Transposition

So far every classical cipher in this area has been a substitution — replace each letter with a different one. Transposition ciphers do the opposite: they keep the letters intact but rearrange the order.

plaintext:    H E L L O W O R L D
substitution: K H O O R Z R U O G    (each letter replaced)
transposition: H L O O L E O R W L D    (same letters, new order)

Both approaches are diffusion mechanisms in a different sense. Substitution hides letter identities; transposition hides letter positions. Combined, they're what every modern block cipher does inside each round.

The rail fence cipher

The simplest transposition. Write the plaintext along an imaginary fence with N rails in a zigzag pattern, then read off the rails one by one.

N = 3, plaintext = "WE ARE DISCOVERED FLEE AT ONCE"

Rail 1: W . . . E . . . . . . . D . . . . F . . . . . . O . . .
Rail 2: . E . R . D . S . O . E . E . . . . L . E . T . N . E .
Rail 3: . . A . . . I . C . V . . . R . D . . . E . . A . . . C

Read off:
WERLTEEERDSOEEFLEEAOAVDEN

Wait that's wrong — let me redo carefully:

Step 1: zigzag the letters
        W   E   D   F   O
         E A E I C V R D L E A O C
          R   S   E   E   T   N   E

Step 2: concatenate the rails
        W + E + D + F + O = "WEDFO"
        EAEICVRDLEAOC = "EAEICVRDLEAOC"
        RSEETNE = "RSEETNE"

Final:  WEDFOEAEICVRDLEAOCRSEETNE

Decryption: figure out how many letters land on each rail (a function of message length and rail count), reconstruct the zigzag, read row by row in zigzag order.

A 3-rail fence has only two effective keys (number of rails being 2 or 3 covers most short messages). It is barely a cipher. Useful for teaching, useless for security.

Columnar transposition

A real transposition cipher. Pick a key — usually a word — and number its letters in alphabetical order:

Key:    Z E B R A
Order:  5 3 2 4 1

Write the plaintext into a grid with as many columns as the key:

Z E B R A     5 3 2 4 1
A T T A C     A T T A C
K A T D A     K A T D A
W N X X X     W N X X X    ← X padding

Read the columns out in numerical order (1, then 2, then 3, etc.):

Column 1 (A): C A X
Column 2 (B): T T X
Column 3 (E): T A N
Column 4 (R): A D X
Column 5 (Z): A K W

Ciphertext: CAXTTXTANADXAKW

Decryption requires knowing the key, the message length, and the column-fill rule.

This is the workhorse classical transposition cipher. It became the basis of every WWI / early WWII transposition system.

Double columnar transposition

Apply columnar transposition twice with two different keys. Used in WWII by partisan groups in occupied Europe — the SOE (Special Operations Executive) trained agents on it as a manual cipher because it required no equipment, just a memorised key.

Hand-cracking a double columnar transposition is genuinely hard — you need significantly more ciphertext and more sophisticated cribbing than for a single transposition. It's the most secure classical hand cipher, full stop.

ADFGVX

Designed by the German army in 1918, ADFGVX combines:

1. Substitution via a 6×6 Polybius square. Plaintext letters become pairs from the alphabet {A, D, F, G, V, X}. (Six letters chosen because their Morse codes are very dissimilar — easier to copy under battlefield conditions.)
2. Columnar transposition with a key.

The combination defeats single-letter frequency analysis (substitution stage) AND shuffles digrams (transposition stage). Each stage individually is broken; the combination is stronger than either.

French cryptanalyst Georges Painvin broke ADFGVX in 1918 by exploiting the famous "victory-defeat" property: the Germans always sent two intercept categories — situation reports and orders — with structurally similar headers. With multiple intercepts of the same key Painvin could line up the plaintext columns, recovering the transposition key, then frequency-analyse the substitution.

The "ADFGX" version (1918 introduction, before the V was added) is structurally identical, just with 5 letters and a 5×5 Polybius square.

Frequency analysis on transposition

Single-letter frequency:

• Plaintext "WE ARE DISCOVERED FLEE AT ONCE" has the letters {W, E, A, R, E, D, I, S, C, O, V, E, R, E, D, F, L, E, E, A, T, O, N, C, E}.
• Ciphertext after rail fence has the SAME letters in the same multiset.
• Frequency histogram of the ciphertext is identical to the plaintext.

So single-letter frequency is diagnostic of transposition (vs. substitution): a ciphertext that looks like English by letter frequency but is unreadable suggests transposition. But it doesn't crack the cipher.

Bigram analysis still helps. In English plaintext, adjacent-letter pairs aren't independent — TH, HE, IN are common; QZ, JX are rare. After transposition, the bigrams are shuffled, but if you can guess the period (key length / rails), you can reconstruct candidate bigrams from non-adjacent positions.

Cracking columnar transposition

The standard attack:

1. Compute the message length. The number of columns must divide it evenly (after padding).
2. For each candidate column count, write the ciphertext into that many columns of the appropriate height.
3. For each candidate column ordering, score the resulting plaintext using English bigram statistics.
4. The best-scoring column ordering is the answer.

For short keys (≤ 8 letters), this is a few thousand permutations — exhaustively searchable in milliseconds. Key length 12+ starts to require smarter search (genetic algorithms, simulated annealing). The CTF community has well-tested solver libraries.

Modern relevance

Transposition is alive and well — but renamed "permutation" — inside every modern symmetric cipher:

• AES: each round includes a ShiftRows step (transposition of bytes within the block) and a MixColumns step (a more sophisticated transposition).
• DES: each round has expansion permutation and a final straight permutation.
• ChaCha20: the quarter-round reorders state via shift-add-XOR-rotate operations.

Shannon's principles of confusion (substitution) and diffusion (transposition) drive every modern design. Classical transposition was the first real demonstration that diffusion alone provides cryptographic value — and combined with substitution, it produces serious ciphers, even by hand.

What this lesson asks of you

The playground walks you through transposition variants — rail fence, columnar, double columnar, ADFGVX — and asks you to identify which scheme fits each scenario. The visualizer shows the rail-fence zigzag interactively: pick the rail count and watch the ciphertext form, then see the bigram-frequency analysis that distinguishes transposition from substitution.