Description
The one-time pad can be unbreakable when used correctly - but can you break this one? A Vigenere-style lookup table, the key SOLVECRYPTO, and ciphertext UFJKXQZQUNB are provided.
Setup
Download the table image or text file from the challenge page.
Solution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Use the OTP table to decrypt each characterObservationI noticed the challenge explicitly provides a Vigenere-style lookup table, a repeating keyword (SOLVECRYPTO), and ciphertext (UFJKXQZQUNB), which suggested using the tabula recta directly: index each row by the key letter and scan for the ciphertext letter to read off the plaintext column header.For each position, find the row indexed by the key letter (S, O, L, V, E, C, R, Y, P, T, O) and scan across that row to find the column that matches the ciphertext letter. The column header is the plaintext letter. Working through all 11 characters produces CRYPTOISFUN.What didn't work first
Tried: Using the ciphertext letter to index the row instead of the key letter.
The table is symmetric enough to look plausible either way, but the rows are labeled by key and the columns by plaintext. Swapping them gives a completely different output - not a recognizable English word. The correct direction is: key letter selects the row, scan that row for the ciphertext letter, and read the column header as plaintext.
Tried: Treating this as a Caesar cipher and trying ROT shifts on each ciphertext letter independently.
Caesar shifts all letters by the same fixed amount, so the decryption is a single rotation. Vigenere uses a different shift at each position depending on the key letter, so applying a single ROT never produces CRYPTOISFUN. The multi-letter key SOLVECRYPTO is the giveaway that the shift changes at every position.
Learn more
A one-time pad (OTP) is a theoretically unbreakable encryption scheme when used correctly. The key must be: (1) truly random, (2) at least as long as the message, and (3) never reused. When all three conditions are met, ciphertext provides zero information about the plaintext - every possible plaintext of the same length is equally likely.
This challenge uses a Vigenere-style tabula recta- a 26×26 grid where each row is a Caesar-shifted alphabet. To encrypt, find the row labeled by the key letter and the column labeled by the plaintext letter; the intersection is the ciphertext. To decrypt, find the row labeled by the key letter, scan across until you find the ciphertext letter, then read the column header as plaintext. This is exactly inverting the encryption operation.
This challenge fails as a true OTP on all three counts: the key
SOLVECRYPTOis not random (it's a meaningful word), it's shorter than any message longer than 11 characters (requiring reuse), and the lookup table itself is the Vigenere square rather than XOR. The Vigenere cipher is a repeating-key polyalphabetic cipher - a significant improvement over Caesar but still breakable when the key is short relative to the message.Understanding why OTP fails in practice matters for real cryptography. Modern symmetric ciphers like AES in CTR mode approximate OTP properties using pseudorandom keystreams derived from a short key - but they rely on computational hardness rather than information-theoretic security. The key insight is that "unbreakable" cryptography requires strict operational discipline, not just a clever algorithm.
Interactive tools
- Cipher Identifier & Auto-DecoderPaste any ciphertext and the tool auto-runs every common decoder (base64, hex, Morse, ROT, Atbash, Bacon, binary, decimal, URL) and ranks the results by English-likeness.
Alternate Solution
This challenge uses the Vigenere tabula recta. Enter the key (SOLVECRYPTO) and ciphertext into the Vigenere Cipher tool on this site to decrypt it instantly in the browser - no table lookup required.
Flag
Reveal flag
picoCTF{CRYPTOISFUN}
A true one-time pad requires a random key at least as long as the message that is never reused - all three conditions are violated here, making it breakable.