picoCTF Solutions
PathPart of the Cryptography path · Step 1 of 4: Classical Ciphers
picoCTF 2022CryptographyMedium

Vigenere

Published: July 20, 2023

Description

A ciphertext is provided along with the key CYLAB. Use any Vigenère decoder to recover the plaintext flag.

Setup

Download cipher.txt from the challenge artifacts.

Open the file to view the encrypted string.

Feed the ciphertext into our Vigenère Cipher tool with key CYLAB, or use CyberChef / dCode.

wget https://artifacts.picoctf.net/c/160/cipher.txt
cat cipher.txt

Solution

  1. Step 1Identify the cipher
    The problem statement explicitly names Vigenère. Tools like CyberChef → From Vigenere make decoding trivial.
    Learn more

    The Vigenère cipher is a polyalphabetic substitution cipher that uses a repeating keyword to determine the shift at each position. For a key of length n, position i is shifted by the value of the (i mod n)-th key letter. This means the same plaintext letter produces different ciphertext letters depending on its position - defeating simple frequency analysis.

    Vigenère was considered unbreakable for nearly 300 years and was called le chiffre indéchiffrable (the indecipherable cipher). It was finally broken systematically by Charles Babbage (1854) and Friedrich Kasiski (1863). The key insight of Kasiski examination: repeated segments of plaintext (like "the") that happen to align with the same part of the repeating key produce repeated ciphertext, revealing the key length. Once you know the key length, each position becomes an independent Caesar cipher, breakable by frequency analysis.

    When the key is provided (as here), decoding is instant: subtract each key letter's value from the corresponding ciphertext letter (modulo 26). Our Vigenère Cipher tool, CyberChef, dCode.fr, and cryptii.com all implement this. The key CYLAB repeats: C(2), Y(24), L(11), A(0), B(1), C(2), Y(24), ...

  2. Step 2Apply the key CYLAB
    Enter CYLAB as the key and paste `rgnoDVD{O0NU_WQ3_G1G3O3T3_A1AH3S_2951c89f}` as the input. The decoder outputs the correct picoCTF flag.
    Learn more

    The decryption formula for Vigenère is: plaintext[i] = (ciphertext[i] - key[i mod keylen] + 26) mod 26. Non-alphabetic characters (digits, underscores, braces) are passed through unchanged since the cipher only affects letters. The flag wrapper picoCTF{...} confirms correctness - rgnoDVD must decrypt to picoCTF.

    You can verify this manually for the first letter: r (17) - C (2) = 15 = p. Second: g (6) - Y (24) + 26 = 8 = i. Third: n (13) - L (11) = 2 = c. And so on. This illustrates why knowing the key makes Vigenère trivial to break.

    Without the key, breaking Vigenère on short ciphertexts is harder but still feasible. The index of coincidence method estimates key length by testing how "English-like" the ciphertext looks when letters at spacing k are grouped. Once the key length is known, each Caesar sub-cipher is solved independently. Python's pycipher library and the Dcode.fr Vigenère analyzer automate this entire process.

Alternate Solution

Since the key (CYLAB) is given, the fastest path is the Vigenère Cipher tool on this site. Paste the ciphertext, enter CYLAB as the key, choose Decrypt, and the flag appears immediately - no terminal needed.

Flag

picoCTF{D0NT_US3_V1G3N3R3_C1PH3R_29...}

Vigenère is not secure-once the key is known, decoding is instantaneous.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Tools used in this challenge

Related reading

What to try next