Keyword Substitution Cipher

Build a 26-letter cipher alphabet from a keyword for substitution

Generates a monoalphabetic substitution cipher by placing a deduplicated keyword at the front of the alphabet, then appending the remaining unused letters in order. Encrypt and decrypt against that mapping. Runs in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

How is the cipher alphabet built from the keyword?

The keyword is uppercased and stripped of non-letters, then each letter is added once in order of first appearance. After that, every remaining letter of the standard alphabet that has not yet been used is appended in A-to-Z order. The result is a 26-letter cipher alphabet.

A keyword substitution cipher is a classic monoalphabetic cipher in which the ciphertext alphabet is reordered using a memorable keyword. The keyword seeds the start of the alphabet, and the letters it does not contain fill the rest in normal order, producing a fixed one-to-one substitution.

How the cipher alphabet is built

The cipher alphabet is constructed in two stages, then mapped against the plain alphabet:

keyword  = MONARCHY
deduped  = M O N A R C H Y
remainder= B D E F G I J K L P Q S T U V W X Z
cipher   = MONARCHYBDEFGIJKLPQSTUVWXZ
plain    = ABCDEFGHIJKLMNOPQRSTUVWXYZ

To encode, find each plaintext letter’s position in the plain alphabet and emit the cipher-alphabet letter at the same position; to decode, do the reverse lookup.

Worked example

With the keyword MONARCHY, the word FLEE encodes to IGAA:

PlainFLEE
CipherIGAA

This is because F is the 6th letter of the plain alphabet, and the 6th letter of the cipher alphabet MONARCHYBDEFGIJKLPQSTUVWXZ is I. L is 12th → G (12th cipher letter). E is 5th → A (5th cipher letter). Decoding IGAA with the same keyword simply reverses each lookup, returning FLEE.

What affects the cipher quality

Keyword length. A short keyword like KEY leaves most of the alphabet in its original position from the fourth letter onward, making the cipher weaker. Longer keywords with many distinct letters shuffle more of the alphabet.

Keyword letter variety. A keyword with many repeated letters (such as AARDVARK) contributes fewer unique letters to the front of the cipher alphabet after deduplication. AARDVARK deduplicates to just A, R, D, V, K — only five unique letters.

Message length. Because the substitution is one-to-one and fixed throughout the message, longer messages expose more of the frequency pattern of the underlying language. In English, the ciphertext letter that appears most often is almost certainly the stand-in for E, which occurs in roughly 13% of letters in typical prose. A skilled analyst can crack a monoalphabetic cipher in minutes with a message of 200 or more characters.

When to use a keyword cipher

This is an educational and puzzle cipher, not a security tool. It is excellent for pen-and-paper puzzles, escape rooms, classroom cryptography exercises, and exploring the history of classical ciphers. Mary Queen of Scots famously used a variant substitution cipher — which was broken by her captors. If you need real data confidentiality, use a modern symmetric cipher instead.

Comparing to a simple Caesar shift

A Caesar cipher just shifts every letter by a fixed amount, giving only 25 meaningful keys. A keyword cipher has many more possible alphabets — the keyword choice dramatically expands the key space over a plain shift — though it remains trivially breakable by frequency analysis.