Chris Spackman's NeoCities Page

Glossary: Cryptanalysis

Terms used on the cryptanalysis pages. For general cryptography and math terms, see the main glossary. For historical terms (Index of Coincidence, Kasiski examination, chi-squared test), see the early modern cryptanalysis glossary.

Quick Navigation

Attack Types

Frequency Analysis Attack

Breaking a cipher by studying how often each letter (or pair/triple of letters) appears in the ciphertext and comparing the pattern to the known frequency distribution of the language. In English, E appears about 13% of the time, T about 9%, A about 8%, and so on. A monoalphabetic substitution cipher preserves these frequencies, so the most common ciphertext letter is probably E. Combined with digraph and trigraph analysis, this can break any simple substitution cipher.

Used on: Breaking Substitution Ciphers, Breaking Vigenère

Ciphertext-Only Attack

An attack where the analyst has only the encrypted message — no known plaintext, no cribs, no other information. This is the hardest type of attack and the most realistic: in practice, you usually start with nothing but the intercepted message. All the techniques on these pages work in the ciphertext-only scenario.

Used on: Breaking Substitution Ciphers, Breaking Vigenère, Breaking Transposition

Known-Plaintext Attack

An attack where the analyst knows (or can guess) some of the original plaintext. For example, if a military message always starts with "REPORT FROM" or a letter always ends with "SINCERELY," that known text (called a crib) can be used to deduce parts of the key. Known-plaintext attacks are much easier than ciphertext-only attacks.

Used on: Breaking Substitution Ciphers

Brute-Force Attack

Trying every possible key until one produces readable plaintext. This is only practical when the key space is small. A Caesar cipher (26 keys) or a rail fence cipher (fewer than 10 practical key values) can be brute-forced in milliseconds. A substitution cipher (26! keys) cannot.

Used on: Breaking Transposition

Analysis Techniques

Pattern Analysis

Looking for structural patterns in the ciphertext that reveal information about the plaintext. This includes finding single-letter words (probably A or I in English), repeated sequences, and word-length patterns. In a substitution cipher, the structure of the plaintext is fully preserved — only the letters change — so pattern analysis is very powerful.

Used on: Breaking Substitution Ciphers

Digraph Analysis

Studying pairs of adjacent letters (digraphs) in the ciphertext. The most common English digraphs are TH, HE, IN, ER, and AN. In a substitution cipher, the most common ciphertext digraphs correspond to these common English pairs. In a transposition cipher, adjacent columns with high English digraph frequency are likely to be correctly placed next to each other.

Used on: Breaking Substitution Ciphers, Breaking Transposition

Trigraph Analysis

Studying triples of adjacent letters (trigraphs) in the ciphertext. THE is by far the most common English trigraph, followed by AND, ING, HER, and HAT. Finding a repeated trigraph in a polyalphabetic cipher is the basis of the Kasiski examination.

Used on: Breaking Substitution Ciphers, Breaking Vigenère

Anagramming (Column Anagramming)

A technique for breaking transposition ciphers, particularly columnar transposition. The ciphertext is arranged into columns, and the analyst tries rearranging the column order until the text reads as meaningful English. The correct arrangement is identified by looking for common English digraphs between adjacent columns.

Used on: Breaking Transposition

Crib

A piece of known or guessed plaintext that the analyst believes appears somewhere in the encrypted message. Cribs are enormously helpful: if you know the message starts with "DEAR SIR" or contains "ATTACK AT DAWN," you can use that knowledge to work out parts of the key. Military messages were often vulnerable to cribs because of standard formatting (headers, signatures, weather reports with predictable content).

Used on: Breaking Substitution Ciphers

Polyalphabetic Detection

Determining whether a ciphertext was produced by a polyalphabetic cipher (like Vigenère) rather than a monoalphabetic one. The primary tool is the Index of Coincidence: monoalphabetic ciphers have an IC near 0.067 (same as English), while polyalphabetic ciphers push the IC toward 0.038 (random). This distinction is the first step in any attack.

Used on: Breaking Vigenère

See Also

These terms are defined in the early modern cryptanalysis glossary, where they are discussed in historical context:

Index of Coincidence (IC)

A statistical measure of the "roughness" of a letter frequency distribution. Used throughout these pages to classify cipher type and verify key lengths. See full definition.

Used on: Breaking Vigenère, Breaking Transposition

Kasiski Examination

A method for finding the key length of a polyalphabetic cipher by looking for repeated sequences. See full definition.

Used on: Breaking Vigenère

Chi-Squared Test (χ2)

A statistical test for comparing observed letter frequencies to expected English frequencies. Used to find the correct Caesar shift for each column of a broken Vigenère cipher. See full definition.

Used on: Breaking Vigenère

Disclaimer: these pages are educational demos provided as-is, with no warranty of any kind. The author is not responsible for any consequences arising from their use.

Send comments and bug reports to chris@chrisspackman.com.

Version 0.1 — Last updated: 2026-02-26

This page is Copyright © 2025 – 2026 Chris Spackman <chris@chrisspackman.com>.
This web site developed entirely on GNU/Linux with Free / Open Source Software.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Creative Commons License