Multiplicative Vigenère

Multiplicative Vigenère is a lesser-known variant where the encryption operation is no longer a modular addition between the plain letter and the key letter, but a multiplication in ℤ/26ℤ. This deceptively small change has two deep consequences: the keyspace shrinks, and the cipher becomes non-group (composing two keys is not a single multiplication).

Principle

For each plain letter indexed p ∈ {0..25} (A=0, B=1, …, Z=25) and each key letter indexed k ∈ {0..25}:

encrypt: c = (p × k) mod 26
decrypt: p = (c × k⁻¹) mod 26

The modular inverse k⁻¹ exists only when gcd(k, 26) = 1. Since 26 = 2 × 13, valid keys are odd ranks excluding 13:

k ∈ {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}

i.e. 12 usable keys per letter — the same set as in the affine cipher, but here the key changes at every position.

Example

With key KEY (ranks K=10, E=4, Y=24) — note that 10, 4, 24 are all not coprime with 26: gcd(10, 26) = 2, gcd(4, 26) = 2, gcd(24, 26) = 2. A pure variant would require swapping these letters for compatible ones. That’s a subtlety of the cipher: not every Vigenère key is valid in multiplicative form.

For the demo we use the normalized variant: any key is allowed, with the cipher restoring bijectivity by extending the alphabet to 27 symbols or by a fallback convention. dCode applies the brute operation and accepts information loss on conflicting letters.

Strengths and weaknesses

Strengths

• Breaks reflexes — a cryptanalyst trained on additive Vigenère applies the wrong inversion and gets nonsense.
• Rare and under-documented — few off-the-shelf tools try multiplicative attacks automatically.

Weaknesses

• Tiny keyspace — only 12 values per position are valid. A 6-letter key has at most 12⁶ ≈ 3 million settings — trivial to brute force.
• Information loss — when the product p × k is a multiple of 13, the cipher letter loses information (collision). That’s why the variant typically pads with an extended alphabet.
• Detectable signature — the output distribution leans toward even alphabet ranks (the price of partial non-bijectivity).

How to attack it by hand

1. Test whether a frequent letter (E in English/French) matches a common multiplicative rank (A=0 impossible, B=1 then C=2 unlikely…). Pin down the most frequent ciphertexts.
2. Guess the key length. Split into columns by modulo, then for each column try the 12 valid multipliers — only one yields a distribution close to natural language.
3. Stitch the columns back together.

Closely related ciphers

• Affine cipher — single-letter version with two parameters (a, b): c = (a × p + b) mod 26.
• Additive Vigenère — the classical operation, addition rather than multiplication.
• Mixed Vigenère — alternates addition and multiplication based on position.

In CipherChronicle

Multiplicative Vigenère is a chained-variant lesson: a useful reminder that the same key can produce a wildly different ciphertext depending on the operation. Puzzles for it announce “multiplicative” upfront to avoid confusion with the additive classic — the challenge is not guessing the operation, it’s inverting it correctly.