Talk:Vigenère cipher

This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science Low‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Low This article has been rated as Low-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Low-importance). Italy Low‑importance This article is within the scope of WikiProject Italy, a collaborative effort to improve the coverage of Italy on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ItalyWikipedia:WikiProject ItalyTemplate:WikiProject ItalyItaly articles Low This article has been rated as Low-importance on the project's importance scale.

To-do list for Vigenère cipher: edit · history · watch · refresh · Updated 2006-02-22 Fix and add to External links Describe relationship to the Simple XOR cipher and One-time pad Describe Vigenère's version of the cipher in greater detail Describe how Babbage broke Vigenere's cipher in greater detail Priority 4

I changed the wording to make it more prominant because I just redirected le chiffre indéchiffrable here. If someone types it in and it is redirected, I think it would be best if it is in the lead and bolded. Rewording it (yeah starting sentences with because are akward and bad- i think even ungrammatical) would be fine by me if it is still at the top. Broken S

The Charles Babbage article contradicts this:

The autokey cipher was generally called "the undecipherable cipher", though owing to popular confusion, many thought that the weaker polyalphabetic cipher was the "undecipherable" one.

If that's correct then le chiffre indéchiffrable should redirect to Autokey cipher and this section corrected.

"Vigenère"?

Also, the Vigenère table shown is interesting because of its selective use of borders. It only has borders where they matter, unlike 90% of Wikipedia tables which look like ugly grid messes.

I don't know IPA but it is roughly pronounced "vi-je-nair". Also that table is an image not a table, that's why it look different. BrokenSegue 04:24, 22 February 2006 (UTC)[reply]

I don't understand why anyone would say:

${\displaystyle C_{i}\equiv (P_{i}+K_{i})\mod 26}$

and decryption,

${\displaystyle P_{i}\equiv (C_{i}-K_{i}+26)\mod 26}$

since 26 is congruent to 0, modulo 26.

It should simply be written:

${\displaystyle P_{i}\equiv (C_{i}-K_{i})\mod 26}$

I removed the useless zero in the previous version.

- Dr. Morelos

Adding 26 ensures that C_i-K_i is positive; computing residues of negative numbers looks weird to computer scientists. Lunkwill 18:12, 3 June 2006 (UTC)[reply]

By using the ${\displaystyle \equiv }$ sign as well as the 26, we're confusing two things: one is the compsci use of mod as an operator, and the other is the maths syntax for expressing modular equivalence. I suggest we use the maths syntax — the need for adding 26 is an implementation detail. — Matt Crypto 22:55, 3 June 2006 (UTC)[reply]

I removed the 26. BrokenSegue 17:41, 17 June 2006 (UTC)[reply]

Correct is either writing this as a congruence relation:

${\displaystyle P_{i}\equiv C_{i}-K_{i}{\pmod {26}}}$

or using the modulo operation

${\displaystyle P_{i}=(C_{i}-K_{i})\,{\bmod {2}}6}$

where in the second case we have to explicitly specify that modulo operation always returns a nonnegative integer, because the modulo operation does not have a clear definition. 85.0.100.59 05:57, 30 October 2007 (UTC)[reply]

The History section of this article need lots of cleanup and expansion. I don't really have the time now, but the book "Khan on Codes" would be a good source. Suspender guy (talk) 14:07, 21 March 2017 (UTC)[reply]

Is it worth pointing out that the Tabula Recta is a tabular representation of Alberti's cipher disk?

The article states that the Vigenère Cipher is miscalled by that name, and it mentions that the Vigenère table is also known as a Tabula Recta - but doesn't say why.

A Tabula Recta contains the shifted alphabets in their normal alphabetical order. There were other tables with disarranged alphabets that looked like a Sudoku problem.

Trithemius described a 24-letter table in his Polygraphia:

In hoc tabula literarum canonica sive recta tot ex uno et usuali nostro latinarum ipsarum per mutationem seu transpositionem habes alphabeta, quot in ea per totum sunt monogrammata ... Even if you can't read Latin, you can see English words: (roughly) In this regular table of letters in the usual order of our Latin alphabet although altered and shifted ... NOTE: a 'transposition' to Trithemius was a Caesar shift.

There are a couple of small points about the table. Line D is the standard Caesar Shift where A becomes D (by adding Caesar's initial).

Line N is latter-day ROT13. It's also the basis of della Porta's polygraphic table that appeared in De Furtivis Literarum Notis in 1563. The pattern is from the Hebrew ALBAM, the brother of ATBASH, dating from ca 500 BC (?) Della Porta produced a sort of half-size tableau with two key letters assigned to each line and intended the table to be used with a keyword.

Trithemius did suggest how to use the table as a Progressive Cipher. You moved down a line for each letter of your message; which reflected Alberti's proposal of turning his disk by one letter at the start of each word.

Incidentally, Alberti disks were still issued to the U. S. Signals Corps in the 20th century. The cipher system was called 'Larabee' and it was essentially Vigenère.

The name sticks to a cipher which Vigenère did not claim as his own. His invention was an AUTOKEY wherein the text enciphered itself. This, strictly, is the original sense of le chiffre indéchiffrable - though it often proved equally indecipherable to its users because a single error produces garbage in the rest of the encipherment.

Lewis Carrol described the Vigenère Variant, which is sometimes called The Lewis Carrol Cipher. In the variant, the key is subtracted from plain text instead of added. The Beaufort subtracts plain from key. The Gronsfeld uses numbers instead of letters (or you can think of it as A - J where A is zero).

--Doesn't sound like much of a variant to me! It is equivalent to using a different key. 86.154.82.20 00:49, 24 August 2007 (UTC)[reply]

I've never come across the term 'Beaufort Variant' which could be misleading. Today the gentleman is remembered for his Wind Scale rather than his cipher.

The term "Variant Beaufort" is also known as "the variant". Beaufort is its own inverse (if C yields T, then T yields C). The act of encryption with the variant is the same as decryption with the Vigenere (the key is different), and vice-versa. Refer to HF Gaines, _Cryptanalysis_, Chapter XIII, p125, 1939, Dover Press. —Preceding unsigned comment added by 74.176.75.224 (talk) 03:54, 7 November 2009 (UTC)[reply]

These literal ciphers can be reproduced in a spreadsheet. Using upper case makes it simple as you restrict the range to 65-90. For plain vanilla Vigenère =MOD(PlainChar + KeyChar,26)+65

Modern English only acquired 26 letters in the 18th century. --Steve 04:41, 15 June 2006 (UTC)[reply]

Neat! Thanks for the exposition. Lunkwill 06:16, 15 June 2006 (UTC)[reply]

This article states Charles Babbage had developed the cryptographical technique now called Kasiski examination in 1854. Article http://en.wikipedia.org/wiki/Kasiski_examination states it happened in 1846. I believe one of the dates has to be corrected. Unfortunately, I am currently not aware of a reliable source of information for the fact. Vilpan (talk) 18:08, 11 May 2009 (UTC)[reply]

The French word for unbreakable is "incassable" according to my French volumes. Casser (to break) is the root, as in "casse-tete", for "break-head" which is used sometimes to describe puzzles. "Le chiffre indéchiffrable" translates directly as "the indecipherable cipher," since the root of "indéchiffrable" is "chiffre." I haven't changed this since I may not know the precedent for using the "unbreakable" translation.--WPaulB 02:32, 3 March 2007 (UTC)[reply]

yeah, I agree undecipherable seems more correct, but for a cipher what's the difference between unbreakable and undecipherable? BrokenSegue 23:43, 10 June 2007 (UTC)[reply]

We want to use an idiomatic translation, to capture the meaning. In current American English usage, "undecipherable" could connote "illegible" or "incorrectly enciphered" as well as "unbreakable". I think "unbreakable" captures the intent more precisely. — DAGwyn 20:23, 13 June 2007 (UTC)[reply]

sorry to intervene this neat todo-list, but I have something to say (I'm not a skilled/trained/experienced wikipedia-contributor, so i don't know how to put this right :P): the picture of "The Vigenère square or Vigenère table" overlaps the paragraph left of it, speaking of 26! possibilites and so on. screen-resolution:1280x1024. using firefox.

Doesn't do that for me... Don't know why it would break like that. BrokenSegue 23:44, 10 June 2007 (UTC)[reply]

It seems okay under Firefox 2.0.0.3 on Solaris. Perhaps you have a PNG viewer enabled that mispositions images? — DAGwyn 20:19, 13 June 2007 (UTC)[reply]

I get this error too. Firefox 2.0.0.6 on Kubuntu. Perhaps it is a font thing. That often messes up layouts. 86.154.82.20 00:52, 24 August 2007 (UTC)[reply]

What are people's views on adding the likely reason for Babbage not publishing his method, i.e. that he had contacts with the government of the day and may have been asked not to publish? This is mentioned in the Simon Singh book already referenced (albeit in the English edition entitled "The Science of Secrecy"). --TraceyR 17:56, 6 September 2007 (UTC)[reply]

It appears to be pure speculation on Singh's part, therefore not something worth reporting in an encyclopedia. I note that Singh has definitely got several other things wrong in his book. — DAGwyn 06:09, 7 September 2007 (UTC)[reply]

From the article:

This cipher is well known because while it is easy to understand and implement, it often appears to beginners to be unbreakable; this earned it the description le chiffre indéchiffrable (French for 'the unbreakable cipher'). Consequently, many people have tried to implement obfuscation or encryption schemes that are essentially Vigenère ciphers, only to have them broken[1]

The way I interpret this paragraph is that BECAUSE the Vingenere cipher was thought to be unbreakable, folks went out and wrote their own schemes that were (a) sometimes obfuscation so not even related to Vingenere Cipher and (b) ciphers that were based on the same principal as Vingerere and shared the weakness. Certainly (a) does not follow. And I don't believe the reference [1] would make that statement, but it could be illogical also ;-) —Preceding unsigned comment added by 24.99.85.51 (talk) 05:42, 24 January 2008 (UTC)[reply]

I fixed the sentence. Obfuscation isn't relevant and merely, um, obfuscates the issue. — DAGwyn (talk) 21:29, 24 January 2008 (UTC)[reply]

Test was invented in 1920, not in 1925, according to http://www.nsa.gov/cch/cch00005.cfm.

It should be changed, I think. I'm not sure, because there are other sources with 1922.

My native language is Serbian, and I'll put 1920. on sr.wikipedia.

Senior-sr (talk) 13:06, 30 January 2008 (UTC)[reply]

The kappa test is just a simple application of the index of coincidence, and probably evolved over some period of time. I changed the article to say "in the 1920s". — DAGwyn (talk) 19:20, 30 January 2008 (UTC)[reply]

Does speculation suddenly become not speculation, simply because we've cited who was speculating? Singh offers no evidence as to why Babbage did not publish, he simply states a possibility. It seems equally likely, to me, that Babbage did not publish because he was not the discoverer.

Franksen offers the only detailed examination of Babbage's cryptographic notes that I've found. And he finds nothing to indicate that Babbage had invented Kasiski's method. He says that Babbage's notes simply showing him using Kasiski's method - and Kerckhoff's (which I notice we do not credit Babbage for) - in a purely matter-of-fact way. Were these attacks generally known, among the cognoscenti, long before they were published?

I've often wondered whether the Vig actually had the reputation for unbreakability that is so often claimed for it - among the pros, at least. Vigenere's own offerings were, after all, variations that would have defeated the Kasiski examination. Was he aware of the attack, that long ago? If it really was unbreakable, why did no one use it?

But my speculations in this area have no more business being in the article than do Singh's. Speculation is cheap and easy. It provides topics of conversation, no more.

--jdege (talk) 23:05, 10 August 2009 (UTC)[reply]

Something that might belong in this article is some reference to the probable word attack. There is an article discussing this in Aegean Park's "Cyptography and Cryptanalysis Articles: Volume I". As an attack against the Vig and other periodic polyalphabetics, it's less often successful than the Kasiski, but then the Kasiski is less often successful than the Vig, so that doesn't mean it's not worth a mention.

The probable word attack predates the Kasiski by quite a bit. There is an example of using the probable word method to attack a Gronsfeld cipher in William Blair's article "Cipher", from Abraham Rees' "Cyclopedia", published in 1807. (Jules Verne describes the decryption of a Gronsfeld in his 1881 novel "La Jangada", and my guess is that technique came from Blair's Cyclopedia article, but that's just speculation, again.)

--jdege (talk) 23:05, 10 August 2009 (UTC)[reply]

Probable-text is just a general tactic used as part of cryptanalysis against many systems; it is not Vigenère-specific. In fact, in doesn't help much at all against this system when mixed alphabets are used in the tableau. — DAGwyn (talk) 20:43, 16 February 2015 (UTC)[reply]

The example given in the Kasiski examination section only works because of the number of letter between the recurring word (CYPHER). If that wouldn't happen to be a multiple of the recurring word the whole example would fail. While the Kasiski method may work with longer texts and frequent occurrences, the example given is extremely misleading (in addition to it not working with the given spaces - which I've removed already).

I would suggest to drop this example altogether, or find one that gets this point across better. 69.196.191.24 (talk) 12:55, 8 July 2010 (UTC)[reply]

I can't see any CYPHER anywhere, you presumably mean CRYPTO. That has length 6, and the gap between its two occurrences has length 10, which is not a multiple of 6, hence what you say does not make much sense to me. The reason, and the only reason, why the example works, is that 16 is a multiple of the key length (4), as explained in the text, and that's exactly the point the example is trying to get across.—Emil J. 13:17, 8 July 2010 (UTC)[reply]

Yes, the method is valid, and indeed not 'every' repetition provides an entry, just those that happen to have starting locations that differ by a multiple of the key size. — DAGwyn (talk) 22:20, 23 July 2010 (UTC)[reply]

In this day of computer programs, using modulo 26 or 256 is thought to be indispensable. I learned the cipher from a German book that built the table on a 25 character alphabet. To be correctly implemented, the alphabet starts the same as with the lossless version, but at the 25th character, the pattern takes the 26th letter (z) as the first letter in the next line. Under this implementation, the letter "z" cannot be encrypted, but does come up in ciphertext. As a result, encryption/decryption results in gaps in the decrypted version, both where the letter "z" occurred in the plaintext, AND where the letter "Z" cropped up in the cipher text.

While this appears to be a worthless defect, I feel it is an important historical artifact.

That being said, the pattern of "z'z" is unique for every password, and as such, I speculate that the resulting pattern of gaps makes for a watermark of sorts.

The same German book also pointed out that the alphabet for the square need not be sequential, and suggested a cryptographic salt (this book used "seed") of rearranging the alphabet; specifically, choose a salt word, remove duplicate letters, and precede the remainder of the alphabet that way.

Ex: proceed.

procedabfghijklmnqstuvwxyz — Preceding unsigned comment added by Hamiltek (talk • contribs) 21:40, 8 August 2012 (UTC)[reply]

I didn't quite follow your description of the operation of that "lossy" system, but the idea would not be specific to the Vigènere system. It might be that the cited book got it confused with the behavior of systems like the M-209, which in decoding mode intentionally substitutes a space for the letter original Z.

As to (keyword-)mixed alphabets, again they are not specific to the Vigènere system. Although they aren't mentioned in the basic Cryptography article (which really could use beefing up), they should be. — DAGwyn (talk) 11:17, 11 August 2012 (UTC)[reply]

The article currently states that "So if the key length is known (or guessed) then subtracting the cipher text from itself, offset by the key length will produce the cipher text encrypted with itself. " - I'm not too sure what is intended here (or whether what is said is correct). Is the editor stating that "subtracting the cipher text from itself, offset by the key length" will actually result in the cipher text Vigenère encrypted by the cipher text!? This might do with some explanation (if it is the case). Looking at the modulo arithmetic equations, what we MAY have is that, by following this process of "subtracting the cipher text from itself, offset by the key length", the Key will be completely subtracted out AND we will end up with the plain-text message subtracted from a shifted version of itself (barring the first m letters, which will just be the first m letters of the ciphertext). Following the argument of the article (for key length m, as in the article already) : "This is useful if the key is an obscure sequence of letters because the plain text will generally be ordinary words." Once you have :

${\displaystyle C_{i}-C_{(i+m)}=E_{K}(M_{i})-E_{K}(M_{(i+m)})=(M_{i}+K_{i})-(M_{(i+m)}+K_{(i+m)})=M_{i}-M_{(i+m)}\mod {26}}$

as ${\displaystyle K_{i}=K_{(i+m)}}$ (due to key repetition), where (technically) we take the key length to be repeated for the duration of the message length (so that ${\displaystyle K=K_{0}\dots K_{m}K_{0}\dots K_{m}K_{0}\dots K_{m}\dots }$ -with the number of repetitions being the least number needed to just exceed the message length). Thus, IF you carry this process out, you have the message subtracted from a shifted version of itself, which (presumably) can reveal all sorts of useful information (though it's not clear exactly what). AnInformedDude (talk) 04:21, 4 November 2012 (UTC)[reply]

I agree that this section is misleading, and wrong. If you subtract (modulo the alphabet size) the cyphertext from a shifted version of it, you will get the plaintext decrypted with a shifted version of the plaintext. This might help you if parts of the plaintext can be guessed.

--Jonas Wagner (talk) 18:08, 29 March 2014 (UTC)[reply]

The Algebraic description in the current version only makes sense if the key is as long as the message, i.e. n <= m. This should be corrected —157.161.190.9 (talk) 09:09, 15 December 2014 (UTC)[reply]

Fixed. —DAGwyn (talk) 20:55, 16 February 2015 (UTC)[reply]

Hello fellow Wikipedians,

I have just added archive links to one external link on Vigenère cipher. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive http://web.archive.org/web/20060411103244/http://sharkysoft.com:80/misc/vigenere/ to http://sharkysoft.com/misc/vigenere/

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 19:51, 27 February 2016 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on Vigenère cipher. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20110624100854/http://www.aolnews.com/2010/12/25/civil-war-message-in-a-bottle-opened-decoded/ to http://home.att.net/~tleary/cryptolo.htm

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 11:36, 21 July 2016 (UTC)[reply]

Seems to be a good idea to rewrite the history following these sources describing the complicated process of polyalphabetic cipher development: https://www.academia.edu/64924029/Trithemius_Bellaso_Vigen%C3%A8re_Origins_of_the_Polyalphabetic_Ciphers, http://cryptiana.web.fc2.com/code/gronsfeld.htm and https://www.academia.edu/62511944/Who_Made_the_Vigen%C3%A8re_Cipher_as_Known_Today Also, could someone please reproduce the square tables made by the first author under a free license? 5.178.188.143 (talk) 10:47, 18 January 2024 (UTC)[reply]

Sources must be reliable. The first paper mentioned above seems to have been published in the Proceedings of the 3rd International Conference on Historical Cryptology, HistoCrypt 2020; I'm not familiar with that conference; someone more familiar with it would have to say of those papers are reliable.

The others appear to be self-published. Self-published papers must have been written by someone who has had some work published by a reliable publisher and be an expert in the field. I found that the author of other papers, Satoshi Tomokio, is described by Oregon Public Broadcasting to have been published in Cryptologia so I think those source could be used with care. Jc3s5h (talk) 18:00, 18 January 2024 (UTC)[reply]