How Frequency Analysis Cracks Cryptograms (The Method Al-Kindi Invented 1,200 Years Ago)
The technique that breaks substitution ciphers is over a thousand years old and still works perfectly. Here is exactly how to use it on your next cryptogram puzzle.
You are staring at a cryptogram. The encrypted quote looks like random letters. You have no idea where to start.
Here is the thing: those letters are not random at all. English is deeply predictable, and that predictability is your entire weapon.
Where This Technique Comes From
In the 9th century, the Arab mathematician Al-Kindi wrote a manuscript called Risalah fi Istikhraj al-Mu'amma (A Manuscript on Deciphering Cryptographic Messages). He observed that every language has a characteristic letter frequency. Count how often each letter appears in any long English text and you will always get roughly the same ranking. This single insight broke substitution ciphers permanently.
Edgar Allan Poe understood this too. In his 1843 story The Gold-Bug, his character Legrand solves a cipher by noting that the most frequent symbol must represent E. The story was so popular it introduced frequency analysis to a mass audience.
You are about to use the exact same method.
The Frequency Ladder
The most common letters in English, from most to least frequent, form a hierarchy. Linguists often remember this as ETAOIN SHRDLU, though the exact ranking shifts slightly depending on your text source.
| Rank | Letter | Approx. Frequency |
|---|---|---|
| 1 | E | 12.7% |
| 2 | T | 9.1% |
| 3 | A | 8.2% |
| 4 | O | 7.5% |
| 5 | I | 7.0% |
| 6 | N | 6.7% |
| 7 | S | 6.3% |
| 8 | H | 6.1% |
| 9 | R | 6.0% |
| 10 | D | 4.3% |
In a 60-letter cryptogram, the letter E alone will appear around seven or eight times on average. That makes the most frequent encrypted letter a strong candidate for E before you have done anything else.
The Three-Step Attack
Step 1: Count and Rank
Before guessing a single letter, count how many times each encrypted letter appears. Write the top five most frequent ones down. The most common encrypted letter is almost certainly E or T.
Do not guess yet. Just observe.
Step 2: Attack Single-Letter Words
Scan the cryptogram for one-letter words. In English, a standalone word can only be A or I. This is a near-certainty, not a guess. If you see isolated single characters, assign A or I and check whether longer words that contain the same encrypted letter make sense.
This one move often confirms two letters immediately.
Step 3: Hunt for THE
The word THE is the most common three-letter word in English by a large margin. Look for three-letter groups where:
- The first letter appears at medium frequency (T is common but not top-tier)
- The second letter is moderately frequent (H sits at rank 8)
- The third letter is the most frequent of all (E ranks first)
When you find a three-letter word matching this pattern, try assigning it to THE. If your substitution works consistently across the rest of the puzzle without producing obvious contradictions, you have just confirmed three letters at once.
Digraphs and Trigraphs: Going Deeper
Single letters are just the start. Common letter pairs (digraphs) in English include TH, HE, IN, ER, AN, and RE. Common trigraphs include THE, AND, THA, and ENT.
In practice, once you have T, H, and E confirmed, look at what comes before and after them. If you see THE appearing before another short word, that word is likely A or OF. Chains form fast.
A Worked Example
Say your cryptogram contains these encrypted letter counts (sorted by frequency):
K (9 times), Z (7), M (6), Q (5), R (4), V (3)...
Your moves:
- K is the most frequent. Assign K = E as your working hypothesis.
- Look for a single-letter word. You find isolated Z. Assign Z = A.
- Search for a three-letter word where K is the last letter. You find MQK. Try M = T, Q = H. This would make MQK = THE.
- Check everywhere M appears. Does T make sense in those positions? If yes, you have T, H, and E locked.
From four moves, you have four letters. Now every word containing those four letters is partially revealed, and partially revealed words are dramatically easier to guess than fully encrypted ones.
What Throws You Off
Short texts break the statistics. A 20-letter cryptogram does not have enough data for frequency analysis to work reliably. The technique is most powerful on quotes of 50 letters or longer.
Unusual quotes skew the distribution. A quote heavy in uncommon words may not follow standard English frequencies. If your frequency analysis keeps producing contradictions, your initial assumptions might be wrong. Reassign and try again without frustration. Every failed mapping is still useful information.
Trying to solve left to right. Cryptograms are not linear. Jump to wherever you have the most partial information. A word that is four-fifths revealed is far more solvable than a word that has zero confirmed letters.
The Satisfaction Factor
There is a reason frequency analysis has been used for over a thousand years. It works on any substitution cipher, every time, without fail. When you solve a cryptogram using this method, you are not getting lucky. You are doing exactly what professional cryptanalysts and code-breakers do, just at a smaller scale.
Al-Kindi cracked diplomatic codes with this. You can crack a puzzle quote in under ten minutes.
Practice the method now at the Cryptogram game on Wordic Games. The same logic that helps you here also applies to letter-guessing in Lexle, where E, T, A, and R are almost always worth testing first.
Keep playing
Apply what you learned in one of our free daily word games.