Ciphertext-only attack on d*d Hill in O(d13d)

Hill is a classical cipher which is generally believed to be resistant against ciphertext-only attack. In this paper, by using a divideand-conquer technique, it is first shown that Hill with d× d key matrix over Z26 can be broken with computational complexity of O(d26), for the English language. This is much less than the only publicly known attack, i.e., the brute-force with complexity of O(d26 2 ). Then by using the Chinese Remainder Theorem, it is shown that the computational complexity of the proposed attack can be reduced to O(d13). Using an information-theoretic approach, supported by extensive simulation results, it is shown that the minimum ciphertext length required for a successful attack increases by a factor of about 7 and 9.8, respectively for these two attacks in comparison with the brute-force attack. This is the only serious attack on Hill since its invention in 1929.