Compare.heading
并排比较23种古典密码。此参考表涵盖密码类型、密钥格式、安全级别、密钥空间大小和最佳使用场景,帮助您选择适合的密码。
Full Cipher Comparison
| Cipher | Type | Key Type | Key Space | Security | Year |
|---|---|---|---|---|---|
| Caesar Cipher | Monoalphabetic Substitution | Single integer (1-25) | 25 | Very Weak | ~58 BC |
| ROT13 | Monoalphabetic Substitution | Fixed (shift of 13) | 1 | None (obfuscation only) | 1982 |
| Atbash Cipher | Monoalphabetic Substitution | None (fixed mapping) | 1 | Very Weak | ~500 BC |
| Affine Cipher | Monoalphabetic Substitution | Two integers (a, b) | 312 | Weak | ~1900s |
| Keyword Cipher | Monoalphabetic Substitution | Keyword string | ~2×10²⁶ | Weak | ~1500s |
| Pigpen Cipher | Symbol Substitution | None (fixed grid) | 1 | Very Weak | ~1700s |
| Polybius Square | Fractionation | 5×5 grid arrangement | ~2×10²⁶ | Weak | ~150 BC |
| Vigenère Cipher | Polyalphabetic Substitution | Keyword string | 26ⁿ (n = key length) | Moderate | 1553 |
| Beaufort Cipher | Polyalphabetic Substitution | Keyword string | 26ⁿ (n = key length) | Moderate | ~1857 |
| Autokey Cipher | Polyalphabetic Substitution | Keyword + plaintext extension | 26ⁿ (non-repeating key) | Moderate-Strong | 1586 |
| Trithemius Cipher | Polyalphabetic Substitution | None (auto-incrementing shift) | 1 | Weak | 1508 |
| Gronsfeld Cipher | Polyalphabetic Substitution | Numeric key (digits 0-9) | 10ⁿ (n = key length) | Weak-Moderate | ~1700s |
| Porta Cipher | Polyalphabetic Substitution | Keyword string (13 alphabets) | 13ⁿ (n = key length) | Moderate | 1563 |
| Running Key Cipher | Polyalphabetic Substitution | Book/text passage (same length as message) | Very large (full text) | Moderate-Strong | ~1800s |
| Playfair Cipher | Digraph Substitution | 5×5 keyword matrix | ~2×10²⁶ | Moderate | 1854 |
| Four-Square Cipher | Digraph Substitution | Two 5×5 keyword matrices | (~2×10²⁶)² | Strong (for classical) | 1902 |
| Hill Cipher | Polygraphic Substitution | N×N invertible matrix | Very large (matrix dependent) | Moderate-Strong | 1929 |
| Alberti Disk Cipher | Polyalphabetic Substitution | Disk position + shift schedule | Variable (depends on rotation frequency) | Moderate | 1467 |
| Baconian Cipher | Binary Encoding / Steganography | None (fixed 5-bit encoding) | 1 | Weak (steganographic only) | 1605 |
| Homophonic Cipher | Homophonic Substitution | Multiple symbols per letter | Very large (mapping dependent) | Moderate-Strong | ~1400s |
| Morse Code | Encoding (not encryption) | None (standard mapping) | 1 | None (encoding, not cipher) | 1837 |
| Vernam Cipher (OTP) | Stream Cipher | Random key (same length as message) | 26ⁿ (truly random) | Perfect (information-theoretically secure) | 1917 |
| Straddling Checkerboard | Fractionation | Letter arrangement + row headers | Very large | Moderate | ~1940s |
| Quagmire Cipher | Polyalphabetic Substitution | 1-3 keyword alphabets + indicator | Very large (multiple mixed alphabets) | Strong (for classical) | ~1900s |
Caesar vs ROT13 vs Atbash — Monoalphabetic Substitution Compared
Caesar, ROT13, and Atbash are the three simplest substitution ciphers. All three replace each letter with a fixed counterpart, but they differ in how the substitution alphabet is determined. The table below encrypts the same plaintext with each cipher so you can see the differences directly.
| Feature | Caesar Cipher | ROT13 | Atbash |
|---|---|---|---|
| Substitution Rule | Shift each letter forward by k positions | Shift each letter forward by 13 positions | Reverse the alphabet (A↔Z, B↔Y, ...) |
| Key | Integer 1-25 (variable) | None (fixed at 13) | None (fixed reversal) |
| Key Space | 25 | 1 | 1 |
| Self-Inverse? | No (decrypt requires reverse shift) | Yes (apply twice → original) | Yes (apply twice → original) |
| "HELLO" encrypted | KHOOR (shift 3) | URYYB | SVOOL |
| "ATTACK" encrypted | DWWDFN (shift 3) | NGGNPX | ZGGZXP |
| Formula | E(x) = (x + k) mod 26 | E(x) = (x + 13) mod 26 | E(x) = (25 − x) mod 26 |
| Handles Numbers? | Optional (with extended alphabet) | No (letters only; use ROT5 for digits) | No (letters only) |
| Origin | Julius Caesar, ~58 BC | Usenet forums, 1982 | Hebrew scholars, ~500 BC |
| Best Use Case | Teaching encryption fundamentals | Hiding spoilers, casual obfuscation | Biblical/historical study, puzzles |
When should you use which?
- Caesar — Use when teaching how substitution ciphers work. The variable key (1-25) demonstrates the concept of a secret parameter. It is the standard starting point for cryptography education.
- ROT13 — Use when you need quick, reversible obfuscation without managing keys. Its self-inverse property (encode = decode) makes it ideal for hiding spoilers, puzzle answers, or content that should be readable only by intentional effort.
- Atbash — Use for historical or literary contexts. Atbash appears in the Hebrew Bible (Jeremiah 25:26 encodes "Babylon" as "Sheshach") and is a natural choice for puzzles involving alphabet reversal.
Vigenère vs Beaufort vs Autokey — Polyalphabetic Substitution Compared
Vigenère, Beaufort, and Autokey are polyalphabetic ciphers that use a keyword to cycle through multiple substitution alphabets. They share the same core concept but differ in how they apply the keyword, whether the cipher is reciprocal, and how the key extends beyond its initial length.
| Feature | Vigenère | Beaufort | Autokey |
|---|---|---|---|
| Encryption Formula | C = (P + K) mod 26 | C = (K − P) mod 26 | C = (P + Ki) mod 26 |
| Key Extension | Keyword repeats cyclically | Keyword repeats cyclically | Keyword + plaintext appended as key |
| Self-Reciprocal? | No (decrypt subtracts key) | Yes (same operation encrypts and decrypts) | No (decrypt requires iterative key recovery) |
| Repeating Key Pattern? | Yes — vulnerable to Kasiski | Yes — vulnerable to Kasiski | No — key is non-repeating |
| "HELLO" + key "KEY" | RIJVS | DSJJG | RIJSS |
| "ATTACK" + key "KEY" | KXDKEM | KVFAOQ | KXDKEK |
| Key Derivation | KEY→KEYKE→KEYKEY... | KEY→KEYKE→KEYKEY... | KEY→KEYHE→KEYHELLO... |
| Tabula Recta | Standard (row = key, col = plain) | Reversed (row = key, col = cipher) | Standard (same as Vigenère) |
| Cracking Method | Kasiski examination + frequency analysis | Same as Vigenère (Kasiski + Friedman) | Known-plaintext attack, statistical methods |
| Security Level | Moderate | Moderate | Moderate-Strong |
| Inventor | Giovan Battista Bellaso (1553), attributed to Vigenère | Sir Francis Beaufort (~1857) | Blaise de Vigenère (1586) |
When should you use which?
- Vigenère — The standard polyalphabetic cipher and the best starting point for learning multi-alphabet encryption. It was considered unbreakable for 300 years and remains the most widely taught cipher beyond Caesar. Use it for education, CTF challenges, and understanding how keyword-based encryption works.
- Beaufort — Use when you need a reciprocal cipher (same operation for encrypt and decrypt) with polyalphabetic security. Beaufort simplifies implementation since you only need one function. It is particularly useful in field scenarios where operators should not need to remember separate encrypt/decrypt procedures.
- Autokey — Use when you need stronger security than Vigenère without a more complex algorithm. By appending plaintext to the key, Autokey eliminates the repeating key pattern that makes Vigenère vulnerable to Kasiski examination. It is the strongest of the three for short messages.
How do classical ciphers compare in security?
Security levels range from "None" (no secret key, just encoding) to "Perfect" (mathematically unbreakable). Most classical ciphers fall between Very Weak and Moderate by modern standards.
| Security Level | Ciphers | Main Vulnerability |
|---|---|---|
| Perfect | Vernam (One-Time Pad) | None \u2014 unbreakable if used correctly |
| Strong | Four-Square, Quagmire, Homophonic | Extensive cryptanalysis, large known-plaintext needed |
| Moderate | Vigen\u00E8re, Beaufort, Autokey, Playfair, Hill, Porta, Running Key | Kasiski examination, known-plaintext attacks, frequency analysis on pairs |
| Weak | Affine, Keyword, Gronsfeld, Trithemius, Polybius | Frequency analysis, small key space, predictable patterns |
| Very Weak / None | Caesar, ROT13, Atbash, Pigpen, Morse, Baconian | Brute force (seconds), no secret key, known mapping |
What are the main types of classical ciphers?
Classical ciphers fall into several categories based on how they transform plaintext. Understanding these categories helps in both selecting a cipher and knowing how to break one.
| Cipher Type | How It Works | Examples | Key Weakness |
|---|---|---|---|
| Monoalphabetic Substitution | Each letter always maps to the same ciphertext letter | Caesar, Atbash, Affine, Keyword | Preserves letter frequency \u2014 easy to crack with frequency analysis |
| Polyalphabetic Substitution | Uses multiple alphabets, cycling based on a keyword | Vigen\u00E8re, Beaufort, Autokey, Porta | Key repetition creates detectable patterns (Kasiski) |
| Digraph / Polygraphic | Encrypts 2+ letters at a time as a unit | Playfair, Four-Square, Hill | Digraph frequency analysis (676 pairs vs 26 letters) |
| Fractionation | Converts letters to numbers/coordinates, then transforms | Polybius, Straddling Checkerboard | Frequency analysis on coordinate pairs |
| Stream Cipher | Combines plaintext with a key stream one character at a time | Vernam (One-Time Pad) | Key management \u2014 key must be truly random and never reused |
When were classical ciphers invented?
Classical ciphers span over 2,500 years of cryptographic history, from ancient Hebrew scholars to 20th century military intelligence.
| Era | Period | Ciphers Introduced | Key Advance |
|---|---|---|---|
| Ancient | 500 BC \u2013 100 BC | Atbash, Caesar, Polybius | First substitution and fractionation concepts |
| Renaissance | 1400s \u2013 1600s | Alberti, Vigen\u00E8re, Porta, Trithemius, Autokey, Baconian | Polyalphabetic substitution invented |
| Industrial | 1700s \u2013 1800s | Playfair, Beaufort, Pigpen, Morse | Digraph encryption and practical field ciphers |
| Modern Classical | 1900s \u2013 1940s | Four-Square, Hill, Vernam, Straddling Checkerboard | Mathematical foundations and provable security |
Best Use Cases by Cipher
| Cipher | Best For | How It Is Cracked |
|---|---|---|
| Caesar Cipher | Education, puzzles, ROT13 | Brute force, frequency analysis |
| ROT13 | Spoiler hiding, casual obfuscation | Apply ROT13 again (self-inverse) |
| Atbash Cipher | Biblical studies, simple encoding | Known pattern, frequency analysis |
| Affine Cipher | Math education, modular arithmetic | Brute force (312 keys), frequency analysis |
| Keyword Cipher | Memorable key encryption | Frequency analysis |
| Pigpen Cipher | Visual encoding, children's games | Known symbol grid |
| Polybius Square | Coordinate-based encoding, telegraphy | Frequency analysis on coordinate pairs |
| Vigenère Cipher | Historical encryption, education | Kasiski examination, Friedman test |
| Beaufort Cipher | Reciprocal encryption (same operation encrypts/decrypts) | Same as Vigenère (Kasiski, Friedman) |
| Autokey Cipher | Improved Vigenère without repeating key | Known-plaintext attack, statistical methods |
| Trithemius Cipher | Historical study, progressive shift concept | Known pattern (predictable shifts) |
| Gronsfeld Cipher | Numeric-key variant of Vigenère | Same as Vigenère with smaller key space |
| Porta Cipher | Self-reciprocal polyalphabetic cipher | Frequency analysis on half-alphabets |
| Running Key Cipher | Long-key encryption using existing text | Statistical analysis, known-book attack |
| Playfair Cipher | Military field use, digraph encryption | Digraph frequency analysis |
| Four-Square Cipher | Dual-key digraph encryption | Extensive digraph frequency analysis |
| Hill Cipher | Mathematical/matrix-based encryption | Known-plaintext attack with linear algebra |
| Alberti Disk Cipher | First polyalphabetic cipher, historical study | Pattern analysis on rotation points |
| Baconian Cipher | Hidden messages in plain text, steganography | Pattern recognition on binary groups |
| Homophonic Cipher | Defeating frequency analysis | Statistical analysis, hill climbing |
| Morse Code | Telegraph communication, emergency signals (SOS) | Standard reference chart |
| Vernam Cipher (OTP) | Provably unbreakable encryption when used correctly | Unbreakable if key is truly random, used once, kept secret |
| Straddling Checkerboard | Compact encoding for spy communications | Frequency analysis on variable-length codes |
| Quagmire Cipher | Advanced polyalphabetic with mixed alphabets | Extensive cryptanalysis, pattern detection |
Frequently Asked Questions
What is the difference between Caesar cipher and Vigenere cipher?
The Caesar cipher uses a single fixed shift value to replace each letter (monoalphabetic substitution), making it vulnerable to frequency analysis with only 25 possible keys. The Vigenere cipher uses a keyword to apply different shift values to each letter (polyalphabetic substitution), producing 26^n possible keys where n is the keyword length. This makes Vigenere significantly harder to crack, though it can be broken with the Kasiski examination or Friedman test.
Which classical cipher is the most secure?
The Vernam cipher (one-time pad) is the only classical cipher with mathematically proven perfect security — it is information-theoretically unbreakable when the key is truly random, at least as long as the message, used only once, and kept completely secret. Among practical classical ciphers, the Four-Square and Quagmire ciphers offer the strongest security due to their large key spaces and complex substitution patterns.
What is the difference between monoalphabetic and polyalphabetic ciphers?
Monoalphabetic ciphers (Caesar, Atbash, Affine, Keyword) use a single fixed substitution alphabet — each plaintext letter always maps to the same ciphertext letter. This preserves letter frequency patterns and makes them easy to crack. Polyalphabetic ciphers (Vigenere, Beaufort, Autokey, Porta) use multiple substitution alphabets, cycling through them based on a keyword. This flattens frequency distributions and makes cryptanalysis significantly harder.
Why is ROT13 not considered encryption?
ROT13 is technically a Caesar cipher with a fixed shift of 13, but it has no secret key — everyone knows the transformation. It provides zero security since anyone can decode it instantly. ROT13 is used purely for obfuscation, such as hiding spoilers or puzzle answers online. Its unique property is that applying ROT13 twice returns the original text (self-inverse), making it convenient for casual use.
How do digraph ciphers like Playfair differ from single-letter ciphers?
Single-letter ciphers (Caesar, Vigenere) encrypt one letter at a time, while digraph ciphers (Playfair, Four-Square) encrypt two letters simultaneously as a pair. This breaks up common single-letter frequency patterns and creates 676 possible digraph substitutions instead of 26 single-letter ones. Digraph ciphers are harder to crack because frequency analysis must operate on 676 pairs rather than 26 individual letters.
What is the difference between Caesar, ROT13, and Atbash?
All three are monoalphabetic substitution ciphers that replace each letter with a fixed counterpart. Caesar shifts each letter forward by a chosen number (1–25), giving it 25 possible keys. ROT13 is a Caesar cipher locked at shift 13 — it has no key and is self-inverse (applying it twice returns the original). Atbash reverses the alphabet (A↔Z, B↔Y) — it also has no key and is self-inverse. Caesar is used for teaching, ROT13 for casual obfuscation, and Atbash appears in biblical and historical contexts.
What is the difference between Vigenère, Beaufort, and Autokey ciphers?
All three are polyalphabetic substitution ciphers that use a keyword to apply different shifts to each letter. Vigenère adds the key letter to the plaintext letter (C = P + K mod 26) and repeats the keyword cyclically. Beaufort subtracts the plaintext from the key (C = K − P mod 26), making it self-reciprocal — the same operation encrypts and decrypts. Autokey starts with the keyword but then appends the plaintext itself as additional key material, eliminating the repeating key pattern that makes Vigenère vulnerable to Kasiski examination. Autokey is the most secure of the three.