Logo

MonoCalc

/

Hill Cipher

Encode/Decode

Key Matrix (2×2)

✅ Valid Key

Determinant

9

det mod 26

9

det⁻¹ mod 26

3

K⁻¹ mod 26 (Inverse Key Matrix)

15
17
20
9

Ciphertext Output

HIAT

Alphabet Index Reference (A=0 … Z=25)

A
0
B
1
C
2
D
3
E
4
F
5
G
6
H
7
I
8
J
9
K
10
L
11
M
12
N
13
O
14
P
15
Q
16
R
17
S
18
T
19
U
20
V
21
W
22
X
23
Y
24
Z
25

About This Tool

🔐 Hill Cipher – Matrix-Based Cryptography

The Hill Cipher is a classical polygraphic substitution cipher invented by mathematician Lester S. Hill in 1929. Unlike simple letter-for-letter substitution ciphers, the Hill Cipher encrypts blocks of n letters simultaneously using linear algebra — making it one of the most mathematically elegant classical ciphers and a foundational example of applying matrix arithmetic to cryptography.

How the Hill Cipher Works

Encryption is performed in three steps. First, each letter in the plaintext is mapped to a number using the standard alphabet index: A=0, B=1, C=2, … Z=25. Second, the text is split into blocks of length n (where n is the matrix dimension). Third, each block is treated as a column vector and multiplied by the key matrix modulo 26:

C = K × P (mod 26)

Where K is the n×n key matrix, P is the plaintext vector, and C is the resulting ciphertext vector. Decryption reverses the process using the modular inverse of the key matrix:

P = K⁻¹ × C (mod 26)

Key Matrix and Validity

Not every matrix can be used as a Hill Cipher key. The matrix must be invertible modulo 26, which requires:

  • The determinant det(K) must be non-zero modulo 26.
  • gcd(det(K) mod 26, 26) = 1 — the determinant must be coprime with 26.

Since 26 = 2 × 13, a valid determinant must not be divisible by 2 or 13. The tool automatically validates your key matrix and displays a ✅ Valid or ❌ Invalid badge in real time.

Computing the Matrix Inverse (mod 26)

For a 2×2 matrix K = [[a,b],[c,d]]:

det(K) = ad − bc
det⁻¹ = modular_inverse(det mod 26, 26)
K⁻¹ = det⁻¹ × [[d, −b], [−c, a]] (mod 26)

For a 3×3 matrix, the tool computes the adjugate matrix (transpose of the cofactor matrix) and scales it by det⁻¹ mod 26. The modular inverse of the determinant is found using the extended Euclidean algorithm.

Step-by-Step Block Processing

Enable the Show Steps toggle to see a detailed breakdown of how each block is processed:

  1. Block splitting — input text is divided into n-grams; padding character (default X) is appended if needed.
  2. Vector conversion — each letter block is converted to a numeric column vector.
  3. Matrix multiplication — the vector is multiplied by the key matrix (or its inverse for decryption).
  4. Modular reduction — each element is reduced mod 26.
  5. Letter reconstruction — numeric values are mapped back to uppercase letters.

Practical Example

To encrypt ACT with the 3×3 key matrix [[6,24,1],[13,16,10],[20,17,15]]:

  • Convert: A=0, C=2, T=19
  • Multiply: K × [0,2,19]ᵀ mod 26
  • Result: [15,14,7]ᵀPOH

Alphabet Index Reference

The Hill Cipher uses the standard 26-letter mapping: A=0, B=1, C=2, D=3, E=4, F=5, G=6, H=7, I=8, J=9, K=10, L=11, M=12, N=13, O=14, P=15, Q=16, R=17, S=18, T=19, U=20, V=21, W=22, X=23, Y=24, Z=25. Only letters are processed — spaces and punctuation are either stripped or preserved depending on your settings.

Educational Use & Limitations

The Hill Cipher is not secure for protecting real data. It is vulnerable to known-plaintext attacks: an attacker who knows just n plaintext-ciphertext block pairs can recover the key matrix by solving a system of linear equations. For modern secure encryption, use AES-256 or other contemporary standards. The Hill Cipher remains invaluable for teaching linear algebra applications, modular arithmetic, and the foundations of modern cryptography.

Frequently Asked Questions

Is the Hill Cipher free?

Yes, Hill Cipher is totally free :)

Can I use the Hill Cipher offline?

Yes, you can install the webapp as PWA.

Is it safe to use Hill Cipher?

Yes, any data related to Hill Cipher only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

What is the Hill Cipher and how does it work?

The Hill Cipher is a polygraphic substitution cipher invented by mathematician Lester S. Hill in 1929. It encrypts blocks of n letters at a time by treating them as vectors and multiplying by an n×n key matrix modulo 26. For example, a 2×2 key matrix encrypts pairs of letters, while a 3×3 matrix encrypts triplets, making it significantly stronger than simple monoalphabetic ciphers.

Why must the key matrix be invertible mod 26?

Decryption requires computing the modular inverse of the key matrix. A matrix is invertible mod 26 only if its determinant is coprime with 26 — meaning gcd(det mod 26, 26) = 1. If the determinant shares a common factor with 26 (such as 2 or 13), no inverse exists and the cipher cannot decrypt. The tool automatically validates this condition and highlights invalid matrices.

What is the padding character and when is it needed?

The Hill Cipher encrypts text in blocks of n letters (n = matrix size). If your input length is not a multiple of n, the tool appends a padding character (default: X) to complete the final block. You can change the padding character to any single letter A–Z. The padding is shown in the step-by-step breakdown so you can see exactly which letters were added.

How is the modular inverse of the key matrix computed?

For a 2×2 matrix K = [[a,b],[c,d]], the inverse is: det⁻¹ × [[d,−b],[−c,a]] mod 26, where det⁻¹ is the modular multiplicative inverse of det(K) mod 26 (found using the extended Euclidean algorithm). For 3×3 matrices, the tool computes the adjugate (transpose of cofactors) and scales it by det⁻¹ mod 26.

Is the Hill Cipher secure for protecting real data?

No. The Hill Cipher is a classical cipher intended for educational use, academic exercises, and CTF challenges. It is vulnerable to known-plaintext attacks — an attacker with n plaintext-ciphertext pairs can solve for the key matrix using linear algebra. For real data protection, use modern algorithms like AES-256.

What matrix size should I choose: 2×2 or 3×3?

A 2×2 matrix encrypts letter pairs (digraphs) and is easier to understand for learning the cipher mechanics. A 3×3 matrix encrypts triplets (trigraphs) and is more resistant to frequency analysis. For classroom demonstrations of basic concepts, start with 2×2. For CTF challenges or stronger classical encryption, use 3×3.