Playfair Cipher

The cipher was invented by the British inventor Charles Wheatstone, who lived in the 19th century. Its first description was presented in 1854. The cipher is named after the Scottish scientist and politician, Lyon Playfair, who heavily popularized its use.


With the support of baron Playfair, the cipher was adapted for usage by the British Army. It was used during the Second Boer War, and then in World War I and World War II (also by other countries). Like all other ciphers of that period, it was withdrawn from use when the first computers appeared. Nowadays, it can be broken relatively quickly by using brute force attacks.


The Playfair cipher is a kind of polygraphic substitution cipher. A plaintext is divided into groups of characters and then one of the predefined characters is assigned to each group. The Playfair's algorithm operates on groups of size of two letters.

Before encryption, one should prepare a table based on a secret keyword. The table has dimensions of 5 by 5 letters and contains 25 letters of the Latin alphabet (the Latin alphabet has 26 letters, so one should skip one of the rare letters - for example x or q; or should count i and j as one letter).

During filling table cells, one should use the secret keyword (or a few secret words). First, all duplicated letters in the secret word should be skipped (only the first ones should be used). Then, all the remaining letters should be entered into the table, without changing their original order found in the keyword. Before doing that, the parties should agree in which order the table ought to be filled (for example, row by row from left to right and from top to bottom). The rest cells of the table should be filled with the rest alphabet letters in the ordinary alphabetical order.

For example, if one uses a Latin sentence as a keyword: pecunia non olet (it is believed that its author was Roman Emperor Vespasian), counting i and j as one letter and filling the table row by row, from top to bottom, one will receive the following table:

p e c u n
i a o l t
b d f g h
k m r s t
u w x y z

The next step during encryption is about dividing the plaintext into parts of length of two letters. If necessary, one can append a rare letter (for example X or Q) to the original text.

The algorithm finds both letters of each pair in the table and designates a rectangle that has two corners pointed by the letters. Then, these two letters should be replaced by another two letters, determined by two other rectangle's corners. This procedure should be performed for all plaintext pairs, all of them should be replaced by letters received from the table.

Both parties should agree in which order the new letters ought to be appended to the ciphertext (for example, the first letter would be a letter in a corner that is determined by a row that contains the first of both encoding plaintext letters).

The case with both letters in the currently encrypting pair that are located in the same row, should be handled differently. In such a case, one should usually change them into two letters lying directly to the right of them. If the original letter is located in the last position of the row, one should take the first letter of the row.

If the both letters in the currently encrypting pair are in the same column, one should perform similar operations. Usually, one ought to change them into two letters lying directly below them. If the original letter is in the last position of the column, one should take the first letter of the column.

The last case for consideration is the situation when the current pair consists of two identical letters. One should add an additional rare letter (for example X or Q) before the first letter of the pair. Then, after encrypting the new pair, one should continue the whole procedure for the rest of characters (starting from the second letter of the original pair).

Ciphertext decryption is performed in a similar way. First, the recipient must create (knowing the secret keyword) the same table as the sender. Then, he decodes pairs of letters, using analogous operations (determining rectangle corners in the reverse order and skipping unnecessary added letters like X or Q).

Security of the Playfair cipher

The general method of breaking the Playfair cipher is about performing frequency analysis of pairs of letters. Knowing estimated frequencies for a language that was used in the message, one can try to match frequent ciphertext pairs to frequent pairs of letters in the language.

Because of its simplicity, the cipher is characterized by features that make it easier to break. First, one can notice that pairs of letters and their inverse pairs (that means pairs like AC and CA) produce the same pairs in the ciphertext. It can be detected by creating databases of popular words and phrases that contain such combinations. Also, the Playfair cipher's ciphertext is characterized by a lack of the same repeated letters that are located next to each other.

The other method of attacking the cipher is about randomly filling the table and trying to decode the ciphertext based on its current values. Then, the attacker can slightly modify the table and try to decode the ciphertext again. He should continue modifying the table, accepting changes that improve quality of the current proposed plaintext. It is a relatively simple method, quite easy to implement.

The third very effective method of breaking the Playfair cipher is about guessing plaintext fragments, for example salutations to a sender, or dates and places of sending the message. Knowing the ciphertext and probable plaintext parts, one can very easily recreate the table that was used for encryption. This was a very common method of attacking German ciphers similar to the Playfair cipher during the Second World War.


Implementing the Playfair Cipher is a relatively simple task. The main challenge is to deal properly with row and column numbers, for each pair of characters.

Below, there is a JavaScript function which performs encryption of the input message, and return the result. Note, that the keyword is passed as one dimensional string:

function encrypt(messageInput, keyword) {
  var messageOutput = '';

  var pos = 0;
  while (pos < messageInput.length) {
    var m1 = messageInput[pos];
    var m2 = '';

    if (pos + 1 < messageInput.length) {
      if (messageInput[pos + 1] != m1) {
        m2 = messageInput[pos + 1];
        pos += 2;
      } else {
        m2 = 'Q'   // some dummy letter
        pos += 1;
    } else {
      m2 = 'Q'   // some dummy letter
      pos += 1;

    var c1 = m1;
    var c2 = m2;

    var idx1 = keyword.indexOf(m1);
    var idx2 = keyword.indexOf(m2);
    var row1 = Math.floor(idx1 / 5);
    var col1 = idx1 % 5;
    var row2 = Math.floor(idx2 / 5);
    var col2 = idx2 % 5;
    if ((row1 !== row2) && (col1 !== col2)) {
      c1 = keyword[(5 * row1) + col2];
      c2 = keyword[(5 * row2) + col1];
    } else
    if ((row1 !== row2) && (col1 === col2)) {
      c1 = keyword[(5 * ((5 + row1 + 1) % 5)) + col1];
      c2 = keyword[(5 * ((5 + row2 + 1) % 5)) + col1];
    } else
    if ((row1 === row2) && (col1 !== col2)) {
      c1 = keyword[(5 * row1) + ((5 + col1 + 1) % 5)];
      c2 = keyword[(5 * row1) + ((5 + col2 + 1) % 5)];
    } else {
      // error

    messageOutput = messageOutput.concat(c1);
    messageOutput = messageOutput.concat(c2);

  return messageOutput;

You may try out the Playfair Cipher online on Crypto-Online website.