Four-Square Cipher

The four-square cipher is a modified version of the Playfair cipher. It provides better security of protected data. It was invented by a French cryptanalyst Félix Delastelle in 19th century.


It was used by all armies during World War II. Nowadays, it is considered to be easily breakable by using brute force attacks.


The four-square cipher is a polygraphic substitution cipher. The whole plaintext is divided into groups of letters. Then, each group is replaced by another previously determined group of characters. The four-square cipher operates on groups of the size of two letters.

Before encryption, it is necessary to prepare four tables. All the tables have dimensions of 5 by 5 letters and contain 25 letters of the Latin alphabet. Due to the fact that the Latin alphabet contains 26 letters, one of the rare letters (for example x or q) should be skipped, or the letters i and j should be treated as one letter. The tables should be placed side by side in such a way that they create a bigger square with the side length of two tables. All lines of rows and columns should be retained.

Two tables (the upper left and lower right ones) contain letters in the alphabetical order. During filling cells of the two other tables, one should use two secret keywords (that would be used to protect the data). Firstly, all duplicated letters in the keywords should be skipped (only the first occurrences should used). Then, all the remaining keyword letters should be entered (in the original order) into the tables (the letters from the first keyword to the first remaining table -for example the upper right one- and the letters from the second keyword to the second table). The communicating parties must agree earlier, in which order each table ought to be filled (for example row by row from left to right and from top to bottom). The rest cells of the both tables should be filled with the rest alphabet letters, usually in the alphabetical order.

For example, if one used names of both parents of the Roman Emperor Vespasian as secret keywords: Titus Flavius Sabinus and Vespasia Polla, treating letters i and j as one letter, and filling the tables row by row, from left to right and from top to bottom, the two following tables would be received:

a b c d e
f g h i k
l m n o p
q r s t u
v w x y z
t i u s f
l a v b n
c d e g h
k m o p q
r w x y z

v e s p a
i o l b c
d f g h k
m n q r t
u w x y z
a b c d e
f g h i k
l m n o p
q r s t u
v w x y z

In the next step of encryption, the whole plaintext should be split into pairs. Each pair should consist of two consecutive letters. If required, a rare letter should be appended to the original text (for example X or Q).

During encryption, two subsequent letters are encoded at a time. One should find the first letter of each pair in the upper left table and the second letter in the lower right table. Then, one should create a rectangle that covers over four tables and has corners in the cells determined by the two plaintext letters. The letters are encrypted by replacing them by another two letters, that are pointed by two other corners of the rectangle. The same steps should be repeated for all plaintext pairs. All letters should be replaced by letters determined by the four encryption tables.

For example, after encryption of a pair AS using the tables defined above, one would receive a new pair IL or LI.

Both parties should agree in which order the new letters ought to be appended to the ciphertext (for example, the first letter would be a letter from the upper right table, and the second letter should be taken from the lower left table).

Ciphertext decryption is performed in a similar way. Firstly, the recipient should create (knowing the secret keywords) the same four tables as the sender. Then, he should decode all letters pair by pair, using analogous operations. He needs to find two ciphertext letters in the upper right and lower left tables. After that, the rectangle corners should be found, and they should point to the two new plaintext letters (taken from the upper left and lower right tables).

Security of the four-square cipher

The algorithm of the four-square cipher provides better security than the Playfair cipher and the two-square cipher. Thanks to the use of four tables, several typical weaknesses of those ciphers are avoided (for example, there are not plaintext letters appearing in the ciphertext, or the reversed plaintext pairs are not encrypted by using the same letters).

The small disadvantage of the four-square cipher is the fact that it is slightly slower and more difficult to use (when comparing to the two ciphers mentioned above). It happens because there are more tables and secret keys involved in the operations that needs to be remembered.

The most effective method of breaking the four-square cipher is using frequency analysis method of pairs of ciphertext letters, and comparing ciphertext fragments with fragments parts. Thanks to the use of computers, the four-square ciphers can be broken relatively quickly.


Implementing the Four-Square Cipher is a relatively simple task. After preparing the input text and passwords, the main task is to deal properly with row and column numbers, for each pair of character.

Below, there is a JavaScript function which performs encryption of the input message, and return the result. Note, that both keywords are passed as one dimensional strings:

function encrypt(messageInput, keyword, alphabet) {
  var messageOutput = "";

  var pos = 0;
  while (pos < messageInput.length) {
    var m1 = messageInput[pos];
    var m2 = '';

    if (pos + 1 < messageInput.length) {
      m2 = messageInput[pos + 1];
      pos += 2;
    } else {
      m2 = 'Q'  // some dummy letter
      pos += 1;

    var idx1 = alphabet.indexOf(m1);  // upper-left table
    var idx2 = alphabet.indexOf(m2);  // lower-right table
    var c1 = keyword[0][(5 * Math.floor(idx1 / 5)) + idx2 % 5];
    var c2 = keyword[1][(5 * Math.floor(idx2 / 5)) + idx1 % 5];

    messageOutput = messageOutput.concat(c1);
    messageOutput = messageOutput.concat(c2);

  return messageOutput;

You may try out the Four-Square Cipher online on Crypto-Online website.