Editing Substitution cipher (section)

===Simple===
[[Image:ROT13.png|thumb|300px|right|[[ROT13]] is a [[Caesar cipher]], a type of substitution cipher. In ROT13, the alphabet is shifted 13 steps.]]

The simplest substitution ciphers are the [[Caesar cipher]] and [[Atbash|Atbash cipher]]. Here single letters are substituted (referred to as '''simple substitution'''). It can be demonstrated by writing out the alphabet twice, once in regular order and again with the letters shifted by some number of steps or reversed to represent the ''ciphertext alphabet'' (or substitution alphabet).

The substitution alphabet could also be scrambled in a more complex fashion, in which case it is called a '''mixed alphabet''' or ''deranged alphabet''. Traditionally, mixed alphabets may be created by first writing out a keyword, removing repeated letters in it, then writing all the remaining letters in the alphabet in the usual order.

Using this system, the keyword "{{mono|zebras}}" gives us the following alphabets:
{| class="wikitable plainrowheaders"
|-
! scope="row" | [[Plaintext]] alphabet
| {{mono|ABCDEFGHIJKLMNOPQRSTUVWXYZ}}
|-
! scope="row" | [[Ciphertext]] alphabet
| {{mono|ZEBRASCDFGHIJKLMNOPQTUVWXY}}
|}
A message 
 flee at once. we are discovered!

enciphers to

 SIAA ZQ LKBA. VA ZOA RFPBLUAOAR!

And the keyword "{{mono|grandmother}}" gives us the following alphabets:

{| class="wikitable plainrowheaders"
|-
! scope="row" | [[Plaintext]] alphabet
| {{mono|ABCDEFGHIJKLMNOPQRSTUVWXYZ}}
|-
! scope="row" | [[Ciphertext]] alphabet
| {{mono|GRANDMOTHEBCFIJKLPQSUVWXYZ}}
|}
The same message 
 flee at once. we are discovered!

enciphers to

 MCDD GS JIAD. WD GPD NHQAJVDPDN!

Usually the ciphertext is written out in blocks of fixed length, omitting punctuation and spaces; this is done to disguise word boundaries from the [[plaintext]] and to help avoid transmission errors. These blocks are called "groups", and sometimes a "group count" (i.e. the number of groups) is given as an additional check. Five-letter groups are often used, dating from when messages used to be transmitted by [[Telegraphy|telegraph]]:

 SIAAZ QLKBA VAZOA RFPBL UAOAR

If the length of the message happens not to be divisible by five, it may be padded at the end with "[[Null character|null]]s". These can be any characters that decrypt to obvious nonsense, so that the receiver can easily spot them and discard them.

The ciphertext alphabet is sometimes different from the plaintext alphabet; for example, in the [[pigpen cipher]], the ciphertext consists of a set of symbols derived from a grid. For example:
[[Image:A-pigpen-message.svg|center|320px|An example pigpen message]]
Such features make little difference to the security of a scheme, however – at the very least, any set of strange symbols can be transcribed back into an A-Z alphabet and dealt with as normal.

In lists and catalogues for salespeople, a very simple encryption is sometimes used to replace numeric digits by letters.
{| class="wikitable plainrowheaders"
! scope="row" | Plaintext digits
| {{mono|1234567890}}
|-
! scope="row | Ciphertext alphabets
| {{mono|MAKEPROFIT}}&nbsp;<ref>David Crawford / Mike Esterl, ''At Siemens, witnesses cite pattern of bribery'', [[The Wall Street Journal]], January 31, 2007: "Back at Munich headquarters, he [Michael Kutschenreuter, a former Siemens-Manager] told prosecutors, he learned of an encryption code he alleged was widely used at Siemens to itemize bribe payments. He said it was derived from the phrase "Make Profit," with the phrase's 10 letters corresponding to the numbers 1-2-3-4-5-6-7-8-9-0. Thus, with the letter A standing for 2 and P standing for 5, a reference to "file this in the APP file" meant a bribe was authorized at 2.55 percent of sales. - A spokesman for Siemens said it has no knowledge of a "Make Profit" encryption system."</ref>
|}
Examples: MAT would be used to represent 120, PAPR would be used for 5256, and OFTK would be used for 7803.

====Security====
Although the traditional keyword method for creating a mixed substitution alphabet is simple, a serious disadvantage is that the last letters of the alphabet (which are mostly low frequency) tend to stay at the end. A stronger way of constructing a mixed alphabet is to generate the substitution alphabet completely randomly.

Although the number of possible substitution alphabets is very large (26! ≈ 2<sup>88.4</sup>, or about [[key size|88 bits]]), this cipher is not very strong, and is easily broken. Provided the message is of reasonable length (see below), the [[cryptanalysis|cryptanalyst]] can deduce the probable meaning of the most common symbols by analyzing the [[frequency distribution]] of the ciphertext. This allows formation of partial words, which can be tentatively filled in, progressively expanding the (partial) solution (see [[frequency analysis#An example|frequency analysis]] for a demonstration of this). In some cases, underlying words can also be determined from the pattern of their letters; for example, the [[English language|English]] words ''tater'', ''ninth'', and ''paper'' all have the pattern ''ABACD''. Many people solve such ciphers for recreation, as with [[cryptogram]] puzzles in the newspaper.

According to the [[unicity distance]] of [[English language|English]], 27.6 letters of ciphertext are required to crack a mixed alphabet simple substitution. In practice, typically about 50 letters are needed, although some messages can be broken with fewer if unusual patterns are found. In other cases, the plaintext can be contrived to have a nearly flat frequency distribution, and much longer plaintexts will then be required by the cryptanalyst.