Four-Square Cipher: Felix Delastelle's Digraph Encryption System Explained
Learn how the Four-Square cipher uses four 5x5 grids to encrypt letter pairs. Complete guide with examples, key generation, and comparison to Playfair.
The Four-Square cipher is one of the most elegant manual encryption systems ever devised. Invented by the French cryptographer Felix Marie Delastelle in the late nineteenth century, it encrypts letters in pairs (digraphs) using a set of four 5x5 grids arranged in a square formation. The result is a cipher that is significantly more resistant to frequency analysis than monoalphabetic substitution and notably more secure than its better-known cousin, the Playfair cipher.
Despite its sophistication, the Four-Square cipher remains accessible enough to perform by hand with nothing more than pencil, paper, and two keyword-generated alphabets. This combination of security and usability made it a favorite among amateur cryptographers throughout the twentieth century and a staple of cryptography education today.
This guide explains everything you need to understand, use, and analyze the Four-Square cipher -- from grid construction and encryption mechanics to security properties and historical context. To encrypt or decrypt your own messages, try the Four-Square cipher tool.
Felix Delastelle and the French School of Cryptography
The Man Behind the Cipher
Felix Marie Delastelle (1840-1902) was a French sailor, customs officer, and self-taught cryptographer whose work was largely unknown during his lifetime. He spent decades studying cipher systems in his spare time, corresponding with other cryptography enthusiasts and developing original designs that he eventually collected into a manuscript titled Traite Elementaire de Cryptographie ("Elementary Treatise on Cryptography"). The manuscript was published posthumously in 1902, the year of his death.
Delastelle's contributions to cryptography extend well beyond the Four-Square cipher. He invented the Bifid cipher, which combines a Polybius square with fractionation to scramble letter coordinates before recombining them into ciphertext. He also created the Trifid cipher, which extends fractionation to three dimensions using a 27-character alphabet (the 26 letters plus a period). Both systems introduced the concept of diffusion -- spreading the influence of each plaintext letter across multiple ciphertext letters -- decades before Claude Shannon formalized diffusion and confusion as the two fundamental properties of secure ciphers.
The Context of Late Nineteenth-Century Cryptography
Delastelle worked during a period of intense cryptographic activity. The Franco-Prussian War of 1870-71 had demonstrated the military importance of secure communications, and French cryptographers were actively seeking systems that could resist the increasingly powerful analytical techniques being developed by military intelligence services. The Polybius square, which Delastelle used as the foundation for several of his ciphers, had been known since ancient Greece but was experiencing a Renaissance as cryptographers recognized its potential as a building block for more complex systems.
The dominant cipher of the era was the Vigenere system, which had been broken by Kasiski in 1863. Cryptographers were searching for alternatives that could provide security without requiring the long keys and complex procedures that truly unbreakable systems (like the one-time pad, described by Frank Miller in 1882) demanded. Delastelle's digraph and fractionation ciphers represented one approach to this challenge.
How the Four-Square Cipher Works
The Grid Layout
The Four-Square cipher uses four 5x5 grids arranged in a 2x2 formation:
┌─────────────┬─────────────┐
│ PLAINTEXT │ CIPHERTEXT │
│ Grid 1 │ Grid 2 │
│ (standard) │ (keyed) │
├─────────────┼─────────────┤
│ CIPHERTEXT │ PLAINTEXT │
│ Grid 3 │ Grid 4 │
│ (keyed) │ (standard) │
└─────────────┴─────────────┘
-
Grid 1 (upper-left) and Grid 4 (lower-right) are plaintext grids. They contain the standard alphabet in normal order, with I and J sharing a single cell (the standard convention for fitting 26 letters into 25 cells).
-
Grid 2 (upper-right) and Grid 3 (lower-left) are ciphertext grids. Each is generated from a different keyword and contains a mixed alphabet.
The plaintext grids are always the same for every user. The security of the cipher depends entirely on the two keywords used to generate the ciphertext grids.
The I/J Convention
Since a 5x5 grid has only 25 cells but the English alphabet has 26 letters, one cell must accommodate two letters. The standard convention is to merge I and J into a single cell. During encryption, J in the plaintext is treated as I. During decryption, the context of the surrounding letters usually makes it clear whether I or J was intended. Some implementations merge Q and K instead, or drop Q entirely, but the I/J merge is by far the most common.
Generating a Keyed Alphabet
To build a ciphertext grid, start with a keyword and follow these steps:
-
Remove duplicate letters from the keyword. For example, KEYWORD becomes KEYWORD (no change in this case, since no letter repeats), but BALLOON becomes BALON.
-
Merge I/J. If the keyword contains J, treat it as I.
-
Write the deduplicated keyword, then append the remaining letters of the alphabet in standard order (skipping any letters already used and treating I/J as one letter).
-
Fill the 5x5 grid row by row with the resulting 25-character sequence.
Example with the keyword EXAMPLE:
Deduplicated: E X A M P L
Remaining alphabet (skipping E, X, A, M, P, L): B C D F G H I/J K N O Q R S T U V W Y Z
Full sequence: E X A M P L B C D F G H I K N O Q R S T U V W Y Z
E X A M P
L B C D F
G H I K N
O Q R S T
U V W Y Z
Step-by-Step Encryption
Let us encrypt the plaintext HELLO WORLD using two keywords: EXAMPLE for Grid 2 and KEYWORD for Grid 3.
Step 1: Set up the four grids.
Grid 1 (plaintext, upper-left) -- standard alphabet:
A B C D E
F G H I K
L M N O P
Q R S T U
V W X Y Z
Grid 2 (ciphertext, upper-right) -- keyword EXAMPLE:
E X A M P
L B C D F
G H I K N
O Q R S T
U V W Y Z
Grid 3 (ciphertext, lower-left) -- keyword KEYWORD:
K E Y W O
R D A B C
F G H I L
M N P Q S
T U V X Z
Grid 4 (plaintext, lower-right) -- standard alphabet:
A B C D E
F G H I K
L M N O P
Q R S T U
V W X Y Z
Step 2: Split the plaintext into digraphs (pairs of letters).
HELLO WORLD becomes: HE LL OW OR LD
If the plaintext has an odd number of letters, add a padding letter (usually X or Z) at the end.
Step 3: Encrypt each digraph.
For each pair, the first letter is found in Grid 1 (upper-left) and the second letter is found in Grid 4 (lower-right). Together, they define two corners of a rectangle that spans all four grids.
The ciphertext pair is read from the other two corners of this rectangle: the letter in Grid 2 (upper-right) at the same row as the first plaintext letter and the same column as the second plaintext letter, and the letter in Grid 3 (lower-left) at the same row as the second plaintext letter and the same column as the first plaintext letter.
Encrypting HE:
- H is at row 2, column 3 in Grid 1.
- E is at row 1, column 5 in Grid 4.
- Grid 2, row 2, column 5 gives: F
- Grid 3, row 1, column 3 gives: Y
- HE encrypts to FY
Continue this process for each pair to get the complete ciphertext.
Step 4: Combine all encrypted pairs into the final ciphertext string.
Decryption
Decryption is the exact reverse. The first letter of each ciphertext pair is found in Grid 2, the second in Grid 3. The rectangle rule gives the corresponding plaintext letters from Grid 1 and Grid 4. This symmetry makes the Four-Square cipher straightforward to implement in both directions.
Choosing Strong Keywords
The security of the Four-Square cipher rests on the quality of the two keywords. Here are guidelines for selecting them:
Length and Diversity
Longer keywords with many distinct letters produce more thoroughly mixed alphabets. A keyword like "CRYPTOGRAPHY" (10 unique letters after deduplication) is far better than "CAT" (3 unique letters). The ideal keyword uses many different letters without being so long that it is difficult to memorize.
Two Different Keywords
Always use two different keywords for Grid 2 and Grid 3. Using the same keyword for both grids weakens the cipher by introducing symmetry that a cryptanalyst can exploit. If both ciphertext grids are identical, the Four-Square cipher degenerates into a simpler system with fewer effective substitutions.
Avoid Predictable Phrases
Keywords based on dictionary words, famous quotes, or personal information (names, dates) are vulnerable to dictionary attacks. A cryptanalyst can generate ciphertext grids from common words and test each combination against the ciphertext. Random or semi-random phrases are more secure, though harder to remember.
Practical Suggestions
A practical compromise is to use a memorable but unusual phrase, take the first letters of each word, and add some modifications. For example, "My grandmother bakes 7 pies every Tuesday morning" might yield "MGB7PETM" -- memorable to you but unpredictable to an attacker.
Four-Square vs. Playfair: A Detailed Comparison
The Playfair cipher is the best-known digraph cipher and the most natural point of comparison for the Four-Square system. Both encrypt letter pairs using 5x5 grids, but they differ in structure, security, and usability.
Structural Differences
| Feature | Playfair | Four-Square |
|---|---|---|
| Number of grids | 1 | 4 |
| Number of keywords | 1 | 2 |
| Grid arrangement | Single 5x5 grid | 2x2 arrangement of four 5x5 grids |
| Encryption rule | Rectangle, row, or column rule depending on letter positions | Always a rectangle rule (no special cases) |
| Same-row pairs | Special rule (shift right) | Handled by standard rectangle rule |
| Same-column pairs | Special rule (shift down) | Handled by standard rectangle rule |
| Reversed pairs | AB and BA have a related pattern | AB and BA produce unrelated ciphertext |
Security Advantages of Four-Square
The Playfair cipher has several well-known weaknesses that the Four-Square system avoids:
No special-case rules. In Playfair, digraphs where both letters are in the same row or column follow different rules than digraphs forming a rectangle. These special cases create patterns that cryptanalysts can detect. The Four-Square cipher always uses the rectangle rule because the plaintext letters and ciphertext letters are in different grids, so they can never be in the same row or column within a single grid.
No reversed-pair patterns. In Playfair, if AB encrypts to XY, then BA encrypts to YX. This reciprocal property is a significant weakness because common reversed digraphs in English (RE/ER, ES/SE, TH/HT) produce predictable ciphertext patterns. In the Four-Square cipher, the encryption of BA is completely unrelated to the encryption of AB because the two ciphertext grids are different.
Larger key space. The Four-Square cipher uses two independent keywords, each generating a separate mixed alphabet. This doubles the key material compared to Playfair's single keyword, making brute-force and dictionary attacks significantly harder.
Better frequency masking. Because the Four-Square cipher uses two different mixed alphabets for the two halves of each ciphertext pair, the resulting digraph frequency distribution is flatter and more uniform than Playfair's. This makes statistical analysis of the ciphertext more difficult.
When Playfair is Preferred
Despite its weaker security, Playfair has practical advantages:
- Simplicity. One grid is easier to memorize and reconstruct than four.
- Speed. Encryption with one grid is faster by hand.
- Historical familiarity. Playfair was widely taught and used in military contexts, making it easier to find trained operators.
For educational purposes, studying both systems -- and understanding why Four-Square improves on Playfair -- provides excellent insight into the principles of digraph cipher design.
Frequency Analysis and the Four-Square Cipher
Why Digraph Ciphers Resist Single-Letter Frequency Analysis
In a monoalphabetic cipher, each plaintext letter always maps to the same ciphertext letter. This preserves the statistical fingerprint of the language, and a simple frequency count reveals the substitution. Digraph ciphers like Four-Square encrypt pairs of letters, and the same letter can map to different ciphertext letters depending on its partner. The letter E paired with T might encrypt completely differently than E paired with S.
This means that single-letter frequency analysis is useless against the Four-Square cipher. A cryptanalyst must instead analyze digraph frequencies -- the frequencies of letter pairs -- which are much harder to exploit because there are 625 possible digraphs (25 x 25) compared to only 25 single letters.
Digraph Frequency Analysis
English text does have characteristic digraph frequencies (TH, HE, IN, ER, AN are the most common), and a sufficiently long ciphertext may reveal these patterns. However, the Four-Square cipher distributes these patterns more evenly than Playfair because its two different ciphertext grids break the symmetry that makes Playfair digraphs partially predictable.
In practice, breaking a Four-Square cipher by digraph frequency analysis alone requires a very long ciphertext -- typically several thousand characters -- and even then the analysis yields candidates rather than certainties. Short messages (under a few hundred characters) are extremely difficult to crack without additional information.
The Hill Cipher Connection
Readers interested in matrix-based approaches to digraph encryption may want to explore the Hill cipher, which uses linear algebra to encrypt letter pairs (or larger groups) through matrix multiplication. While structurally very different from Four-Square, the Hill cipher shares the property of encrypting multiple letters simultaneously, and the two systems offer an interesting contrast between geometric (grid-based) and algebraic approaches to the same problem.
Delastelle's Other Inventions
The Bifid Cipher
The Bifid cipher, also invented by Delastelle, uses a single Polybius square to convert each plaintext letter into a pair of coordinates (row and column numbers). The coordinates are then rearranged -- the row numbers from a group of letters are written first, followed by the column numbers -- and the recombined pairs are converted back to letters using the same Polybius square.
This fractionation technique achieves diffusion: each ciphertext letter depends on the coordinates of two different plaintext letters, making the relationship between plaintext and ciphertext far less transparent than in a simple substitution. The Bifid cipher influenced the design of the ADFGVX cipher used by Germany in World War I.
The Trifid Cipher
The Trifid cipher extends fractionation to three dimensions. Each character in a 27-symbol alphabet (26 letters plus a period or space) is represented by three coordinates, which are then rearranged and recombined in groups of three. The Trifid cipher achieves even greater diffusion than the Bifid but is more complex to use by hand.
Delastelle's Legacy
Delastelle's work represents a crucial transition in cryptographic thinking. Before him, cipher designers focused primarily on substitution -- replacing letters with other letters. Delastelle introduced the idea of breaking letters into sub-components (coordinates), manipulating those components independently, and then reassembling them. This fractionation principle became a fundamental building block of twentieth-century cipher design and is echoed in the substitution-permutation networks used in modern block ciphers like AES.
Implementing the Four-Square Cipher
Algorithm Overview
The Four-Square encryption algorithm can be summarized in pseudocode:
function encrypt(plaintext, keyword1, keyword2):
grid1 = standard_alphabet_grid()
grid2 = keyed_grid(keyword1)
grid3 = keyed_grid(keyword2)
grid4 = standard_alphabet_grid()
plaintext = remove_non_alpha(plaintext).upper()
plaintext = replace_j_with_i(plaintext)
if length(plaintext) is odd:
plaintext += "X"
ciphertext = ""
for i = 0 to length(plaintext) - 1 step 2:
r1, c1 = find_position(grid1, plaintext[i])
r2, c2 = find_position(grid4, plaintext[i+1])
ciphertext += grid2[r1][c2]
ciphertext += grid3[r2][c1]
return ciphertext
The decryption algorithm is identical except that the roles of the grids are swapped: ciphertext letters are looked up in Grid 2 and Grid 3, and plaintext letters are read from Grid 1 and Grid 4.
Performance Characteristics
The Four-Square cipher runs in O(n) time for an n-character plaintext, with the grid lookups being constant-time operations (each grid is only 5x5, so a position lookup involves at most 25 comparisons, or O(1) with a precomputed index). Memory usage is minimal -- four 25-character arrays plus the input and output strings.
Historical and Recreational Use
Military Applications
While the Four-Square cipher was never adopted as a primary military cipher in the way that Playfair was (the British military used Playfair from the Boer War through World War II), it saw limited use in various intelligence contexts. Its resistance to the known attacks on Playfair made it attractive for situations where moderate security was needed without the complexity of machine ciphers.
Puzzle and Competition Use
The Four-Square cipher is a popular choice for cryptography puzzles, escape rooms, and cipher competitions. The American Cryptogram Association (ACA) regularly includes Four-Square challenges in its journal The Cryptogram, and many CTF (Capture the Flag) competitions feature Four-Square ciphers as intermediate-difficulty challenges.
The cipher's appeal in these contexts comes from its satisfying blend of complexity and solvability. It is complex enough to be a genuine challenge but structured enough that systematic analysis can crack it without computational brute force -- at least when the ciphertext is long enough.
Frequently Asked Questions
How does the Four-Square cipher differ from the Two-Square cipher?
The Two-Square cipher (also known as the double Playfair) uses only two grids arranged either horizontally or vertically. It encrypts digraphs using a rectangle rule similar to the Four-Square system, but with only one keyed grid and one standard grid (or two keyed grids). The Four-Square cipher, with its four grids in a 2x2 arrangement, provides more mixing and eliminates certain symmetries that make the Two-Square cipher partially vulnerable. The Four-Square is generally considered more secure.
Why do we merge I and J in the grid?
The English alphabet has 26 letters, but a 5x5 grid has only 25 cells. The I/J merge is the most common solution because I and J are visually similar, historically related (J evolved from I in the sixteenth century), and rarely create ambiguity in context. In the word "MAJOR," for example, the letter J is written as I during encryption, producing "MAIOR." During decryption, the context makes it obvious that "MAIOR" means "MAJOR." Alternative approaches include merging Q with K or simply dropping Q (since Q almost always appears with U, it carries little independent information).
Can the Four-Square cipher be broken without knowing the keywords?
Yes, given enough ciphertext. The primary attack is digraph frequency analysis, which exploits the fact that certain letter pairs (TH, HE, IN, ER) are far more common in English than others. With a sufficiently long ciphertext (typically several thousand characters), a cryptanalyst can match observed ciphertext digraph frequencies against expected plaintext digraph frequencies to deduce portions of the keyed grids. Hill climbing and simulated annealing algorithms can also recover the keywords by iteratively testing random modifications and measuring how closely the decrypted text resembles natural language. Short messages (under a few hundred characters) are very difficult to break.
Is the Four-Square cipher used in modern cryptography?
No. Like all classical ciphers, the Four-Square cipher does not meet modern security standards. Its key space is far too small to resist computational brute-force attacks, and known-plaintext attacks can recover the keywords with modest amounts of data. Modern encryption algorithms like AES operate on binary data with key lengths of 128, 192, or 256 bits, providing security levels that no classical cipher can approach. However, the Four-Square cipher remains valuable for education, recreational cryptography, and as a stepping stone toward understanding the principles (diffusion, confusion, key scheduling) that underpin modern systems.
How many possible key combinations does the Four-Square cipher have?
Each ciphertext grid can be any permutation of the 25 characters (treating I/J as one), giving 25! (approximately 1.55 x 10^25) possible arrangements per grid. With two independent keyed grids, the total key space is (25!)^2, or approximately 2.4 x 10^50. This is enormous for manual analysis but trivial for modern computers, which is why the cipher is not used for serious security today. In practice, since most users generate grids from keywords, the effective key space is much smaller -- limited by the number of possible keywords.