Entrance Hall II: Classical Substitution Hill Cipher
Exhibit 06 of 37 1929 Broken

Hill Cipher

Linear algebra enters cryptography — and is immediately defeated

InventorLester S. Hill
Year1929
Key TypeInvertible key matrix (n×n)
Broken ByKnown plaintext attack (matrix algebra)
Modern LessonMatrix operations in AES MixColumns

Why This Matters

Lester Hill’s 1929 cipher was the first to use matrix multiplication as a cryptographic operation — bringing linear algebra into cryptography and influencing cipher design principles that persist in modern algorithms like AES’s MixColumns.

📜Historical Context

Lester Hill was a mathematics professor at Hunter College who applied linear algebra to cryptography in 1929. His cipher was the first to use matrix multiplication as a cryptographic operation — a genuinely innovative idea that would influence cipher design for decades.

Hill published his system in the American Mathematical Monthly and later built a machine to implement it. The cipher saw some mechanical use but was never widely adopted for serious communications — its known-plaintext vulnerability was recognized quickly.

⚙️How It Works

Convert letters to numbers (A=0, B=1…Z=25). Arrange plaintext in column vectors of length n. Multiply by an invertible n×n key matrix modulo 26.

Key matrix K (2×2):     Plaintext: HI = [7, 8]
| 6  24 |               
| 1  13 |   C = K × P mod 26
                        = [6×7+24×8, 1×7+13×8] mod 26
                        = [234, 111] mod 26
                        = [0, 7]
                        = AG
Key Matrix 6 24 1 13 × Plain 7 8 (H,I) = mod 26 234→0 111→7 A G Cipher
Hill cipher: plaintext vector multiplied by key matrix mod 26 — HI becomes AG

Decryption uses the matrix inverse: P = K⁻¹ × C mod 26. Not all matrices have inverses mod 26 — the key matrix must be chosen carefully.

💀How It Was Broken
Known Plaintext Attack
Complexity: Trivial (with known plaintext)

If an attacker knows just n plaintext-ciphertext pairs (where n is the matrix dimension), they can set up a system of linear equations and solve for the key matrix directly using linear algebra. For a 2×2 key, two known pairs are sufficient. This makes the Hill cipher catastrophically weak in any environment where the attacker can observe plaintext-ciphertext pairs.

🔬What It Teaches Modern Cryptography
Concept from Hill CipherModern Evolution
Matrix multiplication as cipher operationAES MixColumns: matrix multiplication over GF(2⁸) for diffusion
Multiple letters encrypted togetherBlock cipher: AES processes 128-bit (16-letter) blocks simultaneously
Linear structure = linear algebra attackAES non-linearity: S-boxes prevent linear algebraic attacks
Quick Facts
Exhibit06 of 37
Era1929
SecurityBroken
InventorLester S. Hill
Year1929
Key TypeInvertible key matrix (n×n)
Broken ByKnown plaintext attack (matrix algebra)

Related Exhibits

Exhibit 05 Playfair Cipher Same Hall Exhibit 15 Bifid Cipher Matrix Method Exhibit 27 Enigma Machine Mathematical
← Previous Playfair Cipher