If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Symmetric encryption techniques

A symmetric encryption is any technique where the same key is used to both encrypt and decrypt the data. The Caesar Cipher is one of the simplest symmetric encryption techniques, and of course, one of the easiest to crack.
Since then, cryptologists have invented many more symmetric encryption techniques, including the ones used today to encrypt data like passwords.

Vigenère Cipher

French cryptologists invented the Vigenère Cipher in the mid 1500s. The cipher was considered especially strong, and author Lewis Caroll even called it “unbreakable” in 1868. It was indeed much stronger than the Caesar Cipher, but as we’ll see, it can definitely be cracked.


The Vigenère cipher uses an entire word as the shift key, as opposed to the Caesar Cipher’s single shift amount.
Imagine that we want to encrypt the phrase VERSAILLES and use a shift key of CHEESE.
First, we need to repeat the shift key to line up with each of the letters in the phrase:
Now we replace each letter of the original text according to the Vigenère table:
For the first letter "V", we select the row that starts with "V". Then since the corresponding shift key letter is "C", we move to the column that has a header of "C". The letter at the intersection of the "V" row and "C" column is "X". Thus, we encrypt "V" as "X".
The letter at the intersection of the "E" row and "H" column is "L", so we encrypt "E" as "L".
If we keep going, we'll end up with the encrypted text "XLVWSMNSIW".
Check your understanding
If we want to use a different shift key of "PIZZA" to encrypt "VERSAILLES", what will the first letter "V" be encrypted as?
Choose 1 answer:


Imagine that we receive the encrypted message "NVYZJI" from our ally, and we know they've used a Vigenère cipher with a shift key of "CHEESE".
Once again, we line the encrypted message up with the shift key:
Shift keyCHEESE
Now we can do a reverse substitution according to the table:
We start by selecting the row for the first letter in the shift key "C". Then we scan down that row until we find the first encrypted letter "N". Once we find the "N", we look up to see the header for that column, "L". Thus, the decryption of "N" is "L".
Shift keyCHEESE
For the next letter, we select the "H" row, find the "V" in the row, and look up to see we're in column "O".
Shift keyCHEESE
If we do that for each shift key and encrypted letter, we decrypt the entire phrase as "LOUVRE".
Check your understanding
If we receive a new message "NVSO" that's encrypted with the same shift key of "CHEESE", what was the original text?
Choose 1 answer:

Cracking the cipher

The Vigenère Cipher is a type of polyalphabetic cipher, and it's a harder code to crack than the Caesar Cipher due to the use of an entire shift word.
If an intercepter had no idea what the shift key was and wanted to brute force their way to a decryption, they would need to try out all the possible shift words in the world, and perhaps even made-up words! For a mere mortal, that could take a lifetime. That's much more work than brute forcing the Caesar Cipher, where we just had to check 26 different shift amounts.
What about frequency analysis? Do messages encrypted with the Vigenere cipher have a special pattern in their distribution of letters?
Try it out for yourself! Encrypt the message below, and you'll see a frequency analysis of the original message and the encrypted message.
Notice that the frequency analysis of the original message is exactly what we'd expect for an English-language message: "E" is the most popular letter, and there is huge variance in the frequency of the letters.
The frequencies of the encrypted message are more similar to each other. We can't identify an obvious "E", since the letter "E" gets encrypted into different letters at different points in the message.
In the 1800s, people finally figured out different ways to use frequency analysis to crack the cipher. For example, in a long message, a short word like "THE" may get translated to the same three encrypted letters multiple times (just not every time), and that reveals possible lengths for the shift key.
Now that we have the use of powerful computers, the Vigenère Cipher is relatively easy to decipher, because a computer can quickly test out millions of words, and it can easily find the leaked information in the frequency analysis.

Modern ciphers

In the age of computers, ciphers can't just be hard to crack by an enterprising human; they have to be hard to crack by a computer that can do trillions of calculations per second.
Fortunately, cryptologists have invented encryption techniques that are secure in the digital world, and are continuing to improve them every year.
One of the most common encryption standards is AES-128, a block cipher approved by the federal government and used often for secure file transfer.
What makes it so secure?
One reason is that each key is always 128 bits long. That means there are 2128 possible keys. That's this many:
Wow! But wait, there's more: the AES cipher requires applying a sequence of 10 mathematical operations for each bit of the key. Multiply that number above by 10, and that's the number of calculations a computer would need to do.
The fastest computer can calculate around 145×1015 operations per second. That's this many:
The fastest computer would still take 500 trillion years to try every possible 128-bit key!
What about frequency analysis? It won't work. The AES cipher does not reveal any information about the original text, thanks to the multi-step sequence of operations on blocks of bits.
The AES ciphers, and other modern ciphers, may not be secure forever. Security researchers spend their time trying to find clever ways to break the cipher, and present findings in blogs and conference talks.
Cryptography research is done in the open, with the hope that the public finds out about a security breach before a malicious cybercriminal discovers one.
🙋🏽🙋🏻‍♀️🙋🏿‍♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!

Want to join the conversation?