14 = D
N - 13 = A
H - 11 = W
R - 4 = N
Plaintext: ATTACKATDAWN
Why It Was Called "The Undecipherable Cipher"
For 300 years, the Vigenere cipher defeated every known attack. The reason was simple: frequency analysis — the technique that shattered every monoalphabetic cipher since Al-Kindi's 9th-century breakthrough — didn't work.
In a monoalphabetic cipher, if E always becomes X, then X will be the most common ciphertext letter. Count the frequencies, map the peaks, and the cipher falls.
But in Vigenere, E might become X in one position, Q in the next, and F in another, depending on the keyword. The frequency distribution of the ciphertext is nearly flat — it looks random. Cryptanalysts tried applying frequency analysis and got nowhere. They tried pattern matching and got nowhere. For centuries, the Vigenere seemed genuinely unbreakable.
Charles Babbage and Kasiski's Breakthrough
The key insight came from two independent discoverers:
Charles Babbage (the "father of the computer") broke the Vigenere cipher in the 1850s but never published his method, possibly because British intelligence was using the technique to read foreign correspondence and wanted to keep the capability secret.
Friedrich Kasiski, a Prussian military officer, published the first description of the attack in 1863 in his book Die Geheimschriften und die Dechiffrir-Kunst.
The breakthrough was recognizing that the keyword repeats. A 5-letter keyword repeats every 5 positions, which means letters at positions 1, 6, 11, 16, etc. are all shifted by the same amount. If you can figure out the keyword length, you can split the ciphertext into groups where each group was encrypted with the same single shift — and then apply frequency analysis to each group separately.
The Kasiski Examination
The Kasiski examination finds the keyword length by looking for repeated sequences in the ciphertext.
If the plaintext contains a common word like "THE" and it happens to align with the same part of the keyword in two different locations, the ciphertext will contain the same three-letter sequence at both positions. The distance between these repeated sequences will be a multiple of the keyword length.
For example, if "THE" at position 5 produces "VKL" and "THE" at position 20 also produces "VKL," the distance is 15. The keyword length is a factor of 15 — so it's 1, 3, 5, or 15. Testing multiple such repetitions narrows it down.
Once you know the keyword length (say, 5), you separate the ciphertext into 5 groups (positions 1,6,11,16...; positions 2,7,12,17...; etc.) and apply standard frequency analysis to each group. Each group was encrypted with a single Caesar shift, so finding the shift is straightforward.
Index of Coincidence Attack
The Index of Coincidence (IC) provides another method for determining keyword length.
The IC measures how likely two randomly chosen letters from a text are to be identical. English text has an IC of about 0.0667. Randomly shuffled text (or text encrypted with a long random key) has an IC of about 0.0385.
To find the keyword length, try splitting the ciphertext into groups of 2, 3, 4, 5, etc., and calculate the IC for each group. When you hit the correct keyword length, each group's IC will jump to approximately 0.067 (because each group is a Caesar cipher of English text). When the guessed length is wrong, the IC stays near 0.038.
Modern Weaknesses
Beyond Kasiski and IC attacks, the Vigenere cipher has several additional weaknesses by modern standards:
Short keywords are catastrophic. Most historical Vigenere use involved keywords of 5–10 letters. This means the cipher repeats every 5–10 characters, providing plenty of data for analysis. A keyword as long as the message (a one-time pad) is unbreakable, but impractical.
Known plaintext kills it. If an attacker knows (or can guess) any part of the plaintext, they can XOR it against the ciphertext to extract the corresponding part of the keyword. With enough known plaintext, the entire keyword is recovered.
Computers make all attacks trivial. A modern computer can test millions of keyword lengths and apply frequency analysis to each in seconds. What took 19th-century cryptanalysts weeks now takes milliseconds.
Try the Vigenere Cipher Online
Our free Vigenere cipher tool encrypts and decrypts messages with any keyword. Enter your text and keyword, and the tool handles the shifting automatically. For unknown keywords, the tool can attempt to find the key length and recover the keyword.
To explore the simpler cipher that Vigenere builds upon, try our Caesar cipher decoder. For another historically significant cipher that aimed to surpass Vigenere's security, see the Playfair cipher. Or use our homepage tool to identify and break any cipher automatically.
Frequently Asked Questions
Is the Vigenere cipher the same as a one-time pad?
Only if the keyword is as long as the message, truly random, used only once, and kept secret. In that specific case, the Vigenere becomes a one-time pad — the only cipher proven to be mathematically unbreakable. In practice, Vigenere is used with short, repeating keywords, which makes it vulnerable to the Kasiski examination.
How long should a Vigenere keyword be for reasonable security?
Against hand analysis, a keyword of 10+ characters provides some resistance. Against computer analysis, no practical keyword length is secure — the Vigenere cipher is fundamentally broken by modern standards regardless of keyword length (unless it becomes a one-time pad).
Who actually invented the Vigenere cipher?
The cipher now called "Vigenere" was first described by Giovan Battista Bellaso in 1553. Blaise de Vigenere published a different (and more complex) autokey cipher in 1586. Historical misattribution stuck the simpler Bellaso cipher with Vigenere's name.
Can I break a Vigenere cipher without a computer?
Yes — the Kasiski examination and frequency analysis can be performed by hand with patience. Finding repeated sequences, calculating distances, and running frequency counts on each key-position group is tedious but entirely feasible with paper and pencil. It's how 19th-century cryptanalysts did it.
What ciphers replaced Vigenere in military use?
After Vigenere was broken, military encryption moved to more complex systems: cipher machines (Enigma, SIGABA), one-time pads, and eventually electronic encryption (DES, AES). The core concept of polyalphabetic substitution survived — Enigma is essentially a Vigenere cipher with a much longer, machine-generated key — but the simple repeating-keyword approach was abandoned.