Description: A message has come in but it seems to be all scrambled. Luckily it seems to have the key at the beginning. Can you crack this substitution cipher?
Difficulty: Medium
Author: Will Hongandu
Summary
This challenge introduces the concept of a Substitution Cipher.
Youβre given an encoded message file named message.txt and need to decrypt it to reveal the flag.
You can solve it using online tools like Cryptii Substitution Decoder or by manually analyzing letter frequencies and patterns.
Analysis
What is a (Monoalphabetic) Substitution Cipher?
A monoalphabetic substitution cipher replaces each letter of the alphabet with another letter according to a one-to-one correspondence, meaning a specific plaintext letter always maps to the same ciphertext letter.
Itβs called monoalphabetic because only one alphabet mapping is used throughout the message. The substitution alphabet is a scrambled or reordered version of the normal alphabet.
How Encryption Works
To encrypt, a mixed (shuffled) alphabet replaces the standard one.
For example:
| Plain Alphabet | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Substitution Alphabet | B | Y | K | W | A | S | L | F | X | O | C | Z | T | D | H | J | U | M | I | G | P | V | E | N | Q | R |
Using this table, the plaintext βTESTβ would encrypt to GAIG.
Any permutation of the alphabet can serve as a valid key, as long as no letter is repeated.
ACA Classification (K1βK4 Systems)
The American Cryptogram Association (ACA) defines four common key-based variants of the monoalphabetic substitution cipher:
-
K1 β The key is placed at the start of the substitution alphabet, followed by the remaining unused letters in alphabetical order.
Example: Key βCODEβ βCODEABFGHIJKLMNPQRSTUVWXYZ -
K2 β The key is placed in the cipher alphabet (reciprocal of K1).
-
K3 β The same key is used for both the plaintext and cipher alphabets.
-
K4 β Two different keys are used: one for the plaintext alphabet and one for the cipher alphabet.
How Decryption Works
To decrypt, the process is simply reversed, replace each cipher letter with its corresponding plaintext letter using the inverse substitution table.
Example:
| Substitution Alphabet | N | B | A | J | Y | F | O | W | L | Z | M | P | X | I | K | U | V | C | D | E | G | R | Q | S | T | H |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Plain Alphabet | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
Example: The ciphertext EYDE decrypts to TEST.
How to Identify a Substitution Cipher
Monoalphabetic substitutions can often be recognized by:
- Letter frequency similar to natural language (like English).
- Spaces preserved, called an Aristocrat cipher.
- No spaces, called a Patristocrat cipher.
These characteristics make substitution ciphers ideal for practicing classical cryptanalysis techniques such as frequency analysis and pattern recognition.
Decryption
The message.txt file contains the following ciphertext:
OHNFUMWSVZLXEGCPTAJDYIRKQB
Suauypcg Xuwaogf oacju, rvds o waoiu ogf jdoduxq ova, ogf hacywsd eu dsu huudxumace o wxojj noju vg rsvns vd roj ugnxcjuf. Vd roj o huoydvmyx jnoaohouyj, ogf, oddsod dveu, yglgcrg dc godyaoxvjdj, cm ncyaju o wauod pavbu vg o jnvugdvmvn pcvgdcm ivur. Dsuau ruau drc acygf hxonl jpcdj guoa cgu ukdauevdq cm dsu honl, ogf oxcgw cgu guoa dsu cdsua. Dsu jnoxuj ruau uknuufvgwxq soaf ogf wxcjjq, rvds oxx dsuoppuoaognu cm hyagvjsuf wcxf. Dsu ruvwsd cm dsu vgjund roj iuaq aueoalohxu, ogf,dolvgw oxx dsvgwj vgdc ncgjvfuaodvcg, V ncyxf soafxq hxoeu Zypvdua mca svj cpvgvcgaujpundvgw vd.
Dsu mxow vj: pvncNDM{5YH5717Y710G_3I0XY710G_03055505}From the start of the file, I noticed a key hint: the first few letters indicate the substitution alphabet order. Using this OHNFUMWSVZLXEGCPTAJDYIRKQB, we can reconstruct the mapping table.
By applying the monoalphabetic substitution decryption (either manually or using Cryptii Substitution Decoder), we get the plaintext:
picoCTF{5UB5717U710N_3V0LU710N_03055505}β‘ Raikiriπ Flag pwned! The ciphertext has been decoded successfully.
π‘ TL;DR / Lesson LearnedMonoalphabetic substitution ciphers replace each letter with a fixed substitute from a defined alphabet. While simple to break with frequency analysis or known hints, they illustrate the basics of classical cryptography and the evolution toward modern, more secure encryption methods.