Encrypt and decrypt messages using two classical substitution ciphers. Apply frequency analysis to break them — seeing why simple substitution ciphers are vulnerable to statistical attacks.
The Caesar cipher shifts each letter by a fixed amount; the Vigenère cipher uses a repeating keyword to shift each letter by a different amount. Frequency analysis reveals the key by comparing letter distributions against known language statistics.
Type a message, choose a key, and watch the ciphertext appear. The frequency histogram shows letter distributions. The attack panel tries all possible keys (Caesar) or uses the Index of Coincidence (Vigenère).
The Vigenère cipher was considered unbreakable for 300 years until Charles Babbage and Friedrich Kasiski independently discovered statistical attacks in the 1860s.
This tool encrypts and decrypts text with two classical substitution ciphers. The Caesar cipher shifts every letter by a fixed amount, so a letter at position c becomes (c + shift) mod 26. The Vigenère cipher extends this idea with a repeating keyword, so each letter is shifted by a different amount drawn cyclically from the key. Live letter-frequency histograms and the Index of Coincidence reveal exactly why these ciphers leak statistical structure and can be broken.
It applies modular shift arithmetic over the 26-letter alphabet. Caesar uses one shift; Vigenère repeats a keyword (each key letter A–Z maps to a shift of 0–25). Two bar charts compare the input and output letter frequencies against the standard English distribution, and the Index of Coincidence (IC) measures how "flat" the ciphertext frequencies have become.
Pick Caesar or Vigenère with the mode buttons. For Caesar, drag the Shift slider (0–25); for Vigenère, type a keyword (up to 20 letters) in the Key field. Type or paste a message in the input box, and the ciphertext updates instantly. The Encrypt ⇄ Decrypt button reverses the operation, and the stat pills report character count, letters and IC.
The Vigenère cipher was long called "le chiffre indéchiffrable" and was thought unbreakable until Friedrich Kasiski published a general method in 1863, building on earlier work by Charles Babbage. Their attacks first recover the key length, then break it into separate Caesar ciphers.
A Caesar cipher uses a single fixed shift for the whole message, so there are only 25 useful keys. A Vigenère cipher uses a repeating keyword where each letter contributes its own shift, so the same plaintext letter can map to several different ciphertext letters. This makes Vigenère a polyalphabetic cipher, which hides letter frequencies far better than the single-alphabet Caesar.
Each letter is converted to a number 0–25 (A=0, Z=25). For Caesar, the output is (c + shift) mod 26. For Vigenère, the shift comes from the next key letter, cycling through the keyword. Decryption subtracts the shift instead, which the simulation does by adding (26 − shift) mod 26. Non-letter characters such as spaces and punctuation are left unchanged.
The histograms show how often each letter appears, plotted against the typical English distribution (E, T, A and O are most common). A Caesar cipher keeps the same shape but slides it sideways, while Vigenère smooths it out. The Index of Coincidence (IC) measures that flatness: ordinary English sits near 0.067, whereas random or strong polyalphabetic text approaches 0.038.
For Caesar, you simply try all 25 shifts and pick the one whose frequencies match English; the sideways slide of the histogram points to the key. For Vigenère, attackers first estimate the keyword length (using methods such as Kasiski examination or the IC), then split the text into columns that each form a Caesar cipher and solve them with frequency analysis.
No. Both are educational classical ciphers and offer no real security against a computer. A Caesar cipher can be cracked by hand in seconds, and Vigenère falls quickly once the key length is known. Modern encryption uses algorithms such as AES and RSA, which resist the statistical attacks that defeat simple substitution ciphers.
This simulation lets you encrypt and decrypt text using two foundational classical ciphers: the Caesar cipher, which shifts every letter by a fixed amount in the alphabet, and the Vigenere cipher, which applies a repeating keyword to shift each letter independently. Live letter-frequency histograms and the Index of Coincidence update in real time, making it possible to see exactly how statistical structure leaks through simple substitution and why these ciphers are vulnerable to cryptanalysis.
Classical substitution ciphers were used for centuries to protect diplomatic and military communications. Julius Caesar reportedly used a shift of 3 to protect messages, while the Vigenere cipher served European diplomats and military commanders from the 16th century onward, earning the nickname "le chiffre indechiffrable" before modern cryptanalysis techniques broke it in the 1800s.
A Caesar cipher is a monoalphabetic substitution cipher that replaces each letter with the letter a fixed number of positions later in the alphabet, wrapping around from Z back to A. For example, with a shift of 3, the letter A becomes D, B becomes E, and so on through the alphabet. Because there are only 25 non-trivial shifts possible, the Caesar cipher is extremely easy to break by trying each one.
The Vigenere cipher is a polyalphabetic substitution cipher that uses a repeating keyword instead of a single shift. Each letter of the keyword specifies its own shift value (A=0, B=1, ..., Z=25), and those shifts cycle through the message. This means the same plaintext letter can encrypt to different ciphertext letters depending on its position, which disrupts simple frequency analysis that breaks Caesar ciphers instantly.
In natural English text, letter frequencies are uneven: E appears about 12.7% of the time while Q appears only 0.1%. A Caesar cipher preserves this pattern but shifts it sideways, so the histogram retains the same distinctive shape. The Vigenere cipher flattens the histogram by spreading each plaintext letter across multiple ciphertext letters, but with a short key the flattening is incomplete and statistical peaks remain detectable.
The Index of Coincidence (IC) measures how unevenly distributed letter frequencies are in a text. It is calculated as the sum over all 26 letters of n_i * (n_i - 1) divided by N * (N - 1), where n_i is the count of each letter and N is the total letter count. Standard English has an IC near 0.067 because its letter distribution is uneven. Random or strongly polyalphabetic ciphertext approaches 0.038 because frequencies become more uniform. The IC is used in the Kasiski-Friedman attack to estimate the Vigenere key length.
Breaking Vigenere is a two-step process. First, the attacker determines the key length using either the Kasiski examination (searching for repeated sequences in the ciphertext, whose spacing tends to be multiples of the key length) or by testing the IC at different stride lengths. Once the key length k is known, the ciphertext is split into k groups where each group was encrypted with the same Caesar shift, and each group is independently broken by frequency analysis.
No. Both are purely educational ciphers that are broken trivially by any modern computer. A Caesar cipher has only 25 possible keys and can be solved by inspection in seconds. Even a long Vigenere key offers no meaningful security because the statistical attacks by Kasiski and Friedman require only modest computation. Real-world encryption uses algorithms such as AES (symmetric) and RSA or elliptic-curve cryptography (asymmetric), which are designed to resist both brute force and statistical attacks even with hardware far beyond what exists today.
The cipher is named after Blaise de Vigenere, a French diplomat who published a description in 1586, though similar polyalphabetic schemes were described earlier by Giovan Battista Bellaso in 1553. For nearly 300 years it was considered unbreakable. Charles Babbage broke it around 1854 using a repeating-sequence analysis, but never published the method. Friedrich Kasiski independently published the key-length attack in 1863, which is why the technique is often called the Kasiski test. William Friedman later formalized the IC-based approach in the early 20th century.
Frequency analysis is the technique of exploiting the fact that different letters appear at predictable rates in natural language text. It was pioneered by the Arab polymath Al-Kindi around 850 CE in his manuscript "A Manuscript on Deciphering Cryptographic Messages," making him arguably the first cryptanalyst. By comparing the frequency distribution of ciphertext letters against the known distribution of the target language, an analyst can identify which ciphertext letter most likely represents which plaintext letter and recover the message without knowing the key.
After understanding classical substitution ciphers, the logical next topics are modern public-key cryptography. RSA Key Exchange demonstrates how a trapdoor function based on the difficulty of factoring large numbers underpins most internet security. Diffie-Hellman Key Exchange shows how two parties can agree on a shared secret over a public channel using modular exponentiation. Elliptic Curve Cryptography extends the Diffie-Hellman idea to algebraic curves, achieving equivalent security with much shorter keys.
Pure substitution ciphers are not used in modern secure systems, but the conceptual building blocks survive in more sophisticated forms. The S-boxes (substitution boxes) inside AES perform byte-level substitution designed to have no statistical correlation with the input, directly addressing the weakness that breaks Caesar and Vigenere. ROT13, a Caesar cipher with shift 13, is still used informally online to obscure spoilers or puzzle answers because it is self-inverse (applying it twice recovers the original), though it provides no security whatsoever.
While classical ciphers are fully understood, active research continues on related problems. Side-channel attacks analyze power consumption, timing, or electromagnetic emissions of hardware running modern ciphers to extract keys without breaking the algorithm mathematically. Post-quantum cryptography is an urgent open area: algorithms like RSA and elliptic-curve cryptography will be vulnerable to Shor's algorithm once sufficiently large quantum computers are built, so NIST has been standardizing new lattice-based and hash-based algorithms. The historical study of undeciphered scripts such as Linear A and the Voynich Manuscript also continues, blending classical cryptanalysis with archaeology and linguistics.