The Vigenère cipher should not even be called that.

It’s true that in 1586 Blaise de Vigenère (yes, the French diplomat, cryptographer, translator and alchemist) published a type of polyalphabetic cipher called an autokey cipher before the court of Henry III of France. But, it was originally described in 1553–a whole 33 years earlier–in a book published in Venice called La cifra del Sig. Giovan Battista Bellaso by… well, Giovan Battista Bellaso. Giovan was an Italian cryptologist and he created the autokey cipher that carries Vigenère’s name.

Lewis Carroll (yes, the Alice in Wonderland writer) wrote that this cipher was unbreakable in his 1868 study of using the alphabet to send encrypted codes ” The Alphabet Cipher“. But he wasn’t paying attention: Charles Babbage had secretly previously broken the cipher during the Crimean War (1853-1856). He just didn’t publish the results. However, Major Friedrich Wilhelm Kasiski (yes, the German infantry officer, cryptographer and archaeologist) did publish the results of him cracking the cipher in 1863 with his 95 page book Die Geheimschriften und die Dechiffrir-Kunst (“Secret writing and the Art of Deciphering”). They got it right this time as the method he used to crack the cipher is now called the Kasiski Examination.

With me so far?

So how does the Vigenère cipher work?

The Vigenère cipher is a method of encrypting alphabetic text by using a simple form of polyalphabetic substitution. Instead of replacing each letter of the plaintext with a letter from a single alphabet, as in the Caesar cipher, the Vigenère cipher uses a key that shifts each letter by a different amount based on the letters of the key.

The Key

The key is a word or phrase (usually repeated or truncated to match the length of the plaintext) that determines how much each letter in the plaintext will be shifted.

Encryption Process

  1. Write the plaintext. For example, “HELLO”.
  2. Write the key underneath the plaintext. If the key is “KEY”, you repeat it to match the length of the plaintext:
Plaintext: H  E  L  L  O
Key:       K  E  Y  K  E
  1. Shift each letter of the plaintext by the corresponding letter of the key. Each letter in the plaintext is shifted forward in the alphabet by the position of the corresponding letter of the key. For instance:
    • “K” is the 11th letter of the alphabet (shift of 10).
    • “E” is the 5th letter of the alphabet (shift of 4).
    • “Y” is the 25th letter of the alphabet (shift of 24).

    So for each letter:

    • “H” shifted by “K” (11) becomes “R”.
    • “E” shifted by “E” (5) becomes “J”.
    • “L” shifted by “Y” (25) becomes “J”.
    • “L” shifted by “K” (11) becomes “W”.
    • “O” shifted by “E” (5) becomes “T”.

    The result is the ciphertext: “RJJWT”.

Decryption Process

To decrypt the message, the process is reversed. You subtract the shift rather than adding it.

  1. Write the ciphertext and the key again.
Ciphertext: R  J  J  W  T
Key:        K  E  Y  K  E
  1. Subtract the key value from the ciphertext.
    • “R” shifted back by “K” (11) becomes “H”.
    • “J” shifted back by “E” (5) becomes “E”.
    • “J” shifted back by “Y” (25) becomes “L”.
    • “W” shifted back by “K” (11) becomes “L”.
    • “T” shifted back by “E” (5) becomes “O”.

    The result is the original plaintext: “HELLO”.

Summary

  • Each letter of the plaintext is shifted according to a corresponding letter in the key.
  • The key is repeated to match the length of the message.
  • This makes the cipher much stronger than a Caesar cipher because the shifts are not constant and vary for each letter, making it harder to break with simple frequency analysis.
A square made up of letters of the alphabet A-Z across the top and A-Z down the side. the rest of the grid is made up of alphabets starting at B, then C, then D. It is a Vignette square and helps with encoding and decoding.

Here’s a handy Vigenère square to help you code and decode.

Why is it so hard to crack?

The Vigenère cipher is difficult to crack because it uses polyalphabetic substitution, meaning each letter in the plaintext can be encrypted differently based on a repeating key. This makes it much stronger than a simple substitution cipher like the Caesar cipher.

Multiple Cipher Alphabets

Unlike a Caesar cipher, which shifts every letter by the same amount, the Vigenère cipher shifts letters based on different positions in the key. This means that the same letter in the plaintext can be encoded in multiple ways, making frequency analysis (a common cryptanalysis method) far less effective.

Key Length Increases Complexity

The security of the cipher depends heavily on the length of the key. If the key is as long as the message and completely random (a one-time pad), it becomes unbreakable. Even with a shorter key, if the key length is unknown, attackers must first determine it before even attempting to break the cipher.

Limited Patterns in Frequency Analysis

In simpler ciphers, like the Caesar cipher, the most common letters (like ‘E’ in English) appear frequently, making it easier to guess shifts. The Vigenère cipher disrupts these patterns by spreading letter frequencies across multiple alphabets, hiding statistical clues.

Repetition Can Be the Weak Point

If the key is short and repeats, patterns can eventually emerge. Cryptographers use Kasiski Examination and Friedman’s Test to detect these repetitions and guess the key length. However, if the key is long and non-repeating, these methods become ineffective.

Computationally Expensive Without the Key

Without knowing the key length, breaking the cipher requires testing multiple possibilities, which grows exponentially harder with longer keys. Before modern computers, cracking a strong Vigenère cipher was nearly impossible.

Modern Cryptanalysis

Today, with computers, shorter Vigenère ciphers can be broken using brute-force methods or pattern analysis. However, it laid the foundation for modern encryption methods, and its principles are still used in modern cryptography to create more secure systems.

In short, the Vigenère cipher is hard to crack because it hides letter frequency, uses multiple shifting alphabets, and depends on the key length—making simple brute-force or frequency analysis attacks much less effective.

You have to remember that at the time this was the greatest advancement in cryptography in 1000 years. Francis Beaufort (yes, the one that invented the way we measure hurricanes) created a similar one called “Variant Beaufort” in the 19th Century. Even the ENIGMA machine in the Second World War used the idea of switching between cipher test alphabets.

So, if you’re looking for a quick and dirty way to hide things in other things, you can’t go wrong with using the Vigenère cipher!