# How the Vigenère cipher works

A detailed explanation of how the Vigenère cipher combined a codeword and the familiar idea of a shift cipher.

The Vigenère cipher works similarly to the shift cipher that we’ve already studied. However, it uses a codeword to change the shift as we work through the plaintext, making it much harder to break.

### How it works

To use this cipher, the sender and receiver first need to agree upon a codeword; this can be any word, or set of letters. To encrypt your plaintext, you work letter-by-letter as follows.

You add the first letter of the plaintext to the first letter of the codeword, and that will give you the first letter of the ciphertext. This is just like you did with the Caesar cipher, but here the shift (d) is given by the first letter of the codeword. (So if the codeword begins with the letter (B), the shift used for encrypting the first letter of the plaintext is 2; if the codeword begins with (Z), the shift used is 26, etc.)

Next you add the second letter of the plaintext to the second letter of the codeword. Again, this is simply like using the Caesar cipher, but now with a different shift – the shift being the second letter of the codeword. And then you keep repeating this for the third letter, the fourth letter, and so on.

Probably the plaintext is much longer than the codeword, so what do you do when you’ve run out of codeword letters? You start repeating the codeword! If the codeword is seven letters long, then to encrypt the eighth letter of the plaintext you will use the first letter of the codeword again. You then repeat this for the whole length of the plaintext.

### Example

For example, let’s suppose that our codeword is KASISKI (in honour of the German cryptographer who first published a method for breaking the Vigenère cipher). And let’s suppose that our plaintext is BOTHER THE THEOREM.

To encrypt the first letter ((B=2)) we add it to the first letter of the codeword ((K=11)) to get the letter (M=13). To do this using your Caesar wheel, turn the wheels so that the Shift window shows the number 11 (corresponding to the first letter of the codeword); now find the plaintext letter (B) (inner wheel) and read off the ciphertext letter (M) on the outer wheel.

The second letter of the ciphertext will be (P) (since (O + A = 15 + 1 = 16)). For the third letter, we have to remember that we’re always using modular arithmetic to perform calculations (adding and subtracting a shift (d)) mod 26; so we calculate (T + S = 20 + 19 = 39equiv 13) (mod 26), and get the letter (M).

When you get to the eighth letter of the plaintext (which is (H) in THE) you have run out of letters of the codeword to use, so you cycle back to the start and use the first letter, (K), of the codeword KASISKI again. So the eighth letter of the ciphertext is (H+K=S).

An easy way to picture this is to write the (repeated) codeword above the plaintext, and then just “add the letters in each column” to get the ciphertext:

[begin{matrix} K & A & S & I & S & K & I & K & A & S & dots \ B & O & T & H & E & R & T & H & E & T & dots \ hline M & P & M & Q & X & C & C & S & F & M & dots end{matrix}]

The final ciphertext in this example is MPMQXCCSFMQXZAPN.

Note that the four Es in BOTHER THE THEOREM get enciphered to different letters – X, F, X, P – and note that the first and third letters of the plaintext both get replaced by the letter M. This is what we mean by this cipher being polyalphabetic, and it’s what gave it such security: you can have the same letter in the plaintext being replaced by different letters in the ciphertext, so frequency analysis simply doesn’t work when trying to break it.