T

Text Machine

Powerful text tools, in your browser

Running Key Cipher

Encode and decode the running-key cipher, a Vigenère cipher whose key is a long passage of text rather than a short repeating word. Because the key is as long as the message and never repeats, the periodic pattern that breaks an ordinary Vigenère disappears. Switch between encode and decode and watch the working build live. Everything runs in your browser.

Running key

Paste a long key passage, traditionally an agreed page of a book. For a true running key it must be at least as long as your message. Only letters are used to shift; uppercase and lowercase are treated the same, and any spaces, digits, or punctuation in the key are ignored.

Plaintext
Ciphertext

Enter text above to see the running-key result here.

How to use Running Key Cipher

  1. 1

    Choose encode or decode

    Pick Encode to turn plaintext into running-key ciphertext, or Decode to recover the plaintext from ciphertext. The same running key is used for both directions.

  2. 2

    Paste your running key

    Paste a long passage of text to use as the key, traditionally an agreed page of a book. For a true running key it should be at least as long as your message. Only its letters are used, and case, spaces, and punctuation are ignored.

  3. 3

    Type or paste your text

    Enter the message you want to convert. The cipher runs automatically as you type, and the letter-by-letter working updates live below, highlighting any point where a short key had to wrap and repeat.

  4. 4

    Read, copy, and share

    Read the result, then copy it, download it as a text file, or share a link that reopens the tool with your exact key, direction, and text. Everything stays in your browser.

Understanding the Running Key Cipher

What is the running-key cipher?

The running-key cipher is a polyalphabetic substitution cipher, a form of the Vigenère cipher in which the key is a long passage of ordinary text instead of a short repeating keyword. The sender and receiver agree in advance on a key text, classically an edition of a particular book opened to a particular page, and use its letters in order to shift the message. Because the key is at least as long as the message, it never has to repeat, and the regular cyclic structure that makes a repeating-key cipher easy to break simply disappears.

This long, non-repeating key is what sets the running-key cipher apart. An ordinary Vigenère cipher gives itself away through periodicity: its short keyword cycles, and that rhythm can be detected and unwound. A running key removes the rhythm entirely. The trade-off is that the key is now natural language, with all the statistical bias that English text carries, and that bias becomes the opening an attacker uses instead.

How the running-key cipher works

Number the alphabet from A as 0 to Z as 25. Write the key text out beneath the message so that one key letter sits under every letter of the plaintext. To encrypt, add each key letter to the letter above it and wrap around the alphabet with a remainder by 26, giving the ciphertext letter C = (P + K) mod 26. The arithmetic is exactly the Vigenère tableau; only the source of the key has changed.

To decrypt, the receiver writes the same key text beneath the ciphertext and subtracts, recovering each plaintext letter with P = (C − K) mod 26. As with every Vigenère variant, only the 26 letters are transformed: spaces, punctuation, and digits pass straight through and do not consume a key letter, so the key stays aligned with the letters of the message. Letter case is preserved, so the output keeps the shape of the original text.

Worked example

Encrypt the message HELLO using the running key KEYBOARD. Line the first five key letters K, E, Y, B, O under the message and add: H plus K is R, E plus E is I, L plus Y is J, L plus B is M, and O plus O is C. The ciphertext is RIJMC. Notice that, unlike the autokey cipher, the key letters come purely from the agreed key text and have nothing to do with the plaintext.

To decrypt RIJMC you write the same key KEYBOARD beneath it and subtract: R minus K is H, I minus E is E, J minus Y is L, M minus B is L, and C minus O is O, recovering HELLO. The whole message can be read in one pass because the key is known in full from the start, with no letter-by-letter feedback to wait on.

Running-key versus the repeating-key Vigenère

A standard Vigenère cipher repeats a short keyword across the whole message: with the key KEY the stream is KEYKEYKEY and so on. That repetition is its fatal flaw, because the key length can be recovered by the Kasiski examination or the index of coincidence, after which each column is a simple Caesar shift solved by frequency analysis. The running-key cipher uses the identical addition rule but a key that is as long as the message, so there is no period to find and those classic tests do not apply directly.

The danger is using a key that is too short. If the running key is shorter than the message it has to wrap back to its beginning, and at that moment it becomes an ordinary repeating-key Vigenère with all of that cipher's weaknesses. Encrypting HELLO with the three-letter key KEY, for instance, wraps to give RIJVS — exactly the repeating-Vigenère result. This tool flags any reused key letters so you can see the cipher degrade, and a proper running key should always be at least as long as the text.

Running-key versus the autokey cipher

The running-key and autokey ciphers are close cousins: both use a key as long as the message so that nothing repeats, and both reduce to the same modular addition. The difference is where the long key comes from. A running-key cipher draws its key from a shared external text, such as an agreed page of a book, whereas the autokey cipher builds its long key from a short primer keyword followed by the plaintext itself.

That distinction shapes how each is attacked. The autokey cipher needs only a tiny shared secret, the primer, but because part of its key is the plaintext, guessing a common word and dragging it through the message exposes more text. The running-key cipher needs both parties to hold the same key text, but its weakness is statistical: both the message and the key are natural language, so an analyst can play likely words off against likely words until a consistent split appears.

How to break the running-key cipher

Because the key never repeats, the Kasiski examination and the index of coincidence do not bite the way they do on a repeating Vigenère. Instead, the classic attack exploits the fact that each ciphertext letter is the sum of two letters that are both drawn from ordinary language. English is highly redundant, so only a small number of plaintext-and-key letter pairs are plausible for any given ciphertext letter, and common words in either stream leave detectable traces.

The practical method, often credited to William Friedman, is to guess a probable word, subtract it from a stretch of ciphertext as if it were the key, and see whether the other stream comes out looking like language. A correct guess in the key reveals a fragment of plaintext, and a correct guess in the plaintext reveals a fragment of the key; each fragment can then be extended outward and the two streams unzipped against each other. Reusing the same key text for more than one message is fatal, since subtracting two ciphertexts cancels the shared key and leaves the two plaintexts combined.

From running key to the one-time pad

The running-key cipher is the direct conceptual ancestor of the one-time pad, the only cipher proven to be unbreakable. The recipe is almost the same: take a key as long as the message and add it letter by letter. The one-time pad adds three strict conditions — the key must be truly random, at least as long as the message, and never reused. Meet all three and every possible plaintext is equally consistent with the ciphertext, so no analysis can favour the real one.

A running key fails precisely those conditions. A book passage is not random; it is structured English whose letter frequencies and common words give an analyst the foothold described above. So while the running-key cipher is meaningfully stronger than a repeating Vigenère, it offers no real security by modern standards and should never guard genuine secrets. It is best enjoyed as a vivid lesson in cryptographic history and a staple of puzzle hunts, escape rooms, and capture-the-flag challenges; for real protection, use a modern, well-tested algorithm such as AES.

Frequently asked questions

What is the running-key cipher?
The running-key cipher is a Vigenère cipher whose key is a long passage of text, such as a page from an agreed book, rather than a short repeating keyword. Because the key is as long as the message and never repeats, it avoids the cyclic pattern that makes an ordinary Vigenère cipher easy to break. It is sometimes called a book cipher when the key is taken from a book.
How does the running-key cipher work?
Number the alphabet A as 0 to Z as 25 and write the key text beneath the message, one key letter per message letter. To encrypt, add each key letter to the message letter modulo 26: C = (P + K) mod 26. To decrypt, subtract with the same key: P = (C − K) mod 26. Only letters are changed; spaces, digits, and punctuation pass through untouched.
How is the running-key cipher different from the Vigenère cipher?
They use the same addition rule, but a Vigenère cipher repeats a short keyword across the message while a running-key cipher uses a key as long as the message that never repeats. That removes the period a Kasiski examination or index of coincidence would find. If a running key is too short and has to repeat, it degrades back into an ordinary repeating-key Vigenère.
Can you show a running-key cipher example?
Encrypting HELLO with the running key KEYBOARD gives RIJMC. Lining up the key letters K, E, Y, B, O under the message: H plus K is R, E plus E is I, L plus Y is J, L plus B is M, and O plus O is C. Decrypting RIJMC with the same key KEYBOARD recovers HELLO in a single pass.
What should I use as the running key?
Use any long passage of text that you and your recipient both have, classically an agreed page of a particular book. The key should be at least as long as your message so it never has to repeat. Only the letters are used, and uppercase and lowercase are treated the same, so punctuation and spacing in the key do not matter.
What happens if my key is shorter than the message?
The key wraps back to its beginning and starts repeating, which turns the running-key cipher into an ordinary repeating-key Vigenère and exposes it to the usual attacks. This tool highlights the reused key letters so you can see exactly where that happens. For a true running key, always use text at least as long as the message you are encrypting.
What is the difference between running-key and autokey ciphers?
Both use a non-repeating key as long as the message, but they differ in where the key comes from. A running-key cipher takes its key from a shared external text such as a book, while the autokey cipher builds its key from a short primer keyword followed by the plaintext itself. The autokey needs only a tiny shared secret; the running key needs both parties to hold the same key text.
Is the running-key cipher the same as a book cipher?
It is one kind of book cipher. When the long key text is taken from an agreed book, the running-key cipher is often called a book cipher. The name book cipher is also used for a different scheme that replaces words with page, line, and word numbers, so the term can mean either, but here it refers to using book text as a Vigenère running key.
Does the cipher change spaces, digits, and punctuation?
No. Only the 26 letters are transformed. Spaces, punctuation, and any digits in the message pass through unchanged and do not consume a key letter, so the key stays aligned with the letters. Letter case is preserved, so the output keeps the shape of your original text.
How do you break the running-key cipher?
Since the key never repeats, the repeating-key tools do not apply. Instead, analysts exploit the fact that both the message and the key are ordinary language: each ciphertext letter is the sum of two biased letters, so guessing probable words in either stream and sliding them through the text reveals matching fragments that can be extended. Reusing one key text for several messages breaks it outright.
Is the running-key cipher related to the one-time pad?
Yes, closely. A one-time pad uses a key as long as the message and adds it the same way, but it requires the key to be truly random and never reused, which makes it unbreakable. A running key uses structured book text instead of random letters, and that statistical structure is exactly what lets it be attacked, so it falls short of the one-time pad's perfect secrecy.
Is the running-key cipher secure, and is my text uploaded?
It is stronger than a repeating-key Vigenère but still not secure: the natural-language key can be attacked statistically, so use a modern algorithm such as AES for real secrets. Your data stays private here regardless — all encoding and decoding happen in your browser, and even a share link keeps your text in the part of the URL after the hash, which browsers never send to a server.

Related tools

Keep going with these handy tools

Vigenère Cipher

Beaufort Cipher

Gronsfeld Cipher

Autokey Cipher

Porta Cipher

Trithemius Cipher