The columnar transposition cipher scrambles a message by changing the order of its letters rather than substituting them. Letters are written into a grid and then read out column by column in an order fixed by a keyword. Because nothing is substituted, the ciphertext contains exactly the same letters as the plaintext, just rearranged. This tool encrypts and decrypts instantly in your browser.
How it works
Choose a keyword; its length is the number of columns. Write the cleaned, uppercased plaintext into a grid one row at a time. To find the read order, rank the keyword’s letters alphabetically — the lowest letter marks the first column read, and ties are broken left to right.
To encrypt, read each column from top to bottom in that ranked order and concatenate the results. To decrypt, the tool first works out how many letters belong in each column (long columns versus short columns when the last row is incomplete), slices the ciphertext accordingly, refills the grid, and reads it back row by row.
Step-by-step example with ZEBRAS
Encrypt WEAREDISCOVEREDFLEEATONCE (spaces removed) with keyword ZEBRAS (6 columns).
Step 1 — Build the grid:
Z E B R A S
- - - - - -
W E A R E D
I S C O V E
R E D F L E
A T O N C E
Step 2 — Rank the keyword: A=1, B=2, E=3, R=4, S=5, Z=6.
Step 3 — Read columns in rank order (1=A, 2=B, …):
- Column A (rank 1): E V L C
- Column B (rank 2): A C D O
- Column E (rank 3): E S E T
- Column R (rank 4): R O F N
- Column S (rank 5): D E E E
- Column Z (rank 6): W I R A
Ciphertext: EVLCACDOESЕТROFNDEEEWIRA
Decrypt by reversing the process: figure out how many rows of 6 fit the message length (with the last row possibly short), fill columns back in rank order from the ciphertext slices, then read row by row to recover the plaintext.
Handling the short last row
When the message length is not a multiple of the keyword length, some columns are one letter longer than others. Specifically, the columns that correspond to the leftmost positions in the grid’s final row are the “long” columns; they have one more letter than the “short” columns. During decryption you must know which columns are long and which are short, determined by the message length modulo the keyword length. Getting this wrong places a letter in the wrong cell and garbles the output. This tool handles it automatically.
Historical use and limitations
Columnar transposition was used in World War I and saw significant use in World War II, often layered with other ciphers. The German ADFGVX cipher used columnar transposition applied to a substitution cipher — the combination was much harder to break than either alone.
On its own, columnar transposition has serious weaknesses:
- Letter frequencies are preserved. An attacker who counts letter frequencies can confirm the language and estimate message length without knowing the key.
- Column count is recoverable. Cryptanalysts can try different column counts (2, 3, 4, …) and test whether the resulting column readings produce natural-looking text. For short keywords this search is fast.
- Known-plaintext attacks are devastating. If any part of the plaintext is known, column permutations can often be reconstructed directly.
For modern use, columnar transposition is valuable as a teaching tool and for puzzles, but should not be used alone for any confidential data.