Beaufort Cipher

Encode and decode the Beaufort cipher, a keyword-based polyalphabetic cipher named after the British admiral Sir Francis Beaufort. It is reciprocal: the same keyword both encrypts and decrypts, so there is no separate decode mode. Enter a keyword and watch the working build live. Everything runs in your browser.

Beaufort is reciprocal: the same keyword both encrypts and decrypts. To decode a message, paste the ciphertext and enter the same keyword, and the result is the original plaintext. There is no separate decode button.

Keyword

The keyword is the secret shared by sender and receiver. It repeats across the message, and each of its letters sets how far that position is subtracted. Only letters are used; any spaces, digits, or punctuation in the keyword are ignored.

Text

Result

Enter text above to see the Beaufort result here.

How to use Beaufort Cipher

1
Enter the keyword
Type the shared secret keyword, such as FORTIFICATION. Only its letters are used; any spaces, digits, or punctuation are ignored. The same keyword is used for both encrypting and decrypting.
2
Type or paste your text
Enter the message you want to convert: plaintext to encrypt, or Beaufort ciphertext to decrypt. The cipher runs automatically as you type, and the letter-by-letter working updates live below.
3
Read the reciprocal result
Because Beaufort is reciprocal, the same keyword serves both directions. To recover a message, paste the ciphertext and enter the same keyword that was used to encrypt it; the result is the original plaintext.

4
View, copy, and share
Open the working to see how each letter is computed, then copy the result, download it as a text file, or share a link that reopens the tool with your exact keyword and text.

Understanding the Beaufort Cipher

What is the Beaufort cipher?

The Beaufort cipher is a polyalphabetic substitution cipher named after Sir Francis Beaufort, the Royal Navy admiral best remembered today for the Beaufort wind scale. It is closely related to the Vigenère cipher: a repeating keyword shifts each letter of the message, so the same plaintext letter can encrypt to many different ciphertext letters depending on its position. This spreading of each letter across the alphabet is what makes a polyalphabetic cipher far harder to read than a simple Caesar shift.

What sets Beaufort apart is the direction of the arithmetic. Instead of adding the key to the plaintext as Vigenère does, Beaufort subtracts the plaintext from the key. That single change gives the cipher its most useful property: it is reciprocal, meaning the very same operation both encrypts and decrypts. The method was printed on a small card published shortly after Beaufort's death in 1857, and the same reciprocal rule was later built into rotor machines such as the Hagelin M-209 used in the mid-twentieth century.

How the Beaufort cipher works

Number the alphabet from A as 0 to Z as 25. The keyword is repeated as many times as needed to line up one key letter under every letter of the message. For each position you take the key letter, subtract the plaintext letter from it, and wrap the result around the alphabet with a remainder by 26. Written as a formula, the ciphertext letter is C = (K − P) mod 26. Letters are the only characters transformed; spaces, digits, and punctuation pass straight through and do not consume a key letter, so the keyword stays lined up with the letters that matter.

On paper the same calculation can be done with a tabula recta, the square grid of every shifted alphabet. To encipher a letter you find the plaintext letter along the top row, move down that column until you reach the keyword letter, and then read the ciphertext from the label at the far left of that row. This look-up is just a visual way of computing the same subtraction, and it is exactly what the live working below the tool shows for each letter of your message.

Worked example

Encrypt the message HELLO with the keyword KEY. Repeating the keyword gives the key letters K, E, Y, K, E lined up under H, E, L, L, O. Subtracting each plaintext letter from its key letter, K minus H is 10 − 7 = 3 which is D; E minus E is 0 which is A; Y minus L is 24 − 11 = 13 which is N; K minus L is 10 − 11 = −1, and wrapping around gives 25 which is Z; finally E minus O is 4 − 14 = −10, wrapping to 16 which is Q. The ciphertext is DANZQ.

Now decrypt DANZQ with the same keyword KEY and the same subtraction. K minus D is 10 − 3 = 7 which is H; E minus A is 4 which is E; Y minus N is 24 − 13 = 11 which is L; K minus Z is 10 − 25 = −15, wrapping to 11 which is L; E minus Q is 4 − 16 = −12, wrapping to 14 which is O. The result is HELLO again. The identical operation recovered the message, which is the whole point of the Beaufort cipher.

Why Beaufort is its own inverse

The reciprocal property follows directly from the formula. Encryption computes C = (K − P) mod 26. If you feed that ciphertext back through the same step with the same key, you compute (K − C) mod 26, which is (K − (K − P)) mod 26. The two key letters cancel and you are left with P, the original plaintext. Because subtraction in this circular alphabet is symmetric in that way, encrypting twice returns you to where you started.

This is genuinely convenient. With Vigenère you must remember to add when encrypting and subtract when decrypting, so the two directions use different procedures. With Beaufort there is only one procedure to learn, and a single machine setting or a single tool can serve both directions. That is why this tool has no separate decode button: you simply enter the same keyword and paste whichever text you want to convert.

Beaufort, Vigenère, and the variant Beaufort

It helps to line up the three closely related keyword ciphers. The Vigenère cipher adds, C = (P + K) mod 26, and needs the reverse subtraction to decrypt. The true Beaufort cipher subtracts the plaintext from the key, C = (K − P) mod 26, and is reciprocal. There is also a third rule, the variant Beaufort, sometimes called the German Beaufort, which subtracts the key from the plaintext instead, C = (P − K) mod 26. That variant is exactly the Vigenère decryption step used as an encryption, and unlike the true Beaufort it is not reciprocal, so it needs Vigenère encryption to undo it.

Because all three share a repeating keyword and a tabula recta, they are often confused, and a message enciphered with one will look like gibberish under another. This tool implements the classic reciprocal Beaufort. If you need the adding rule or the variant, the Vigenère tool on Text Machine covers Vigenère and its related modes.

How to break the Beaufort cipher

Beaufort inherits the strengths and the weaknesses of any repeating-key polyalphabetic cipher. Its defence is that one plaintext letter maps to several different ciphertext letters, which flattens the obvious letter-frequency peaks that give a simple substitution away. Its weakness is that the key repeats. Once an analyst guesses the length of the keyword, the ciphertext splits into separate columns that were each enciphered with a single fixed key letter, and every column becomes a plain shift cipher that yields to frequency analysis.

The classic way to find the key length is the Kasiski examination, which looks for repeated groups of letters and measures the distances between them, together with the index of coincidence, which measures how uneven the letter frequencies are. With the key length known, recovering each key letter is quick. The whole attack is the same one that famously broke the Vigenère cipher, so a Beaufort message is only as strong as its keyword is long, unpredictable, and used just once.

Is the Beaufort cipher secure?

No. By modern standards the Beaufort cipher offers no real security. A short or repeated keyword falls quickly to the Kasiski and index-of-coincidence methods above, and even a long keyword cannot withstand a determined analyst with a computer. It belongs to the era of hand ciphers and early cipher machines, where its appeal was a clever, easy-to-use reciprocal rule rather than unbreakable strength.

Today the Beaufort cipher is valued for learning and for fun. It is an excellent way to understand polyalphabetic substitution and the elegant idea of a self-inverse cipher, and it appears often in puzzles, escape rooms, and capture-the-flag challenges. For protecting real information you should rely on modern, well-tested algorithms such as AES instead.

Frequently asked questions

What is the Beaufort cipher?

The Beaufort cipher is a polyalphabetic substitution cipher named after the British admiral Sir Francis Beaufort. Like the Vigenère cipher it shifts each letter by a repeating keyword, but it subtracts the plaintext from the key rather than adding, which makes it reciprocal: the same operation both encrypts and decrypts.

How does the Beaufort cipher work?

Number the alphabet from A as 0 to Z as 25 and repeat the keyword across the message. For each letter the ciphertext is the key letter minus the plaintext letter, taken modulo 26: C = (K − P) mod 26. Only letters are changed; spaces, digits, and punctuation pass through and do not advance the keyword.

Is the Beaufort cipher the same as the Vigenère cipher?

They are close relatives but not the same. Vigenère adds the key to the plaintext, C = (P + K) mod 26, and uses a different step to decrypt. Beaufort subtracts the plaintext from the key, C = (K − P) mod 26, and uses one step for both directions. A message enciphered with one will not decrypt correctly under the other.

Why is the Beaufort cipher reciprocal?

Encryption computes C = (K − P) mod 26. Running the ciphertext back through the same step gives (K − C) mod 26 = (K − (K − P)) mod 26, which simplifies to P, the original letter. Because the two key letters cancel, applying the cipher twice returns the message, so a single operation both encrypts and decrypts.

Can you show a Beaufort cipher example?

Encrypting HELLO with the keyword KEY gives DANZQ. The key letters K, E, Y, K, E line up under the message, and subtracting each plaintext letter from its key letter modulo 26 gives D, A, N, Z, Q. Decrypting DANZQ with the same keyword KEY and the same subtraction returns HELLO.

How do I decode a Beaufort cipher?

Use the same keyword that was used to encrypt, and paste the ciphertext into the tool. Because Beaufort is reciprocal there is no separate decode mode: entering the keyword and the ciphertext produces the original plaintext directly. If you do not know the keyword, you must recover it by cryptanalysis.

What is the variant Beaufort cipher?

The variant Beaufort, sometimes called the German Beaufort, subtracts the key from the plaintext instead: C = (P − K) mod 26. That is the Vigenère decryption step used to encrypt, and unlike the true Beaufort it is not reciprocal, so it must be undone with Vigenère encryption. This tool implements the classic reciprocal Beaufort.

What keyword should I use?

Any word or phrase of letters works. A longer, less predictable keyword is stronger, because the security of the cipher depends on the keyword being long, hard to guess, and never reused. Short or common keywords are quickly broken. Spaces, digits, and punctuation in the keyword are ignored, so only its letters matter.

Does the Beaufort cipher change spaces and punctuation?

No. Only the 26 letters are enciphered. Spaces, digits, and punctuation pass through unchanged, and they do not consume a keyword letter, so the keyword stays aligned with the letters it transforms. Letter case is preserved in the output so the result keeps the shape of your original text.

How do you break the Beaufort cipher?

Beaufort is a repeating-key cipher, so the attack is the same one that breaks Vigenère. First find the key length using the Kasiski examination and the index of coincidence, then split the ciphertext into columns that share one key letter and solve each as a simple shift with frequency analysis. A short or reused keyword is broken quickly.

Is the Beaufort cipher secure?

No. By modern standards it provides no real security: a repeating keyword falls to classical cryptanalysis, and even long keywords cannot withstand a computer. It is best treated as an educational and puzzle cipher and a piece of cryptographic history. For genuine protection, use a modern algorithm such as AES instead.

Is my text uploaded to a server?

No. All encoding and decoding happen entirely in your browser, so your text and keyword are never uploaded, logged, or stored. Even a share link keeps your data in the part of the URL after the hash, which browsers never send to a server, so it stays private until you choose to share it.

Related tools

Keep going with these handy tools

Porta Cipher

Vigenère Cipher

Gronsfeld Cipher

Trithemius Cipher

Autokey Cipher

Running Key Cipher