In the rail fence cipher, the plaintext is written downwards diagonally on successive "rails" of an imaginary fence, then moving up when the bottom rail is reached, down again when the top rail is reached, and so on until the whole plaintext is written out. The ciphertext is then read off in rows.

For example, to encrypt the message 'WE ARE DISCOVERED. RUN AT ONCE.' with 3 "rails", write the text as:

W . . . E . . . C . . . R . . . U . . . O . . . 
. E . R . D . S . O . E . E . R . N . T . N . E 
. . A . . . I . . . V . . . D . . . A . . . C . 

(Spaces and punctuation are omitted.) Then read off the text horizontally to get the ciphertext:

WECRUO ERDSOEERNTNE AIVDAC

Let ${\displaystyle N}$ be the number of rails used during encryption. Observe that as the plaintext is written, the sequence of each letter's vertical position on the rails varies up and down in a repeating cycle. In the above example (where ${\displaystyle N=3}$) the vertical position repeats with a period of 4. In general the sequence repeats with a period of ${\displaystyle 2(N-1)}$.

Let ${\displaystyle L}$ be the length of the string to be decrypted. Suppose for a moment that ${\displaystyle L}$ is a multiple of ${\displaystyle 2(N-1)}$ and let ${\displaystyle K={L \over {2(N-1)}}}$. One begins by splitting the ciphertext into strings such that the length of the first and last string is ${\displaystyle K}$ and the length of each intermediate string is ${\displaystyle 2K}$. For the above example with ${\displaystyle L=24}$, we have ${\displaystyle K=6}$, so we split the ciphertext as follows:

WECRUO ERDSOEERNTNE AIVDAC

Write each string on a separate line with spaces after each letter in the first and last line:

W   E   C   R   U   O
 E R D S O E E R N T N E
  A   I   V   D   A   C

Then one can read off the plaintext down the first column, diagonally up, down the next column, and so on.

If ${\displaystyle L}$ is not a multiple of ${\displaystyle 2(N-1)}$, the determination of how to split up the ciphertext is slightly more complicated than as described above, but the basic approach is the same. Alternatively, for simplicity in decrypting, one can pad the plaintext with extra letters to make its length a multiple of ${\displaystyle 2(N-1)}$.

If the ciphertext has not been padded, but you either know or are willing to brute-force the number of rails used, you can decrypt it using the following steps.

As above, let ${\displaystyle L}$ be the length of the string to be decrypted and let ${\displaystyle N}$ be the number of rails used during encryption. We will add two variables, ${\displaystyle x}$ and ${\displaystyle y}$, where ${\displaystyle x+1}$ = the number of diagonals in the decrypted Rail Fence, and ${\displaystyle y}$ = the number of empty spaces in the last diagonal.

${\displaystyle 1={\frac {L+y}{N+((N-1)*x)}}}$

Next solve for ${\displaystyle x}$ and ${\displaystyle y}$ algebraically, where both values are the smallest number possible. This is easily done by incrementing ${\displaystyle x}$ by 1 until the denominator is larger than ${\displaystyle L}$, and then simply solving for ${\displaystyle y}$. Consider the example cipher, modified to use 6 rails instead of 3.

W.........V.........O
.E.......O.E.......T.N
..A.....C...R.....A...C
...R...S.....E...N.....E
....E.I.......D.U.......
.....D.........R........

The resulting cipher text is:

WVO EOETN ACRAC RSENE EIDU DR

We know that ${\displaystyle L=24}$, and if we use ${\displaystyle N=6}$ we can solve the equation above.

${\displaystyle 1={\frac {24+y}{6+(5*x)}}}$

${\displaystyle 1={\frac {18+y}{5*x}}}$ Simplify the fraction.

${\displaystyle 1={\frac {18+y}{5*4}}}$ Solve for ${\displaystyle x}$

${\displaystyle 1={\frac {18+2}{20}}}$ Solve for ${\displaystyle y}$

We now have ${\displaystyle N=6}$, ${\displaystyle x=4}$, and ${\displaystyle y=2}$. Or, 6 rails, 5 diagonals (4+1), and 2 empty spaces at the end. By blocking out the empty spaces at the end of the last diagonal, we can simply fill in the Rail Fence line by line using the ciphertext.

_         _         _
 _       _ _       _ _
  _     _   _     _   _
   _   _     _   _     _
    _ _       _ _       X
     _         _         X

W         V         O
 E       O E       T N
  A     C   R     A   C
   _   _     _   _     _
    _ _       _ _       X
     _         _         X

The cipher's key is ${\displaystyle N}$, the number of rails. If ${\displaystyle N}$ is known, the ciphertext can be decrypted by using the above algorithm. Values of ${\displaystyle N}$ equal to or greater than ${\displaystyle L}$, the length of the ciphertext, are not usable, since then the ciphertext is the same as the plaintext. Therefore the number of usable keys is low, allowing the brute-force attack of trying all possible keys. As a result, the rail-fence cipher is considered weak.^{[citation needed]}

The term zigzag cipher may refer to the rail fence cipher as described above. However, it may also refer to a different type of cipher described by Fletcher Pratt in Secret and Urgent. It is "written by ruling a sheet of paper in vertical columns, with a letter at the head of each column. A dot is made for each letter of the message in the proper column, reading from top to bottom of the sheet. The letters at the head of the columns are then cut off, the ruling erased and the message of dots sent along to the recipient, who, knowing the width of the columns and the arrangement of the letters at the top, reconstitutes the diagram and reads what it has to say."^[1]

• Scytale