Classic Ciphers Explained: Caesar, Atbash, Vigenère, and Polybius

Before modern cryptography — before AES, RSA, and public-key infrastructure — people hid messages by rearranging or replacing letters using simple, systematic rules. These classical ciphers are elegant in their simplicity, and completely broken by modern standards. Understanding how they work builds intuition for what cryptographic strength actually requires.

Caesar Cipher

The Caesar cipher is the most famous substitution cipher in history, named for Julius Caesar who used it in military correspondence. It shifts every letter in the alphabet by a fixed number of positions.

Shift of 3 (Caesar's original):

Plain:  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Encrypting "HELLO":

H (+3) → K
E (+3) → H
L (+3) → O
L (+3) → O
O (+3) → R
Result: KHOOR

Decrypting uses the same process in reverse — shift back by the same amount (or shift forward by 26 − key).

Why It's Trivially Broken

With only 25 possible shifts (shift 0 is no encryption), a brute-force attack means trying 25 combinations by hand. A modern computer cracks it in microseconds. Even without a computer, frequency analysis defeats it: in English text, E is the most common letter (~13%), followed by T, A, O, I, N. If X is the most frequent letter in a ciphertext, the shift is likely 23 (X − E = 23).

Atbash Cipher

Atbash is an ancient Hebrew cipher that maps the alphabet to its mirror. The first letter (A) becomes the last (Z), the second (B) becomes the second-to-last (Y), and so on.

Plain:  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: Z Y X W V U T S R Q P O N M L K J I H G F E D C B A

Encrypting "HELLO":

H → S
E → V
L → O
L → O
O → L
Result: SPOOL

Atbash is its own inverse — applying it twice returns the original plaintext. Encrypting and decrypting use identical operations.

Cryptographic Weakness

Atbash has no key at all — the substitution alphabet is fixed and universally known. Anyone who recognizes the pattern can decode it instantly. It offers no real security; its historical value is as a concealment technique that assumed the observer wouldn't know the method, not as a cipher that assumes they do (Kerckhoffs's principle).

Vigenère Cipher

The Vigenère cipher extends Caesar by using a keyword to vary the shift for each letter. For centuries it was considered unbreakable and was called le chiffre indéchiffrable (the indecipherable cipher). Babbage (and later Kasiski) cracked it in the 1800s.

Key: CAT (repeating)

Position	Plaintext	Key	Key shift	Ciphertext
1	H	C	2	J
2	E	A	0	E
3	L	T	19	E
4	L	C	2	N
5	O	A	0	O
6	W	T	19	P

The key repeats for as long as the message. With a longer key, any given shift appears less frequently, making frequency analysis harder.

The Kasiski Test

If the same key sequence encrypts the same plaintext, the same ciphertext appears. Finding repeated sequences in the ciphertext and measuring the distance between them reveals probable key lengths — common divisors of the distances are likely key lengths. Once the key length is known, each "stream" of letters (positions 1, 7, 13... for a 6-character key) was encrypted with the same shift, reducing to a Caesar cipher that frequency analysis breaks.

A one-time pad — a Vigenère cipher where the key is as long as the message, truly random, and never reused — is provably unbreakable. Shannon proved it mathematically. The practical problems are key distribution (the key must be as long as every message you'll ever send) and never reusing the key (any reuse enables the Kasiski attack).

Polybius Square

The Polybius square, invented by the Greek historian Polybius in 150 BC, encodes letters as numeric coordinates in a 5×5 grid. It was originally used to signal messages by holding up numbers of torches.

Standard arrangement (I and J share a cell):

     1   2   3   4   5
1  [ A ] [ B ] [ C ] [ D ] [ E ]
2  [ F ] [ G ] [ H ] [I/J] [ K ]
3  [ L ] [ M ] [ N ] [ O ] [ P ]
4  [ Q ] [ R ] [ S ] [ T ] [ U ]
5  [ V ] [ W ] [ X ] [ Y ] [ Z ]

Each letter is encoded as its row number followed by column number.

Encoding "HELLO":

H → row 2, col 3 → 23
E → row 1, col 5 → 15
L → row 3, col 1 → 31
L → row 3, col 1 → 31
O → row 3, col 4 → 34
Result: 2315313134

Decoding: read pairs of digits, look up each coordinate.

Uses and Derivatives

The Polybius square influenced several later ciphers:

• ADFGVX cipher — used by Germany in WWI, extended Polybius with a transposition step
• Bifid cipher — uses two Polybius squares and mixes row/column coordinates across adjacent letters
• Tap code — a Polybius variant used by prisoners to communicate by tapping on walls

Why Classical Ciphers Are Insecure

All substitution ciphers share a fundamental weakness: they're deterministic and key-agnostic at the character level. Given enough ciphertext, frequency analysis exploits statistical properties of language (letter frequencies, digraph frequencies, word patterns) to recover the plaintext.

The principles that make modern ciphers secure — that classical ciphers lack:

Key space — Caesar has 25 keys. AES-256 has 2²⁵⁶ ≈ 10⁷⁷ keys. Brute force is computationally impossible.

Diffusion — A single-bit change in plaintext should change ~50% of the ciphertext bits. Classical ciphers change exactly one character per changed character.

Confusion — The relationship between key, plaintext, and ciphertext should be complex and non-linear. Classical ciphers have simple, linear mappings.

Resistance to known-plaintext attacks — If an attacker has even a few plaintext-ciphertext pairs, classical ciphers collapse. Modern ciphers are designed to remain secure even when the attacker knows plaintext.

Tools

Encode and decode text with the Atbash Cipher tool — it applies the mirror substitution and shows the full substitution alphabet. The Polybius Square Cipher tool converts text to row/column coordinate pairs and back, with a visual grid display. For Caesar and Vigenère ciphers, see the Caesar Cipher and Vigenère Cipher tools respectively.