Autokey Cipher - Cryptanalysis

Cryptanalysis

Using an example message "meet at the fountain" encrypted with the keyword "KILT" :

plaintext: MEETATTHEFOUNTAIN (unknown) key: KILTMEETATTHEFOUN (unknown) ciphertext: WMPMMXXAEYHBRYOCA (known)

We try common words, bigrams, trigrams etc. in all possible positions in the key. For example, "THE":

ciphertext: WMP MMX XAE YHB RYO CA key: THE THE THE THE THE .. plaintext: DFL TFT ETA FAX YRK .. ciphertext: W MPM MXX AEY HBR YOC A key: . THE THE THE THE THE . plaintext: . TII TQT HXU OUN FHY . ciphertext: WM PMM XXA EYH BRY OCA key: .. THE THE THE THE THE plaintext: .. WFI EQW LRD IKU VVW

We sort the plaintext fragments in order of likelihood:

unlikely <------------------> promising EQW DFL TFT ... ... ... ... ETA OUN FAX

We know that a correct plaintext fragment will also appear in the key, shifted right by the length of the keyword. Similarly our guessed key fragment ("THE") will also appear in the plaintext shifted left. So by guessing keyword lengths (probably between 3 and 12) we can reveal more plaintext and key.

Trying this with "OUN" (possibly after wasting some time with the others):

shift by 4: ciphertext: WMPMMXXAEYHBRYOCA key: ......ETA.THE.OUN plaintext: ......THE.OUN.AIN by 5: ciphertext: WMPMMXXAEYHBRYOCA key: .....EQW..THE..OU plaintext: .....THE..OUN..OG by 6: ciphertext: WMPMMXXAEYHBRYOCA key: ....TQT...THE...O plaintext: ....THE...OUN...M

We see that a shift of 4 looks good (both of the others have unlikely Qs), so we shift the revealed "ETA" back by 4 into the plaintext:

ciphertext: WMPMMXXAEYHBRYOCA key: ..LTM.ETA.THE.OUN plaintext: ..ETA.THE.OUN.AIN

We have a lot to work with now. The keyword is probably 4 characters long ("..LT"), and we have some of the message:

M.ETA.THE.OUN.AIN

Because our plaintext guesses have an effect on the key 4 characters to the left, we get feedback on correct/incorrect guesses, so we can quickly fill in the gaps:

MEETATTHEFOUNTAIN

The ease of cryptanalysis is thanks to the feedback from the relationship between plaintext and key. A 3-character guess reveals 6 more characters, which then reveal further characters, creating a cascade effect, allowing us to rule out incorrect guesses quickly.