Running Key Cipher Encoder & Decoder

Use a long key text (book passage) for each letter's shift

Free running-key cipher tool — a Vigenère cipher that draws its key from a long passage of text instead of a repeating word, so the key never repeats. Encrypt and decrypt in your browser, no upload. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

How does a running-key cipher differ from Vigenère?

Standard Vigenère repeats a short keyword, which creates a period a cryptanalyst can find. The running-key cipher draws its key from a long text passage, so the key is as long as the message and has no repeating period.

The running-key cipher is a polyalphabetic substitution cipher that works like the Vigenère cipher but takes its key from a long stretch of text — classically a passage from an agreed book — rather than repeating a short keyword. Because the key is as long as the message and never repeats, it removes the periodic structure that makes ordinary Vigenère vulnerable to Kasiski analysis.

How it works

Letters are numbered 0 (A) through 25 (Z). The letters of the key passage are lined up beneath the message, one key letter per message letter. Encryption adds them modulo 26:

C = (P + K) mod 26

Decryption subtracts the same key letters:

P = (C - K) mod 26

Only letters in the key passage are used; its spaces and punctuation are skipped. In the message, non-letter characters pass through unchanged and do not consume a key letter, so the alignment between message letters and key letters is preserved.

Worked example

With key passage KING and plaintext MEET:

P:  M  E  E  T   (values: 12, 4, 4, 19)
K:  K  I  N  G   (values: 10, 8, 13, 6)
C:  W  M  R  Z   (results: 22, 12, 17, 25)

M (12) plus K (10) = 22 → W. E (4) plus I (8) = 12 → M. And so on. Decrypting WMRZ with the same key passage subtracts each key letter modulo 26 to recover MEET.

Why the running-key cipher is interesting but not secure

The cipher solves Vigenère’s periodic key problem — Kasiski analysis fails because the key never repeats. However, it introduces a different weakness: both the message and the key are natural language, and natural language is heavily non-random. This redundancy makes the cipher vulnerable to a probabilistic attack that tries candidate key passages and scores the resulting plaintexts by their plausibility as English text.

In practice, an attacker who knows the plaintext is English can work backward: for each possible ciphertext letter, only one key letter produces a valid plaintext letter, and many of those pairs are uncommon in natural language. Combining constraints across multiple letters narrows the candidate key passages quickly. This attack requires significant effort but is much easier than breaking a true one-time pad, which is completely information-theoretically secure.

Agreement requirements

Sender and receiver must agree on:

  1. The exact source text — typically a specific edition of a book or a memorised poem.
  2. The starting position — which character in the text to begin from.
  3. Non-letter handling — whether digits and punctuation are stripped or passed through. This tool skips non-letters in the key and passes them through unchanged in the message.

A single discrepancy in the source text — different editions can have different punctuation — causes decryption to diverge from the correct point onward, corrupting the recovered message. This fragility is one reason the cipher was historically impractical for long-distance communication.