Gronsfeld Cipher

Encode and decode the Gronsfeld cipher, a simplified Vigenère cipher that uses a short string of digits as its key. Each digit shifts the matching letter of your message, and the key repeats across the text. Switch between encode and decode and watch the working build live. Everything runs in your browser.

Numeric key

Key digits

Enter the key as a string of digits 0 to 9, such as 31415. Each digit sets how far the matching letter of your message is shifted, and the key repeats across the text. Only the digits are used; any letters, spaces, or punctuation typed into the key are ignored.

Plaintext

Ciphertext

Enter text above to see the Gronsfeld result here.

How to use Gronsfeld Cipher

1
Choose encode or decode
Pick Encode to turn plaintext into Gronsfeld ciphertext, or Decode to recover the plaintext from ciphertext. The same numeric key is used for both directions.
2
Enter the numeric key
Type the key as a string of digits 0 to 9, such as 31415. Each digit sets the shift for the letter it lines up with, and the key repeats across the message. Letters, spaces, and punctuation in the key are ignored.
3
Type or paste your text
Enter the message you want to convert. The cipher runs automatically as you type, and the letter-by-letter working updates live below so you can see each shift.

4
Read, copy, and share
Read the result, then copy it, download it as a text file, or share a link that reopens the tool with your exact key, direction, and text. Everything stays in your browser.

Understanding the Gronsfeld Cipher

What is the Gronsfeld cipher?

The Gronsfeld cipher is a polyalphabetic substitution cipher that works exactly like the Vigenère cipher but takes its key as a short string of digits instead of a keyword. Each digit from 0 to 9 tells you how far to shift the matching letter of the message, and the digits repeat across the text. Because the same plaintext letter can become several different ciphertext letters depending on its position, the cipher hides the simple letter-frequency pattern that gives a plain Caesar shift away.

The cipher is named after Johann Franz, Count of Gronsfeld, a seventeenth-century diplomat and soldier, and it was described by the scholar Gaspar Schott in his 1665 work on secret writing. Its appeal was practical: a numeric key is easy to remember and easy to send, for example as a date or a memorable number, without having to agree on a secret word in advance. For that reason the Gronsfeld cipher saw real use in correspondence and later in the telegraph era.

How the Gronsfeld cipher works

Number the alphabet from A as 0 to Z as 25. Write the numeric key under the message, repeating it as often as needed so that one digit sits under every letter. To encrypt, add each key digit to the letter above it and wrap around the alphabet with a remainder by 26, so the ciphertext letter is C = (P + K) mod 26. To decrypt you subtract instead, P = (C − K) mod 26, which undoes the shift and returns the original letter.

Only the 26 letters are shifted. Spaces, punctuation, and even digits that appear in the message itself pass straight through and do not consume a key digit, so the key stays lined up with the letters that matter. Letter case is preserved, so an uppercase letter stays uppercase and a lowercase letter stays lowercase. Because every digit is between 0 and 9, each position uses one of only ten possible shifts, which is the defining trait of the Gronsfeld cipher.

Worked example

Encrypt the message HELLO with the numeric key 31415. Repeating the key lines up the digits 3, 1, 4, 1, 5 under the letters H, E, L, L, O. Shifting each letter forward by its digit gives H plus 3 is K, E plus 1 is F, L plus 4 is P, L plus 1 is M, and O plus 5 is T. The ciphertext is KFPMT.

To decrypt KFPMT with the same key 31415, subtract each digit instead. K minus 3 is H, F minus 1 is E, P minus 4 is L, M minus 1 is L, and T minus 5 is O, which spells HELLO again. The encode and decode steps are mirror images of each other, so the only thing the receiver needs is the same numeric key.

Gronsfeld versus Vigenère

The Gronsfeld cipher is best understood as a Vigenère cipher with a restricted key. A Vigenère keyword turns each of its letters into a shift from 0 to 25, using the whole alphabet. A Gronsfeld key only ever uses the shifts 0 through 9, which are the same as the Vigenère keyword letters A through J. So the Gronsfeld key 31415 behaves identically to the Vigenère keyword DBEBF, because D is a shift of 3, B is a shift of 1, E is a shift of 4, and so on.

This restriction is a trade-off. The advantage is convenience: a number is simpler to remember, dictate, or carry than a word, and there is no alphabet-to-shift conversion to do in your head. The cost is strength. Because only ten of the twenty-six possible shifts are ever used at each position, the key space is far smaller than a full Vigenère key of the same length, which makes the Gronsfeld cipher easier to break.

Why use a number as the key?

A numeric key is the whole point of the Gronsfeld cipher. People are good at remembering numbers that already mean something to them, such as a birth date, a street number, or the opening digits of a familiar constant like pi. Two correspondents can agree on such a number quickly and reconstruct it from memory, without writing down a secret word that might be found.

Numbers also travel cleanly. In the age of the telegraph a key made of digits could be transmitted and recorded with less chance of error than a word, and it needed no special code book. That practicality is why the Gronsfeld cipher remained popular for everyday secret writing long after stronger methods existed, and why it still turns up today in puzzles and teaching.

How to break the Gronsfeld cipher

Gronsfeld is a repeating-key cipher, so it falls to the same attack that breaks Vigenère, only more easily. The first step is to find the length of the key. Classic tools for this are the Kasiski examination, which measures the distances between repeated groups of letters, and the index of coincidence, which detects how uneven the letter frequencies are. Once the key length is known, the ciphertext splits into columns that were each shifted by a single digit.

Solving each column is where Gronsfeld is weaker than Vigenère. Each column was shifted by one of only ten possible values, so an attacker can simply try all ten and pick the shift that makes the column read like normal language. With short keys the whole key can even be found by brute force, since there are only ten choices per digit. A Gronsfeld message is therefore only as safe as its key is long, unpredictable, and never reused.

Is the Gronsfeld cipher secure?

No. By modern standards the Gronsfeld cipher offers no real security. Its small per-letter key space and its repeating key make it quick to break with pencil-and-paper methods, and trivial for a computer. It belongs to the history of hand ciphers, where its value was the convenience of a numeric key rather than any serious resistance to analysis.

Today the Gronsfeld cipher is enjoyed for learning and for fun. It is a clear, friendly way to see how a numeric key drives a polyalphabetic shift, and it appears regularly in puzzle hunts, escape rooms, geocaching, and capture-the-flag challenges. For protecting real information you should rely on modern, well-tested algorithms such as AES instead.

Frequently asked questions

What is the Gronsfeld cipher?

The Gronsfeld cipher is a polyalphabetic substitution cipher that works like the Vigenère cipher but uses a key made of digits instead of a keyword. Each digit from 0 to 9 shifts the matching letter of the message, and the key repeats across the text. It is named after a seventeenth-century count and was valued for the convenience of a numeric key.

How does the Gronsfeld cipher work?

Number the alphabet from A as 0 to Z as 25 and write the digit key under the message, repeating it as needed. To encrypt, add each key digit to the letter above it modulo 26: C = (P + K) mod 26. To decrypt, subtract instead: P = (C − K) mod 26. Only letters are shifted; spaces, punctuation, and digits in the text pass through unchanged.

How is Gronsfeld different from the Vigenère cipher?

Gronsfeld is a Vigenère cipher with a restricted key. A Vigenère keyword uses shifts from 0 to 25, while a Gronsfeld key only uses the shifts 0 to 9. So the Gronsfeld key 31415 is identical to the Vigenère keyword DBEBF. The numeric key is easier to remember, but the smaller set of shifts makes Gronsfeld easier to break.

Can you show a Gronsfeld cipher example?

Encrypting HELLO with the key 31415 gives KFPMT. The digits 3, 1, 4, 1, 5 line up under the letters and shift each one forward: H plus 3 is K, E plus 1 is F, L plus 4 is P, L plus 1 is M, and O plus 5 is T. Decrypting KFPMT with the same key subtracts the digits and returns HELLO.

What key should I use?

Use any string of digits 0 to 9. A longer, less predictable key is stronger, because the security of the cipher depends on the key being long, hard to guess, and never reused. Short or obvious numbers such as 1234 are broken almost instantly. Letters and other characters typed into the key are ignored, so only the digits matter.

How do I decode a Gronsfeld cipher?

Switch the tool to Decode, enter the same numeric key that was used to encrypt, and paste the ciphertext. The tool subtracts each key digit to recover the plaintext. If you do not know the key, you can often recover it by cryptanalysis, because each position uses only one of ten possible shifts.

Why does the key use numbers instead of letters?

A numeric key is the defining feature of the Gronsfeld cipher and its main practical advantage. Numbers such as a date or the digits of pi are easy to remember and to dictate, and they need no conversion from letters to shifts. Historically this made the cipher convenient for correspondence and for the telegraph, where digits transmitted cleanly.

Does the cipher change spaces, digits, and punctuation?

No. Only the 26 letters are shifted. Spaces, punctuation, and any digits that appear in the message itself pass through unchanged, and they do not consume a key digit, so the key stays aligned with the letters. Letter case is preserved, so the output keeps the shape of your original text.

Is a key digit of 0 allowed?

Yes. A digit of 0 is a valid key value that shifts its letter by zero, leaving it unchanged at that position. A key made entirely of zeros therefore returns the message unchanged. Mixing zeros into a longer key is perfectly fine and simply means some positions are not shifted.

How do you break the Gronsfeld cipher?

Because the key repeats, you first find the key length with the Kasiski examination and the index of coincidence, then split the ciphertext into columns that share one digit. Each column used only one of ten possible shifts, so trying all ten and keeping the readable result recovers it quickly. Short keys can even be brute-forced outright.

Is the Gronsfeld cipher secure?

No. By modern standards it provides no real security: the small per-letter key space and the repeating key make it quick to break by hand and trivial for a computer. It is best treated as an educational and puzzle cipher and a piece of cryptographic history. For genuine protection, use a modern algorithm such as AES instead.

Is my text uploaded to a server?

No. All encoding and decoding happen entirely in your browser, so your text and key are never uploaded, logged, or stored. Even a share link keeps your data in the part of the URL after the hash, which browsers never send to a server, so it stays private until you choose to share it.

Related tools

Keep going with these handy tools

Beaufort Cipher

Porta Cipher

Trithemius Cipher

Vigenère Cipher

Autokey Cipher

Running Key Cipher