What is Transposition Cipher?#

A transposition cipher encrypts a message by rearranging the order of characters according to a fixed pattern or key, without changing the characters themselves.
Key properties:

• No substitution occurs
• Character frequency remains the same
• Decryption requires discovering the correct permutation

Encryption#

In this challenge, the permutation is applied per block of 3 characters. The plaintext is divided into blocks of 3 characters, and each block is scrambled according to a fixed pattern.

For example, if we have a block abc and the pattern is a specific permutation, the encrypted block might be cab or bac depending on the pattern used.

Decryption#

To decrypt, we need to:

1. Identify the correct permutation pattern used for scrambling
2. Reverse that pattern (apply the inverse permutation) to each block of 3 characters
3. Concatenate the decrypted blocks to recover the plaintext

The hint tells us the first word is three letters long, which is likely “The”. This gives us a known plaintext-ciphertext pair:

• Ciphertext: heT
• Plaintext: The

From this, we can determine the permutation pattern.

Step 1: Determine the permutation pattern#

The first block heT should decrypt to The. Let’s map the positions:

The plaintext is The, encrypted as heT. To encrypt:

• T (index 0) → position 2 (becomes T at the end)
• h (index 1) → position 0 (becomes h at the start)
• e (index 2) → position 1 (becomes e in middle)

So the encryption pattern is: [1, 2, 0] (take char at 1, then 2, then 0 of original)

To decrypt, we need the inverse permutation. If encryption uses pattern [1, 2, 0], decryption uses [2, 0, 1]:

• Encrypted position 0 → goes to plaintext position 2
• Encrypted position 1 → goes to plaintext position 0
• Encrypted position 2 → goes to plaintext position 1

Step 2: Implement the decryption#

Let’s verify with the first block heT:

• Apply pattern [2, 0, 1]:
  • [2]: heT[2] = T → position 0
  • [0]: heT[0] = h → position 1
  • [1]: heT[1] = e → position 2
  • Result: The ✓

Here’s a Python solution:

1
ciphertext = "heTfl g as iicpCTo{7F4NRP051N5_16_35P3X51N3_V091B0AE}2"
2

3
# inverse permutation of [1, 2, 0]
4
perm = [2, 0, 1]
5

6
plaintext = ""
7

8
for i in range(0, len(ciphertext), 3):
9
    block = ciphertext[i:i+3]
10
    if len(block) == 3:
11
        plaintext += ''.join(block[p] for p in perm)
12
    else:
13
        plaintext += block  # handle leftover chars if any
14

15
print(plaintext)

Step 3: Decrypt the entire message#

Running the decryption function on the ciphertext :

picoCTF{7R4N5P051N6_15_3XP3N51V3_109AB02E}

⚡ Raikiri

🎉 Flag pwned!

1
$ python solve.py
2
The flag is picoCTF{7R4N5P051N6_15_3XP3N51V3_109AB02E}

💡 TL;DR / Lesson Learned

1. Known plaintext attack: The hint that the first word is three letters (likely “The”) was crucial for determining the permutation pattern.
2. Block transposition with fixed pattern: Once we identified the pattern from one block, we could apply it consistently to all other blocks.
3. No character substitution: This confirms it’s purely a transposition, not a substitution cipher - all characters remain unchanged, just reordered within each 3-character block.
4. Inverse permutation: To decrypt, we need to apply the mathematical inverse of the encryption permutation to reverse the scrambling.