Cipher Identifier - Detect Unknown Ciphers Online
Paste any ciphertext to instantly identify the encryption method used. This tool analyzes letter frequencies, calculates the Index of Coincidence, and applies pattern matching to detect 20+ classical cipher types — all running in your browser with no data sent to any server.
Enter Ciphertext
How Cipher Detection Works
Format Detection
Instantly recognizes distinctive character patterns. Morse code (dots and dashes), Binary (0s and 1s), Base64, Baconian (5-bit groups), and Polybius (digit pairs) are identified by their unique character sets with 90-99% accuracy.
Statistical Analysis
Calculates the Index of Coincidence (IC) to classify cipher families. English text has IC ~0.067; monoalphabetic ciphers preserve this, while polyalphabetic ciphers reduce it toward 0.038. This separates Caesar-type from Vigenere-type ciphers.
Heuristic Verification
Attempts actual decryption to confirm candidates. For Caesar cipher, all 25 shifts are tested using chi-squared scoring. Atbash and Trithemius are verified by applying their fixed transformations and checking if the output reads as English.
How to Use the Cipher Identifier
- Paste your ciphertext into the text box above. For best results, use at least 25 characters — longer texts produce more accurate statistical analysis.
- Click "Identify Cipher" to run format detection, Index of Coincidence analysis, and heuristic brute-force verification against 20+ cipher types.
- Review the ranked results. Each candidate shows a confidence score, detection details, and a direct link to the matching cipher decoder tool where you can decrypt your message.
Your data stays in your browser — nothing is sent to any server.
Detectable Cipher Types
The identifier recognizes the following cipher families. Each cipher is described below with its detection method, and links to its dedicated encoder, decoder, and example pages on this site.
Monoalphabetic Substitution Ciphers
Monoalphabetic ciphers replace each letter of the plaintext with exactly one other letter throughout the entire message. Because the substitution is fixed, these ciphers preserve the original letter frequency distribution. The Index of Coincidence stays near 0.065–0.067, identical to English plaintext, which makes them easy to distinguish from polyalphabetic ciphers.
Caesar Cipher
Each letter is shifted a fixed number of positions in the alphabet. With only 25 possible keys, the identifier brute-forces all shifts and uses chi-squared scoring to find the one that produces the most English-like output. Named after Julius Caesar, who used a shift of 3 for military correspondence. Use the Caesar cipher encoder to encrypt, the Caesar cipher decoder to crack unknown shifts, or see Caesar cipher examples for step-by-step tutorials.
ROT13
A special case of the Caesar cipher using a shift of 13. Because the English alphabet has 26 letters, applying ROT13 twice returns the original text, making it self-inverse — the same operation encrypts and decrypts. Widely used online to hide spoilers and puzzle answers. Detected as a Caesar cipher with shift 13. Try it with the ROT13 encoder.
Atbash Cipher
A fixed substitution that mirrors the alphabet: A becomes Z, B becomes Y, C becomes X, and so on. Originally used with the Hebrew alphabet in biblical texts. The identifier detects Atbash by applying the mirror transformation and checking whether the output resembles English. Use the Atbash cipher tool to convert text, or the Atbash decoder for analysis.
Affine Cipher
Uses the mathematical formula E(x) = (ax + b) mod 26 to encrypt each letter. With 12 valid values for a and 26 for b, there are 312 possible keys. The identifier recognizes monoalphabetic IC values and flags Affine as a candidate when Caesar and Atbash do not produce readable decryptions. Encrypt with the Affine cipher encoder or crack it with the Affine decoder.
Keyword Cipher
Rearranges the standard alphabet by placing a keyword at the beginning and filling in the remaining letters in order. For example, the keyword "SECRET" produces the cipher alphabet SECRTABDFGHIJKLMNOPQUVWXYZ. Since it is a fixed single-alphabet substitution, the IC stays near English levels. Try the keyword cipher encoder, the keyword decoder, or keyword frequency analysis.
Polyalphabetic Ciphers
Polyalphabetic ciphers use multiple substitution alphabets, cycling through them with each letter. This flattens the letter frequency distribution and lowers the Index of Coincidence toward 0.038–0.055, depending on key length. The identifier uses IC analysis and Kasiski examination to separate these from monoalphabetic ciphers and estimate the key period.
Vigenere Cipher
Uses a repeating keyword where each letter determines the shift for the corresponding plaintext letter. A 3-letter key creates 3 interlaced Caesar ciphers, flattening overall frequency distribution. The identifier measures IC to detect polyalphabetic encryption and uses Kasiski examination to estimate key length. Often called "le chiffre indechiffrable" for 300 years until Friedrich Kasiski published his attack in 1863. Use the Vigenere cipher encoder, Vigenere examples, or the interactive Vigenere table.
Beaufort Cipher
A reciprocal variant of the Vigenere cipher: instead of adding the key, it subtracts the plaintext from the key. Statistically indistinguishable from Vigenere without the key — the identifier flags both as candidates when it detects polyalphabetic IC values. Named after Sir Francis Beaufort of the Royal Navy. Try the Beaufort cipher encoder, Beaufort decoder, or the Beaufort table.
Gronsfeld Cipher
A Vigenere variant that restricts the key to digits 0–9 instead of letters, reducing the key space significantly. Each digit specifies a shift of 0–9 positions. The identifier detects similar IC patterns to Vigenere but with a characteristically smaller shift range. Use the Gronsfeld cipher encoder or Gronsfeld decoder.
Trithemius Cipher
A progressive shift cipher where each successive letter is shifted one position more than the previous: the first letter shifts by 0, the second by 1, the third by 2, and so on. No key is needed. The identifier verifies Trithemius by applying the fixed progressive decryption and checking if the result reads as English. Invented by Johannes Trithemius in 1508 and considered the first published polyalphabetic cipher. Use the Trithemius encoder, decoder, or tabula recta.
Porta Cipher
Uses 13 reciprocal alphabets that swap letter pairs (A↔N, B↔O, etc.), meaning encryption and decryption are the same operation. Only the second half of the alphabet (N–Z) changes between tables, while A–M remain fixed. The identifier recognizes Porta by its characteristic IC range and restricted ciphertext character distribution. Try the Porta cipher encoder, Porta decoder, or the Porta table.
Autokey Cipher
Extends the key by appending the plaintext itself, creating a non-repeating key stream. This eliminates the periodic weakness of the standard Vigenere cipher, making Kasiski analysis ineffective. The identifier detects Autokey through its non-periodic IC pattern — slightly higher than random but without the periodicity signatures of Vigenere. Use the Autokey cipher encoder to encrypt messages.
Running Key Cipher
Uses an entire book or long text passage as the key, so the key never repeats within the message. This produces an IC close to random (0.038–0.045), making it very difficult to identify statistically. The identifier flags Running Key as a low-confidence candidate when the text shows near-random frequencies with no detectable periodicity. Use the Running Key cipher tool to encrypt with book-length keys.
Digraph & Matrix Ciphers
These ciphers encrypt multiple letters at once — either in pairs (digraphs) or larger blocks using matrix multiplication. They produce distinctive structural patterns that help the identifier differentiate them from simple substitution ciphers.
Playfair Cipher
Encrypts letter pairs using a 5×5 grid built from a keyword. The letter J is merged with I, the ciphertext always has even length, and no digraph contains a repeated letter. The identifier checks for these structural constraints — even length, no J, no repeated letter pairs — to flag Playfair as a candidate. Invented by Charles Wheatstone in 1854. Use the Playfair cipher encoder, Playfair decoder, or learn the Playfair rules.
Four-Square Cipher
An extension of Playfair that uses four 5×5 grids instead of one, with two keyword-scrambled alphabets and two standard alphabets. This digraphic substitution is harder to crack than single-grid Playfair. Use the Four-Square cipher encoder, Four-Square decoder, or review the Four-Square rules.
Hill Cipher
Encrypts blocks of letters using matrix multiplication modulo 26. A 2×2 key matrix encrypts pairs; a 3×3 matrix encrypts triples. The identifier has limited ability to detect Hill cipher statistically — it produces IC values similar to polyalphabetic ciphers but without periodic structure. Try the Hill cipher encoder or Hill cipher examples.
Encodings & Format-Based Detection
These are not true ciphers — they convert text into a different format without any secret key. Anyone can decode them by applying the reverse transformation. The identifier recognizes these instantly by their distinctive character sets, without needing statistical analysis.
Morse Code
Represents letters as sequences of dots and dashes, separated by spaces. Originally designed for telegraph communication by Samuel Morse in the 1830s. The identifier instantly recognizes input consisting only of dots (.), dashes (-), spaces, and slash (/) separators. Use the Morse code translator, Morse decoder, or the Morse code chart for reference.
Binary Encoding
Represents each character as a sequence of 0s and 1s, typically in 8-bit groups corresponding to ASCII or UTF-8 values. The identifier detects input containing only digits 0 and 1, optionally separated by spaces. Decode with the binary translator or convert between binary and decimal.
Hexadecimal Encoding
Uses digits 0–9 and letters A–F to represent binary data in a more compact form. Each pair of hex digits encodes one byte. The identifier recognizes strings composed exclusively of hexadecimal characters with even length. Convert with the hex to binary converter.
Base64 Encoding
Encodes binary data using 64 printable ASCII characters (A–Z, a–z, 0–9, +, /) with = padding. The identifier checks for valid Base64 character sets, length divisible by 4, and the presence of padding or +/ characters. Commonly used in email attachments, data URLs, and API authentication tokens. Decode with the Base64 encoder & decoder.
Baconian Cipher
Francis Bacon's steganographic method that encodes each letter as a 5-character sequence using exactly two distinct symbols (traditionally A and B). The identifier detects input with precisely 2 unique characters in groups of 5 — for example, AABBA AABAA ABABA. Use the Baconian cipher encoder or see Baconian examples.
Polybius Square
Converts each letter to a pair of digits from a 5×5 grid, using only the digits 1 through 5. The identifier recognizes input consisting exclusively of digit pairs from the set {1, 2, 3, 4, 5}. Invented by the Greek historian Polybius around 150 BC. Use the Polybius square encoder or Polybius decoder.
Other Cipher Types
Some ciphers use unique techniques that fall outside the standard monoalphabetic/polyalphabetic classification. These are typically harder to identify with certainty, but the identifier can still flag them as possibilities based on specific characteristics.
Homophonic Substitution Cipher
Assigns multiple symbols to each plaintext letter, proportional to that letter's frequency. The letter E might be represented by 12 different numbers, while Z gets just 1. The identifier detects homophonic ciphers when the input contains more than 26 distinct symbols, suggesting a many-to-one mapping. Use the homophonic cipher encoder or homophonic decoder.
Vernam Cipher (One-Time Pad)
The only mathematically proven unbreakable cipher, using a truly random key as long as the message, used only once. Ciphertext appears completely random with IC ≈ 0.038. The identifier can suggest a possible one-time pad when the text shows perfectly uniform letter distribution, but this is always a low-confidence result since the output is indistinguishable from random data. Use the Vernam cipher encoder.
Alberti Disk Cipher
The first polyalphabetic cipher, invented by Leon Battista Alberti around 1467. Uses two concentric rotating disks to change the cipher alphabet mid-message. Statistically similar to Vigenere, making it difficult to distinguish without context. Try the Alberti cipher encoder, Alberti decoder, or the interactive Alberti cipher disk.
Quagmire Cipher
A family of four cipher variants (I through IV) that combine keyword-based alphabet substitution with polyalphabetic shifting. Each variant uses keywords in different positions. Statistically similar to Vigenere ciphers. Use the Quagmire cipher encoder to try all four variants.
Pigpen Cipher
A visual substitution cipher that replaces letters with geometric symbols derived from grid patterns. Also known as the Masonic cipher or Freemason's cipher. The identifier cannot detect Pigpen from text input since it uses graphic symbols, but if you can transcribe the symbols to letters, standard monoalphabetic detection applies. See the Pigpen cipher tool or Pigpen variations.
Straddling Checkerboard
A cipher that converts letters to variable-length numeric codes using a grid where common letters get single-digit codes and rarer letters get two-digit codes. Used in the famous VIC cipher by Soviet spies. The identifier looks for numeric-only output with characteristic digit frequency patterns. Try the Straddling Checkerboard encoder or decoder.
Plaintext Detection
The identifier also checks whether the input might already be unencrypted English text. If the chi-squared score against standard English letter frequencies is very low and common English words are detected, the tool will lower the confidence of all cipher candidates and note that the text may not be encrypted at all.
Unknown or Unidentified Ciphers
If the identifier cannot match your text to any known cipher type, consider these possibilities: the text may be too short (try at least 50 characters), it may use a modern encryption algorithm (AES, RSA) that produces output indistinguishable from random data, or it may be a lesser-known historical cipher not in our detection library. You can try manual analysis using frequency analysis, or compare cipher characteristics to narrow down the type.
Index of Coincidence Reference
The Index of Coincidence (IC) is the probability that two randomly chosen letters from a text are the same. This single number is the most powerful first-pass diagnostic for classifying an unknown cipher.
| IC Range | Interpretation | Likely Cipher Types |
|---|---|---|
| 0.065 – 0.067 | Matches English plaintext distribution | Caesar, Atbash, Affine, Keyword, Transposition |
| 0.045 – 0.060 | Moderately flattened frequencies | Vigenere (short key), Beaufort, Gronsfeld, Porta |
| 0.038 – 0.045 | Near-random distribution | Vigenere (long key), Autokey, Running Key |
| ~0.038 | Uniform / truly random | One-Time Pad (Vernam), modern encryption |
Frequently Asked Questions
How does the cipher identifier detect unknown ciphers?
The cipher identifier uses a three-layer detection approach. First, it checks for distinctive format patterns like Morse code dots and dashes, binary digits, or Base64 characters. Second, it calculates the Index of Coincidence (IC) to distinguish monoalphabetic ciphers (IC near 0.067) from polyalphabetic ciphers (IC near 0.038). Third, it runs heuristic verification such as brute-forcing all 25 Caesar shifts to find readable decryptions.
What is the Index of Coincidence and why is it useful for cipher detection?
The Index of Coincidence (IC) measures how likely two randomly chosen letters from a text are to be the same. English text has an IC around 0.0667 due to uneven letter frequencies (E appears 12.7% of the time). Monoalphabetic ciphers like Caesar preserve this IC because they only rearrange letters. Polyalphabetic ciphers like Vigenere flatten the frequency distribution, producing IC values closer to random text (0.038). This makes IC a powerful first-pass diagnostic for identifying cipher families.
Can the cipher identifier crack the encryption and show the original message?
For some ciphers, yes. The tool can automatically decrypt Caesar cipher by testing all 25 shifts and scoring which produces the most English-like output. It also verifies Atbash and Trithemius ciphers by applying their fixed transformations. For ciphers that require a key (like Vigenere or Playfair), the tool identifies the cipher type and links you directly to the appropriate decryption tool where you can enter the key.
How many characters of ciphertext do I need for accurate identification?
For format-based ciphers like Morse code or Binary, even 4-5 characters are enough. For statistical analysis to work reliably, you need at least 20-30 characters. With 50 or more characters, the Index of Coincidence becomes quite accurate at distinguishing monoalphabetic from polyalphabetic ciphers. Longer texts always produce more reliable results because frequency distributions become more stable.
What ciphers can this tool identify?
The tool can identify over 20 cipher types including Caesar (all 25 shifts), ROT13, Atbash, Affine, Keyword, Vigenere, Beaufort, Gronsfeld, Trithemius, Porta, Autokey, Playfair, Baconian, Polybius, Morse Code, Homophonic substitution, Vernam/One-Time Pad, and Running Key ciphers. It also detects common encodings like Binary, Hexadecimal, and Base64.
What is the difference between a cipher and an encoding?
A cipher transforms text using a secret key to hide its meaning, while an encoding converts text to a different format without any secrecy. Binary (01001000), Hexadecimal (48656C6C6F), and Base64 (SGVsbG8=) are encodings — anyone can reverse them without a key. Caesar cipher, Vigenere, and Playfair are true ciphers because you need the key to decrypt. Our identifier detects both types and labels them accordingly.
Why does the identifier sometimes show multiple possible ciphers?
Many classical ciphers produce statistically similar ciphertext. For example, all monoalphabetic substitution ciphers (Caesar, Atbash, Affine, Keyword) preserve the same letter frequency distribution and have identical Index of Coincidence values. Similarly, Vigenere and Beaufort are statistically indistinguishable without the key. The identifier ranks all possibilities by confidence level so you can try the most likely cipher first.