Skip to main content
CipherChronicle

Cryptography glossary

Cryptanalysis

Also known as : Codebreaking · Code breaking

Cryptanalysis is the set of techniques used to recover the plaintext of a ciphered message without access to the key. It’s the exact reverse of encryption: where cryptography aims to make a message unreadable, cryptanalysis aims to make it readable again — through deduction, computation and patience.

A history in four acts

Historically, it’s an art form. Al-Kindi, a 9th-century Arab polymath, formalized frequency analysis in his treatise Manuscript on Deciphering Cryptographic Messages: the insight that every language leaves a statistical fingerprint on its letters, and that any cipher preserving that fingerprint inevitably leaks its secret. That single technique cracks any monoalphabetic cipher — including Caesar, Atbash and simple substitution. For 700 years afterwards, no homemade cipher held up against a serious cryptanalyst in the Western world.

In the 16th century, Mary Queen of Scots paid with her life for a poorly broken cipher: her letters to fellow conspirators plotting against Elizabeth I went through a nomenclator (substitution cipher plus a table of code-named entities). Walsingham’s cryptanalyst, Thomas Phelippes, broke the system — and even forged a postscript to lure the conspirators into the open. Mary was executed in 1587. It is one of the earliest convictions explicitly grounded in cryptanalysis.

In the 19th century, Charles Babbage (the mechanical father of computing, 1854) and Friedrich Kasiski (a Prussian officer, 1863) independently broke the Vigenère cipher long thought “indecipherable” since 1586. Babbage never published — the British Empire preferred to keep the strategic advantage to itself. Kasiski did, in a slim volume that remained the reference for a century.

In the 20th century, Alan Turing and the Bletchley Park team dismantled the German Enigma machine. The work combined pure cryptanalysis (operator-side weaknesses — for instance, no letter ever encrypted to itself), engineering (the electromechanical bombes testing hypotheses in parallel) and human intelligence (predictable German weather bulletins served as a daily entry point). Historians estimate that systematic Enigma decryption shortened World War II by roughly two years, sparing hundreds of thousands of lives.

How a cipher is broken, concretely

Take a Caesar-ciphered message: LW LV WRR ODWH. Cryptanalysis goes in three steps:

  1. Count the letters. On this short ciphertext, L and W each appear three times — a heavy weight that points at common letters.
  2. Look for the signature. In English, E shows up in ~12.7 % of letters, followed by T, A, O, I, N. A letter showing up that often in such a short text is more likely to be T or E. Try: L = I, W = T, which would mean a shift of 3.
  3. Compute the shift. Reading every letter three positions back gives IT IS TOO LATE. Hypothesis confirmed in seconds.

For Vigenère, it gets subtler: you first need to guess the key length (Kasiski test, index of coincidence), then run L independent frequency analyses — one per key position. The game stays the same: you exploit the language regularities the cipher failed to erase.

Modern cryptanalysis

Computer-age ciphers (AES, RSA, ChaCha20) no longer fall to frequency counting. Modern cryptanalysis wields sophisticated mathematical tools: differential and linear analysis (exploiting tiny statistical biases in how bits propagate through a cipher), side-channel attacks (measuring power consumption, execution time, electromagnetic emissions from a smart card — an attacker who can watch your processor compute can sometimes recover the key without ever stealing it), quantum cryptanalysis (Shor’s algorithm threatens RSA and elliptic-curve cryptography on the horizon of practical quantum computers). For the historical ciphers on CipherChronicle, the toolkit stays artisanal — paper, pencil, maybe a spreadsheet — but devastatingly effective.

The cryptanalyst’s stance

Cryptanalyst is not a synonym for malicious hacker. Cryptanalysts publish their results — that’s what separates the scientific discipline from the underground exploit market. Breaking an algorithm and disclosing the break forces defenders to migrate; silence would leave users exposed without their knowledge. This principle of responsible disclosure, rooted in Kerckhoffs’s principle (1883), is precisely what allowed AES to become the global standard: its competitors were broken, AES held, and the entire community knows it.

Key takeaways:

  • Cryptanalysis exploits language regularities: letter frequencies, digrams (TH, EN, ES), trigrams, probable words (“the”, “and”, “that”, “with”).
  • Every classical cipher eventually falls to dedicated cryptanalysis. Only the one-time pad, with a truly random key as long as the message and never reused, is mathematically unbreakable.
  • The associated verb in English is to crack or to break — distinct from to decrypt, which implies you have the key. A common confusion, even in journalism.
  • Breaking and publishing beats breaking and exploiting: responsible cryptanalysis is what makes modern cryptography trustworthy.

← Whole glossary