Cybersecurity Basics – Cracking Simple Ciphers

Understanding cybersecurity begins with understanding how information can be protected — and how it can be broken. In the classroom, simple ciphers offer an engaging way to introduce encryption, decryption, and the logic behind keeping data safe.

---

What is a Cipher?

A cipher is a method of changing a message so that only someone with the key can read it. The message before encryption is called plaintext, and after encryption it becomes ciphertext.

For example, using a Caesar cipher, each letter is shifted by a fixed number of places.

• Shift by 3: A → D, B → E, C → F
  So the message “HELLO” becomes “KHOOR”.

---

Cracking the Code

Students can attempt to decrypt messages by:

• Trying different shift values (a brute-force approach).

• Looking for common letters or patterns such as “E” or “THE”.

• Comparing frequency counts of letters in the ciphertext with normal English usage.

This develops logical thinking and introduces real principles of codebreaking.

---

Beyond Caesar

Once students understand simple substitution ciphers, they can explore:

• Keyword ciphers – where a secret word defines the letter substitutions.

• Transposition ciphers – where letters are rearranged rather than replaced.

• Frequency analysis – a statistical approach used in classical cryptography.

These challenges demonstrate that security relies not only on clever systems, but also on their resistance to reverse-engineering.

---

Cybersecurity Connections

Modern encryption algorithms work on the same principles but at a vastly more complex scale. Understanding basic ciphers helps students see:

• Why strong passwords and encryption keys matter.

• Data protection relies heavily on mathematics and computation.

• Why cybersecurity is an essential modern skill.

---

Why It Works in Teaching

Breaking codes gives students immediate feedback — a satisfying sense of discovery. It brings computing, logic, and maths together while encouraging persistence and reasoning.

Simple ciphers are a fun introduction to a serious subject: the protection of digital information in the modern world.

How to approach cracking a transposition cipher

1. Identify it’s a transposition cipher

Signs that a ciphertext is transposition (not substitution):

• Letter frequency looks like plain English (E, T, A still common) but text is unreadable.

• Common digrams/trigrams exist but in wrong positions.

• Ciphertext length unchanged; no new symbols introduced.

If letter frequencies are very altered, you may have a substitution or a mixed cipher.

2. Try to recognise the type

Common kinds you will meet in classroom puzzles:

• Columnar transposition (write plaintext in rows and read out by columns in some key order).

• Rail fence (zig-zag writing and read across rails).

• Route/spiral transpositions (write into a grid by route, read out by another route).

• Double transposition (apply two different columnar transpositions).

Start with columnar and rail fence — they’re the most frequent in exercises.

3. Useful observations and tests

• Look for probable words (cribs). If you suspect a word like THE, AND, or a place name, try to place it in candidates.

• Try likely key lengths. For columnar, reasonable classroom keys are small (3–10). For rail fence, try 2–6 rails.

• Examine repeated patterns. If the same group of letters recurs at regular intervals that suggests grid/column structure.

• Index of coincidence is usually close to English for transposition — use that to rule out substitution.

4. Manual columnar-cracking technique (basic)

For columnar transposition:

1. Guess a number of columns n. (If ciphertext length L, rows ≈ L/n.)

2. Write the ciphertext into n columns top-to-bottom (or into rows and then read by columns depending on convention).

3. Try permutations of column order to see which permutation yields readable plaintext.

4. Shortcuts:

   • If you see short common words split across columns, try permutations that bring those letters together.

   • Use likely cribs: place the crib in all possible positions in the candidate plaintext and see if columns can be re-ordered to make it match.

Manual solving is feasible for small n and short messages. For larger keys or double transpositions, use a computer.

5. Rail-fence cracking (quick)

• Try various rail counts r.

• Reconstruct plaintext by writing characters along a zig-zag of r rails and reading row by row; compare resulting text to English.

• A common clue is that small r values often reveal partial words quickly.

6. Automated / algorithmic approaches

When manual methods stall, use automated search:

• Brute force all key permutations (only feasible for small key lengths — n! grows fast).

• Scoring function: rate candidate plaintexts by English-language fitness (word-list hits, common bigrams/trigrams, log probability). Choose top-scoring candidates.

• Heuristic search: hill-climbing, simulated annealing or genetic algorithms can efficiently find good permutations for large keys (used in classical cryptanalysis).

• Crib dragging: if you know or guess a plaintext fragment, slide it along and check consistency with a transposition model.

7. Double transposition

• Try single transposition first to see if you get English fragments.

• If it’s double, you may need heuristic searches (hill-climbing) that try pairs of permutations and score results.

8. Practical classroom tips

• Teach students to start small: try rail fence and small column keys first.

• Use frequency tests to decide whether you should be looking for transposition or substitution.

• Give cribs (a known word) to classes — this shows how a tiny piece of plaintext can break many ciphers.

• Show comparison: same ciphertext, different decryptions — scoring separates readable English from junk.

---

Small Python example: brute force columnar transposition (small keys)

This is a simple brute-force tester for a columnar transposition cipher. It tries key lengths up to 8 and all permutations for each length and prints candidates that contain a common English word (e.g. " the ").

Warning: permutations grow factorially. This script is fine for keys ≤ 8 but will be very slow above that.

# Simple brute-force columnar transposition cracker (educational)
from itertools import permutations
import math

def decrypt_columnar(cipher, key_order):
    n = len(key_order)
    L = len(cipher)
    rows = math.ceil(L / n)
    # compute number of "full" columns (some columns may be shorter by 1)
    cols_lengths = [rows] * n
    short_cols = (rows * n) - L
    if short_cols > 0:
        # last 'short_cols' columns will have one less char
        for i in range(n - short_cols, n):
            cols_lengths[i] -= 1
    # split cipher into columns in order (as written out by column)
    cols = []
    idx = 0
    for clen in cols_lengths:
        cols.append(cipher[idx: idx+clen])
        idx += clen
    # reorder columns according to key_order (key_order maps plaintext col pos -> cipher column index)
    # here key_order is a tuple of indices representing the order columns were read; we want to reconstruct rows
    # We need to place cols back into their plaintext column positions
    plain_cols = [None] * n
    for plain_pos, col_idx in enumerate(key_order):
        plain_cols[plain_pos] = cols[col_idx]
    # read off row-wise
    plaintext = []
    for r in range(rows):
        for c in range(n):
            if r < len(plain_cols[c]):
                plaintext.append(plain_cols[c][r])
    return ''.join(plaintext)

cipher = "WEEENNHRREE T..."  # replace with your ciphertext (no spaces ideally)
cipher = ''.join(cipher.split())  # remove whitespace for processing

common_word = " the "  # crude filter
for n in range(2, 9):  # try key lengths 2..8
    print(f"Trying key length {n} (permutations: {math.factorial(n)})")
    for perm in permutations(range(n)):
        # perm describes the order columns were read out when encrypting
        pt = decrypt_columnar(cipher, perm)
        if common_word in (' ' + pt.lower() + ' '):
            print("Possible plaintext (key order):", perm)
            print(pt[:200])

This script is a classroom starter — you can improve it by:

• Using a better scoring function (word frequency / log probability).

• Allowing for different conventions (writing rows then reading columns, or vice versa).

• Adding support for double transposition (nested search or heuristic search).

---

Example of heuristic scoring (short note)

A robust solver uses a scoring function based on English quadgram or trigram frequencies. The algorithm randomly permutes the key order and uses hill-climbing: try small swaps in the permutation and keep changes that improve the score. Repeat until no improvement — repeat from different random starts. This is how many classical puzzle solvers succeed at larger keys or double transpositions.

---

Common pitfalls

• Forgetting encryption convention: whether plaintext was written in rows and read by columns, or vice versa. Try both conventions.

• Not accounting for short columns when length L is not divisible by key length.

• Assuming a single transposition when it's double.

• Trying brute force for large keys will result in an exponential combinatorial explosion.

---

Quick classroom exercise

Give students a short plaintext (30–50 letters), apply a small columnar key (3–5), and then challenge classmates to recover it using:

• frequency check,

• guessing key length,

• manual column re-ordering,

• cribbing.

Then show how a small program can solve it in seconds.

---

Worksheet: Cracking Transposition Ciphers

1. Warm-up: Rail-Fence Cipher

In a rail-fence cipher, the message is written diagonally across a set number of “rails”, then read row by row.

For example, with 3 rails:

HELLO WORLD
H . . . O . . . R . .
. E . L . W . L . D .
. . L . . . O . . . .

The ciphertext would be: H O R E L W L D L O

---

Cipher 1

Ciphertext:

WECRLTEERDSOEEFEAOCAIVDEN

1. Try different rail counts (2, 3, 4, 5).

2. Write the letters in a zig-zag pattern for each rail count.

3. Which number of rails produces an English-like plaintext?

4. Write your decoded message below:

Decrypted text: ____________________________________________

(Hint: The correct answer has three rails.)

---

2. Columnar Transposition Cipher

In a columnar cipher, the message is written in rows under a keyword and then read column by column in the order of the keyword’s letters.

Example with keyword CAGE (alphabetical order 1–4):

C(2)	A(1)	G(3)	E(4)
H	E	L	L
O	W	O	R
L	D

Ciphertext (columns in order 1-2-3-4): EWDHLOOLR

---

Cipher 2

Ciphertext:

TIEHXHETATSRHESAESPNLTTE

Known information:

• The keyword is SALT (4 letters).

• The plaintext is an English sentence.

1. Write the ciphertext in 4 columns, one column per keyword letter.

2. Work out which column comes first, second, third, and fourth according to the alphabetical order of the keyword letters.

3. Read the message row by row to recover the plaintext.

4. Write your decoded sentence below:

Decrypted text: ____________________________________________

(Hint: You should find a sentence about how salt preserves food.)

---

3. Reflection Questions

1. How can you tell that both ciphers use transposition rather than substitution?

2. Which cipher was easier to break, and why?

3. How might computers speed up this process for longer messages?

4. Why are transposition ciphers no longer secure for modern communication?