Pen and Paper Ciphers

Pen and Paper Ciphers
Here is a small list of popular pen-and-paper ciphers with explanations. For some of them, I have written corresponding webpages that actually perform this encryption. In each of these programs, any punctuation is removed from the input and not included in the output. For now, numbers are also not encrypted, but removed. If you want numbers, for now spell them out.

Caesar Cipher
Simple Substitution
Sawtooth Cipher
Rail Fence Cipher
Columnar Transposition
Playfair Cipher
Vigenere Cipher
ADFGVX
Solitaire

Program List:
Frequency Counts
Caesar
Sawtooth
Rail Fence
Vigenere
Solitaire

Caesar Cipher
The Caesar Cipher is about as simple as it gets. One simply replaces each letter in the message with the letter that follows it in the alphabet. Hence, C => D, A => B, Z => A, and so on. The message "meet at eight oclock" would then encrypt as "nffu bu fjhiu pdmpdl". The name Caesar Cipher also can refer to using the same proceedure but shifting more than one letter.

Simple Substitution:
This works by simply replacing a letter with another letter. Many newspaper crypto-quotes work in this fashion. An example would be

a b c d e f g h i j k l m n o p q r s t u v w x y z
c q l i y s x m b z p a o t j w u z e g d h f v k n

Such that the following phrase would translate as
"The Quick Brown Fox Jumped Over the Lazy Dog"
"gmy udblp qzjft sjv zdowyi jhyz gmy acnk ijx"

This is not a very secure cipher, and is subject to cryptanalysis by frequency counts, since some letters appear more than others. On average, in English, they obey the following percentages (cite Wikipedia) to the right.

A common method for creating a simple substitution cipher is by using a keyword. Say I use the keyword "Poker". I could then set up a substitution cipher that the first five letters, abcde, are represented by the letters in poker, and then the rest of the alphabet follows in order, skipping the letters already used. This example would give

a b c d e f g h i j k l m n o p q r s t u v w x y z
p o k e r a b c d f g h i j l m n q s t u v w x y z

As you can see, this is not a very good word for this. Since the latest occurring letter in "poker" is r, we can be assured that all letters following r will be direct matches. A more complicated word would be better suited. Any word that contains a letter twice, the second letter is skipped, so if we used the word "aardvark", the beginning of the cipher would be "ardvk".

A better method for setting the key is to continue the alphabet after your password/phrase with the letter that follows the last letter of your password. In the aardvark example, where the password reduces to "ardvk", instead of filling out the rest of the alphabet beginning with the letter "a", fill out the rest beginning with the letter "l" which naturally follows the last "k" from ardvk. This would give a key of

a r d v k l m n o p q s t u w x y z b c e f g h i j

This is the method used for any of the programs that use a password to key a single alphabet.

Frequencies of English Letters. Graph from Wikipedia.

Sawtooth Cipher
The Sawtooth cipher is a transposition cipher. Unlike substitution ciphers, transposition ciphers do not involve replacing the letters in a message with other letters. Instead, the change the order of the message characters in such a way that the message is hard to read. The simplest form of this would be to simply write a message backward, so that "meet at eight oclock" would read "kcolco thgie ta teem". The Sawtooth cipher does something a little more complicated, and is best explained by an example. Take the phrase "MEET AT EIGHT OCLOCK" and write it as follows
M E A E G T C O K
E T T I H O L C
so that the first letter is on the first line, the second on the second line, the third on the first line, etc. Now rewrite them by placing the first line in front of the second line to read
M E A E G T C O K E T T I H O L C
Such a cipher has it's advantages since any frequency analysis done on it returns exactly what we would expect for an unencrypted message. Of course, this immediately tells anyone trying to break the message that it is probably done with a transposition cipher. This can also be done with three rows, which would give the following,
M    T    E    H    C    C
E    A    I    T    L    K
    E    T    G    O    O

and thus,
M T E H C C E A I T L K E T G O O

This method is identical to the simplest form of Columnar Transposition.

Rail Fence Cipher
The Rail Fence cipher works almost exactly like the Sawtooth cipher. In fact, for a two row cipher, it is exactly the same, so if I use the same message as before, it appears like so,
M E A E G T C O K
E T T I H O L C

However, if you use more than one line, the text zig-zags rather than descends

M A G C K
E T T I H O L C
E E T O
which gives
M A G C K E T T I H O L C E E T O
The advantage of the Rail Fence cipher over the Sawtooth cipher is that there is a variable distance between consecutive letters.

Columnar Transposition
Columnar Transposition is, as the name suggests, yet another transposition cipher. In this method, the message is written along the rows of a matrix, such as
M E E T A
T E I G H
T O C L O
C K
From here, the message is simply rewritten by the columns instead of the rows. The above would result as
M T T C E E O K E I C T G L A H O
If I had chosen to use three columns instead of five, the message would have become
M E E
T A T
E I G
H T O
C L O
C K
Which would read as
M T E H C C E A I T L K E T G O O
The exact same as the Sawtooth cipher with three rows, and, just like the Sawtooth cipher, the number of columns can vary just as the number of rows could vary. There is no difference.

The method of columnar transposition is worth mentioning, however, because of the ability to add another complication, that is, writing the columns out of order. To do this, we again make use of a key, but in this case a numerical one. If I am using 5 columns, I would take the digits 1 2 3 4 5 and reorder them to, say, 3 1 5 2 4. This is my key. I then reorder the columns

1 2 3 4 5
M E E T A
T E I G H
T O C L O
C K

3 1 5 2 4
E M A E T
I T H E G
C T O O L
C K

in the order of the key and write the encrypted message. On the above five column example, this key would make my message become
E I C M T T C A H O E E O K T G L
Not knowing the sequence of the columns makes it harder to break the cipher. Without doing this, the successive plaintext letters are spaced an equal distance apart. By reordering columns, the letter spacings stay the same, but the ordering has changed. Of course, if your message is short and you don't have many columns, changing the column order doesn't gain you a lot, since you would effectively be using a very short key.

However, in the other limit, if you use as many columns as there are letters in your message, then the benefit of using columns at all has been lost. If your key is going to be as long as your message, devise a One-Time Pad method.

Playfair Cipher
The Playfair cipher was developed by Charles Wheatstone, but his good friend Lord Lyon Playfair, first Baron of Playfair, was the one to promote it for use, and hence it gained his name. This cipher is more complicated then the above, but truly not by much, and it gives a much higher level of security than simple substitution ciphers. Instead of having a key relating each letter to another letter as in substitution ciphers, the Playfair cipher uses a table that encrypts pairs of letters at a time. These pairs of letters are called digraphs. For this cipher, one first constructs the key table. A very easy example would be

A B C D E
F G H I K
L M N O P
Q R S T U
V W X Y Z
with the letters listed in order. Note that I left out J. Since there are 26 letters and only 25 spaces, one letter needs to be left out, and most often it is J. Any J in your message should be replaced by I, and the decoder simply needs to figure out which I's should be J's from context. There are other ways to do this, such as leaving out C and always replacing C's with K's or S's depending on which sound the C makes in a word. Now in order to encipher a message, we use the following rules. First take the first two letters of your message and look at the table.

If your two letters both appear in the same row, then use the letters immediately to their right. AB becomes BC, GI becomes HK, MP bcomes NL. Note that if there is no letter to the right, use the first letter in that row.
If your two letters both appear in the same column, then use the letters immediately below them. BM bcomes GR, OY becomes TD, and so on. Again, if there is no letter below, use the first letter in that column.
If your two letters do not appear either in the same row or the same column, then you treat your two letters as the cornders of a smaller square and replace them with the letters in the other two corners. For example, if your letters were GT, you would have a sub-square that is
G H I
M N O
R S T
The letters GT would be replace with IR, the other two corners of the square. Note well, it is important that the first letter in the encrypted digraph be the letter in the same ROW as the first letter in the plain text. So while the letters GT encode to IR, the letters TG encode to RI.
If you have a double letter, such as LL, replace the second letter with an X and then encode as normal. It does not have to be an X, but whatever letter you choose to replace doubles, make sure both you and whomever you're sending the message to agree on it. So, LL would become LX and then encode to NV in this example.
To decode, simply use these rules in reverse. Rule 3 works backward just the same as it does forward. In rule one, to decode just use the two letters to the left of the two you're decoding if they appear in the same row, and likewise use the two above if they appear in the same column.

More complicated table keys can easily be created by ordering them in any way you want. They do not even have to be squares. For instance, if we included numbers to the 26 letters, we could have a Playfair key that looked like this;

A B D C E F G H I
J K L M N O P Q R
S T U V W X Y Z 1
2 3 4 5 6 7 8 9 0

You can also use passwords on this just as you would for the substitution cipher. If my password was "SCOTCH AND COOKIES", after removing repeated letters becomes "SCOTHANDKIE" and from this we can create a new key like this,

S C O T H
A N D K I
E B F G L
M P Q R U
V W X Y Z

The great advantage of this cipher over the previously mentioned ones is that it enciphers by using two letters at a time, therefore making it impossible to use one-letter statistical analysis to break. However, statistics do exist for many languages on the usage of digraphs, that is, two-letter combinations. While it can be time consuming to sit down and run a statistical analysis on such a cipher by hand, computers can do it quickly and make reasonable guesses at reconstructing the key. However, for quick and simple cryptography, this method is very effective.

Vigenere Cipher
The Vigenere Cipher was named for Blaise de Vigenere in the sixteenth century, and though it had already been developed by some before him, his name is the one that stuck. The variation given here was developed by Lewis Carroll, the very same who wrote "Alice in Wonderland."

It is one of a class of ciphers that are called Polyalphabetic ciphers, and is a relatively simple example of such. As opposed to things like simple substitution, in which one 'alphabet' is used to encrypt the message, polyalphabetic ciphers, as the name suggests, uses multiple alphabets to encrypt messages. The Vigenere cipher uses a 26x26 table to encrypt messages, and also uses a key phrase. The table is set up like the following...

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A|A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B|B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C|C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D|D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E|E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F|F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G|G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H|H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I|I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J|J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K|K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L|L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M|M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N|N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O|O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P|P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q|Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R|R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S|S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T|T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U|U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V|V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W|W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X|X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y|Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z|Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Mathematicians may recognize this as a Symmetric Toeplitz Matrix. The idea is that you pick a pass phrase, and you write your key phrase repeatedly above your message. Let's say my key phrase is "scotch and cookies", and my message is "meet at eight oclock by the fountains", I would write

s c o t c h a n d c o o k i e s s c o t c h a n d c o o k i e
m e e t a t e i g h t o c l o c k b y t h e f o u n t a i n s
For each pair of letters above (s, m), (c, e), et cetera, I can then look up a value in the table. I'll use the columns for the pass phrase and the rows for the message. I then go across the top until I find 'S' and then go down to the row for 'M' and I find 'E', so my first enciphered letter is 'E', and my second would be 'G', and so on. The full result is

Keytext : s c o t c h a n d c o o k i e s s c o t c h a n d c o o k i e
Plaintext : m e e t a t e i g h t o c l o c k b y t h e f o u n t a i n s
Ciphertext: e g s m c a e v j j h c m t s u c d m m j l f b x p h o s v w
An advantage of this is that using statistical analysis is much more difficult. However, as one can see, the progression of different alphabets is very easy to determine. Furthermore, in the 20th century, methods were developed to determine the length of the key phrases used, or at least provide decent guesses as the key length. Knowing the length of the key phrase used reduces the problem to simply solving a series of Caesar ciphers, which are very easy to break.

Of course, a stronger variant would be to mix up the order of the letters in each row, making each row different and therefore much less predictable. The disadvantage to doing this is that both the sender and the receiver must have identical copies of predetermined tables. The simpler method only requires the sender and the receiver to share the key phrase with each other, not the whole table.

ADFGVX
The ADFGVX cipher is named such simply because the ciphertext is comprised of entirely those six letters. It is not necessary that these particular six be used, in fact, any six letters or other symbols will do. These were chosen because these six letters are very distinct when sent by Morse Code:
A: .-
D: -..
F: ..-.
G: --.
V: ...-
X: -..-
Of course, this isn't a benefit that is frequently used today, but at the very least, all six of these letters can be typed with only the left hand on a standard keyboard.

An interesting point of the ADFGVX cipher is that it employs both transposition and substitution. The encryption begins with the substitution part by creating a 6x6 grid containing the 26 letters and 10 digits, and labeling the columns and rows by the letters ADFGVX, like so,

  A D F G V X
A|v t c 3 f o
D|e 7 1 y a l
F|8 b x 2 m h
G|i 9 r z p n
V|d w 5 q 0 u
X|4 6 k g j s

Now it's possible to do numbers, too! Now lets say our message is "meet at 8 oclock pm". Using the above table, the first letter, m, bcomes VF, the first letter designating the column, the second the row. The message then becomes
VG AD AD AA VD AA AF XA FA XD XA FA FX VG VF
Now at this point, all we've done is use a simple substitution cipher with two letters replaceing every one so that our ciphertext is now twice as long as our plain text. This is a necessary effect of using only six letters for the encryption. Next is the transposition part, which is similar to columnar transposition but also with a key word or phrase to order the columns. Consider rewriting the message like so, starting at the top left and working left to write with two pairs of letters per row,

V F A D
A D A A
V D A A
A F X A
F A X D
X A F A
F X V G
V F

Now lets consider a key word that is four letters. I'll choose "spam". I'll consider the first column above to be labeled by the letter "s", the second column by "p", the third column by "a" and the last by "m". Now, if I reorder the letters to put "spam" into alphabetical order, I get "amps" and I'll reorder the columns likewise, to get

s p a m     a m p s
V F A D     A D F V
A D A A     A A D A
V D A A     A A D V
A F X A     X A F A
F A X D     X D A F
X A F A     F A A X
F X V G     V G X F
V F             F V

I can now read off the rows (or really the columns if you like) to get a new ciphertext:
A D G V A A D A A A D V X A G A X D A G G A A X V F X G
And that is the ADFGVX cipher. The key for this cipher would be whatever arrangement you make the grid in above, and whatever word or order you put the columns in afterward.

Solitaire
Solitaire is a encryption scheme that is based on a deck of cards. It was developed by Bruce Schneier and was first published in Neal Stephenson's book Cryptonomicon. To learn how to use this cipher, see Bruce Scheier's web page at http://www.schneier.com/solitaire.html